Ce diaporama a bien été signalé.
Le téléchargement de votre SlideShare est en cours. ×

Improving Application Security With Azure

11 août 2016
0 j’aime 914 vues
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité

Les vidéos YouTube ne sont plus prises en charge sur SlideShare

Regarder la vidéo sur YouTube

En savoir plus

SECRUE APPLICATION ARCHITECTURE IN AZURE
Intro: Your Presenter Tadd Axon Microsoft Services Practice Lead • MS Practice Lead • Background in IT Operations, system ...
Prochain SlideShare
Effective Management of Azure through Operations Management Suite (OMS) Webinar
Effective Management of Azure through Operations Management Suite (OMS) Webinar
Chargement dans…3
×

Consultez-les par la suite

What do you need to know to scale your business to China using Microsoft Azure
Asaf Nakash
Cloud Security Alliance's GRC Stack Overview
Valdez Ladd MBA, CISSP, CISA,
Best Practices in Cloud Security
Alert Logic
Cloud Security, Risk and Compliance on AWS
Karim Hopper
Cloud Camp: Infrastructure as a service advance workloads
Asaf Nakash
Azure Security Overview
Allen Brokken
Azure Penetration Testing
Cheah Eng Soon
Securing Applications in the Cloud
Security Innovation
1 sur 26 Publicité

Improving Application Security With Azure

11 août 2016
0 j’aime 914 vues

Télécharger pour lire hors ligne

Technologie

Application development and deployment in the traditional datacenter has been a challenge for many organizations primarily due to resource constraints. This has historically led to unfortunate compromises between functionality and security for business applications.

With public cloud providers, we have seen the limitations to technical capabilities fall away; the attainable to the Fortune 500 has become available to organizations of any size.

This yields some exciting new options for the development, deployment and operation of secure applications. Here you will find the presentation deck and recording of webinar.

Application development and deployment in the traditional datacenter has been a challenge for many organizations primarily due to resource constraints. This has historically led to unfortunate compromises between functionality and security for business applications.

With public cloud providers, we have seen the limitations to technical capabilities fall away; the attainable to the Fortune 500 has become available to organizations of any size.

This yields some exciting new options for the development, deployment and operation of secure applications. Here you will find the presentation deck and recording of webinar.

Technologie
Publicité

Suggestions

Effective Management of Azure through Operations Management Suite (OMS) Webinar
Softchoice Corporation
1.3k vues
39 diapositives
Azure security and Compliance
Karina Matos
389 vues
28 diapositives
Trust No-One Architecture For Services And Data
Aidan Finn
42 vues
33 diapositives
Tour to Azure Security Center
Lalit Rawat
120 vues
24 diapositives
Microsoft Azure Security Overview
Alert Logic
8.1k vues
22 diapositives
Azure Security Fundamentals
Lorenzo Barbieri
698 vues
12 diapositives
Azure security architecture
Karl Ots
2.1k vues
15 diapositives
Azure Operation Management Suite - security and compliance
Asaf Nakash
660 vues
25 diapositives
Publicité

Plus De Contenu Connexe

Diaporamas pour vous (20)

What do you need to know to scale your business to China using Microsoft Azure
Asaf Nakash
554 vues
Cloud Security Alliance's GRC Stack Overview
Valdez Ladd MBA, CISSP, CISA,
4.6k vues
Best Practices in Cloud Security
Alert Logic
533 vues
Cloud Security, Risk and Compliance on AWS
Karim Hopper
842 vues
Cloud Camp: Infrastructure as a service advance workloads
Asaf Nakash
611 vues
Azure Security Overview
Allen Brokken
1.4k vues
Azure Penetration Testing
Cheah Eng Soon
136 vues
Securing Applications in the Cloud
Security Innovation
195 vues
Azure security
Lalit Rawat
157 vues
CSF18 - Securing the Cloud - Karim El-Melhaoui
NCCOMMS
68 vues
Azure Security and Management
Allen Brokken
297 vues
Azure security basics
Stas Lebedenko
181 vues
Azure Security Center- Zero to Hero
Kasun Rajapakse
1.4k vues
1. aws security and compliance wwps pre-day sao paolo - markry
Amazon Web Services LATAM
739 vues
Getting Started with Azure Security Center
Cheah Eng Soon
980 vues
Azure vm introduction
Lalit Rawat
160 vues
Microsoft Azure Cloud Services
David J Rosenthal
29.1k vues
Azure 101: Shared responsibility in the Azure Cloud
Paulo Renato
476 vues
Security and governance in the cloud
Julian Knight
2k vues
Security Architecture Best Practices for SaaS Applications
Techcello
7.8k vues
What do you need to know to scale your business to China using Microsoft Azure
Asaf Nakash
554 vues
15 diapositives
Cloud Security Alliance's GRC Stack Overview
Valdez Ladd MBA, CISSP, CISA,
4.6k vues
34 diapositives
Best Practices in Cloud Security
Alert Logic
533 vues
23 diapositives
Cloud Security, Risk and Compliance on AWS
Karim Hopper
842 vues
29 diapositives
Cloud Camp: Infrastructure as a service advance workloads
Asaf Nakash
611 vues
71 diapositives
Azure Security Overview
Allen Brokken
1.4k vues
44 diapositives

Les utilisateurs ont également aimé (20)

Internet Sites in Microsoft Azure Logical Architecture
David J Rosenthal
846 vues
Lotus Notes Transition To Office 365
Thuan Ng
939 vues
SharePoint Hosted Add-in with AngularJS and Bootstrap
Roy Kim
3.1k vues
Cloud Native Key Management
VMware Tanzu
586 vues
Azure key vault
Rahul Nath
1.8k vues
Microsoft Cloud Services Presentation
kamutef
4.6k vues
Azure architecture
Amal Dev
4.3k vues
Securing sensitive data with Azure Key Vault
Tom Kerkhove
3.4k vues
Windows Azure and the Hybrid Cloud
Windows Azure
1.1k vues
Building Big data solutions in Azure
Mostafa Elzoghbi
914 vues
Big data on Azure for Architects
Tomasz Kopacz
788 vues
Windows Azure Security & Compliance
Nuno Godinho
5.4k vues
Architecting azure IaaS Solutions
swapnilrkambli
1.4k vues
Microsoft Cloud Services Architecture
David Chou
20.7k vues
ExpertsLive Asia Pacific 2017 - Planning and Deploying SharePoint Server 2016...
Thuan Ng
1.1k vues
Windows Azure Security Features And Functionality
vivekbhat
3k vues
Microsoft Azure Hybrid Cloud - Getting Started For Techies
Aidan Finn
13.5k vues
Azure Stack - Azure in your own Data Center
Adnan Hashmi
2.1k vues
Optimize your azure architecture
Asaf Nakash
835 vues
MS Cloud Summit Paris 2017 - Azure Stack
Benoît SAUTIERE
966 vues
Internet Sites in Microsoft Azure Logical Architecture
David J Rosenthal
846 vues
1 diapositive
Lotus Notes Transition To Office 365
Thuan Ng
939 vues
32 diapositives
SharePoint Hosted Add-in with AngularJS and Bootstrap
Roy Kim
3.1k vues
21 diapositives
Cloud Native Key Management
VMware Tanzu
586 vues
35 diapositives
Azure key vault
Rahul Nath
1.8k vues
18 diapositives
Microsoft Cloud Services Presentation
kamutef
4.6k vues
22 diapositives
Publicité

Similaire à Improving Application Security With Azure (20)

CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
Karl Ots
280 vues
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
Amazon Web Services
1.1k vues
Winning Governance Strategies for the Technology Disruptions of our Time
CloudHesive
152 vues
Cloud computing and Cloud security fundamentals
Viresh Suri
9.2k vues
Shared Security Responsibility for the Azure Cloud
Alert Logic
2.7k vues
Security architecture best practices for saas applications
kanimozhin
615 vues
Past, Present and Future of DevOps Infrastructure
Synergetics Learning and Cloud Consulting
429 vues
Compliance In The Cloud Using Security By Design
Amazon Web Services
738 vues
Power of the cloud - Introduction to azure security
Bruno Capuano
489 vues
Integrated Security & Operations for Scaling Securely in AWS
Amazon Web Services
703 vues
NIST Cybersecurity Framework (CSF) on the Public Cloud
CloudHesive
156 vues
Building a Secure and Compliant Azure Virtual Data Center
Patrick Sklodowski
209 vues
CSC AWS re:Invent Enterprise DevOps session
Tom Laszewski
2k vues
AWS Webcast - Understanding the AWS Security Model
Amazon Web Services
8.6k vues
Techcello hp-arch workshop
kanimozhin
346 vues
Building multi tenant highly secured applications on .net for any cloud - dem...
kanimozhin
313 vues
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24
354 vues
Operationalizing Machine Learning at Scale at Starbucks
Databricks
772 vues
Why You Are Secure in the AWS Cloud
Amazon Web Services
1.1k vues
Security in the cloud Workshop HSTC 2014
Akash Mahajan
1.5k vues
CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
Karl Ots
280 vues
28 diapositives
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
Amazon Web Services
1.1k vues
41 diapositives
Winning Governance Strategies for the Technology Disruptions of our Time
CloudHesive
152 vues
28 diapositives
Cloud computing and Cloud security fundamentals
Viresh Suri
9.2k vues
40 diapositives
Shared Security Responsibility for the Azure Cloud
Alert Logic
2.7k vues
24 diapositives
Security architecture best practices for saas applications
kanimozhin
615 vues
30 diapositives

Plus par Softchoice Corporation (20)

Benchmarking IT Agility Final Report
Softchoice Corporation
3.7k vues
Leveraging Office 365 Through Modern Licensing
Softchoice Corporation
201 vues
Leveraging Azure Through Modern Licensing
Softchoice Corporation
190 vues
The Softchoice Innovation Report 2018: Four New Roles For CIOS In The Modern ...
Softchoice Corporation
220 vues
Webinar: Azure backup and disaster recovery
Softchoice Corporation
1.1k vues
Etude Softchoice: la collaboration en action
Softchoice Corporation
259 vues
Collaboration Unleashed: Softchoice Research Study 2017
Softchoice Corporation
2.1k vues
Webinar | Cloud PBX and Skype
Softchoice Corporation
1.2k vues
Softchoice & Microsoft: Public Cloud Security Webinar
Softchoice Corporation
1.1k vues
Unleashing the Power of Office 365
Softchoice Corporation
1.1k vues
Azure cloud governance deck
Softchoice Corporation
3k vues
Étude Softchoice. Favoriser l’innovation : les actes en disent plus long que ...
Softchoice Corporation
272 vues
Softchoice Webinar: Virtual Whiteboard Session on Hybrid Cloud
Softchoice Corporation
368 vues
Enabling Innovation: A 2017 Softchoice Research Study
Softchoice Corporation
2k vues
Getting secure in a mobile-first world with EMS
Softchoice Corporation
741 vues
Softchoice - Microsoft Office 365 - Discussing legal concerns and informatio...
Softchoice Corporation
2.2k vues
Softchoice | Encore des imprudences dans le nuage
Softchoice Corporation
379 vues
Softchoice Discovery Series: Cloud Cost Governance
Softchoice Corporation
1.7k vues
Still Careless Users In The Cloud - Research Study
Softchoice Corporation
2.8k vues
THE ECONOMICS OF AZURE MANAGEMENT
Softchoice Corporation
1k vues
Benchmarking IT Agility Final Report
Softchoice Corporation
3.7k vues
12 diapositives
Leveraging Office 365 Through Modern Licensing
Softchoice Corporation
201 vues
17 diapositives
Leveraging Azure Through Modern Licensing
Softchoice Corporation
190 vues
25 diapositives
The Softchoice Innovation Report 2018: Four New Roles For CIOS In The Modern ...
Softchoice Corporation
220 vues
15 diapositives
Webinar: Azure backup and disaster recovery
Softchoice Corporation
1.1k vues
89 diapositives
Etude Softchoice: la collaboration en action
Softchoice Corporation
259 vues
23 diapositives
Publicité

Plus récents (20)

Llama-index
Denis973830
0 vues
CISSP (Updated)_Certificate of Achievement.pdf
SorinArseneOnu
0 vues
Salesforce Marketing Cloud PDF.pdf
Ashapura Softech INC
3 vues
GAIB Philippines - Tailoring OpenAI’s GPT-3 to suit your specific needs.pptx
Luis775803
4 vues
Virtual Azure Community Day - Workloads de búsqueda full-text Azure Search.pptx
Luis775803
2 vues
intro to git github.pdf
DikshantSharma63
0 vues
How to get things done - Lessons from Yahoo, Google, Netflix and Meta
Ido Green
0 vues
GAIB Germany - Tailoring OpenAI’s GPT-3 to suit your specific needs.pptx
Luis775803
2 vues
Google Sites and Digital Portfolios.pptx
Aj Kritsada Sriphaew
1 vue
NAJ2257 SID.pptx
HakeemUllah7
2 vues
jai krishna.ppt.pptx
RUPALIAGARWAL14
0 vues
Oracle Integration Cloud – Pragmatic approach to integrations
Jade Global
3 vues
Lec10.pptx
AbrahamTadesse11
0 vues
"Flagging your features — a DevOps approach to continuous release", Alex Thissen
Fwdays
0 vues
Towards Responsible AI - Global AI Student Conference 2022.pptx
Luis775803
4 vues
Adiwijaya for SNTIKI UIN SUSKA 26 Oktober 2022 .pdf
ELSAHARMANIOLASISTEM
0 vues
GAIB Latam - Tailoring OpenAI’s GPT-3 to suit your specific needs.pptx
Luis775803
2 vues
Dare To Be Presentation
shaimaa934851
0 vues
Enterprise Cyber Security Fundamentals_Certificate of Achievement.pdf
SorinArseneOnu
0 vues
Commitments and Chaos
Anna Marie Clifton
0 vues
Llama-index
Denis973830
0 vues
14 diapositives
CISSP (Updated)_Certificate of Achievement.pdf
SorinArseneOnu
0 vues
1 diapositive
Salesforce Marketing Cloud PDF.pdf
Ashapura Softech INC
3 vues
1 diapositive
GAIB Philippines - Tailoring OpenAI’s GPT-3 to suit your specific needs.pptx
Luis775803
4 vues
44 diapositives
Virtual Azure Community Day - Workloads de búsqueda full-text Azure Search.pptx
Luis775803
2 vues
34 diapositives
intro to git github.pdf
DikshantSharma63
0 vues
8 diapositives

Improving Application Security With Azure

  1. 1. SECRUE APPLICATION ARCHITECTURE IN AZURE
  2. 2. Intro: Your Presenter Tadd Axon Microsoft Services Practice Lead • MS Practice Lead • Background in IT Operations, system architecture, • Information security, security & compliance audit
  3. 3. Agenda • Public cloud has changed the (development) world • Tools to support secure application architecture • Cloud Provider Capabilities to support security • Technologies to accelerate secure application development • The Learning Curve • Demo • Q&A – Post an IM anytime
  4. 4. Impact of Public Cloud • Tools, capabilities, and technologies once only available to large enterprise are now accessible and affordable • The burden of maintaining the supporting infrastructure for these is greatly reduced • Responsibility for delivery of security is split o Cloud provider has contractual obligation to provide secure foundation and it serves their best interest to do so, and provide transparency o Cloud provider shoulders the burden for attracting and retaining security talent o Cloud consumer focusses on the security of the application versus application and entire supporting infrastructure
  5. 5. Supporting Tools for Secure Applications TOOL CAPABILITY Azure Security Center Alerts, Analysis, Recommendations Azure AD Identity Protection Alerts, Analysis, Guidance, Policy and Enforcement Application Insights Performance metrics, code level issues Operations Management Suite Log analytics, assessment, recommended actions
  6. 6. Azure Security Center 270%
  7. 7. Azure Identity Protection
  8. 8. Azure Application Insights
  9. 9. Azure Operations Management Suite
  10. 10. Q&A
  11. 11. Supporting Capabilities for Secure Applications CAPABILITY BENEFITS AZURE RESOURCE MANAGER • Template based deployment • Manage application infrastructure as source code • Idempotency • Resource Policy • Resource Locks AZURE STORAGE ENCRYPTION • Encryption for Data at Rest • Client side libraries for encryption in transit
  12. 12. Supporting Technologies for Secure Applications • API Management o Publish APIs rapidly, even from “legacy” services o Secure access and protect from overuse • Azure KeyVault o HSM based storage for secrets (passwords, cryptographic keys) o Auditable • Azure SQL o Azure AD integration for role based access control at the DB level o Least-privilege design for access to DB services • Virtual Machine Scale Sets o Idempotent deployment at scale o Disposable, ephemeral worker nodes
  13. 13. Q&A
  14. 14. DEMO
  15. 15. The Learning Curve • The learning curve for this can appear steep • There are a multitude of resources o Sample code and templates to provision resources o Architecture Guidance o Development Guidance o Strong community of MS Partners
  16. 16. Q&A

Notes de l'éditeur

  • Demo – deployment of VM with encrypted storage and all supporting infrastructure
  • Democratization of capability
    Tremendous reduction in the in house skills required to manage and provision – in most cases, the capabilities, tools and technologies are just there to use…
  • NB – OMS webinar September 8 and 9
  • Azure Resource Manager enables you to work with the resources in your solution as a group.
    You can deploy, update or delete all of the resources for your solution in a single, coordinated operation. You use a template for deployment and that template can work for different environments such as testing, staging and production.
    Resource Manager provides security, auditing, and tagging features to help you manage your resources after deployment.

    Resource Manager provides several benefits:
    You can deploy, manage, and monitor all of the resources for your solution as a group, rather than handling these resources individually.
    You can repeatedly deploy your solution throughout the development lifecycle and have confidence your resources are deployed in a consistent state.
    You can manage your infrastructure through declarative templates rather than scripts.
    You can define the dependencies between resources so they are deployed in the correct order.
    You can apply access control to all services in your resource group because Role-Based Access Control (RBAC) is natively integrated into the management platform.
    You can apply tags to resources to logically organize all of the resources in your subscription.
    You can clarify billing for your organization by viewing the rolled-up costs for the entire group or for a group of resources sharing the same tag.

    Resource Policy
    Azure Resource Manager now allows you to control access through custom policies.
    With policies, you can prevent users in your organization from breaking conventions that are needed to manage your organization's resources.

    You create policy definitions that describe the actions or resources that are specifically denied.
    You assign those policy definitions at the desired scope, such as the subscription, resource group, or an individual resource.

    Policies and RBAC work together. To be able to use policy, the user must be authenticated through RBAC. Unlike RBAC, policy is a default allow and explicit deny system.
    RBAC focuses on the actions a user can perform at different scopes. For example, a particular user is added to the contributor role for a resource group at the desired scope, so the user can make changes to that resource group.
    Policy focuses on resource actions at various scopes. For example, through policies, you can control the types of resources that can be provisioned or restrict the locations in which the resources can be provisioned.

    Resource Locks
    As an administrator, you may need to lock a subscription, resource group or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly.
    CanNotDelete means authorized users can still read and modify a resource, but they can't delete it.
    ReadOnly means authorized users can read from a resource, but they can't delete it or perform any actions on it. The permission on the resource is restricted to the Reader role. Applying ReadOnly can lead to unexpected results because some operations that seem like read operations actually require additional actions. For example, placing a ReadOnly lock on a storage account will prevent all users from listing the keys. The list keys operation is handled through a POST request because the returned keys are available for write operations. For another example, placing a ReadOnly lock on an App Service resource will prevent Visual Studio Server Explorer from being able to display files for the resource because that interaction requires write access.
    Unlike role-based access control, you use management locks to apply a restriction across all users and roles.

    Storage Service Encryption
    A new feature of Azure Storage that will encrypt data when it is written to your Azure Storage supporting block blobs, page blobs and append blobs. This feature can be enabled for new storage accounts using the Azure Resource Manager deployment model and is available for all redundancy levels (LRS, ZRS, GRS, RA-GRS). Storage Service Encryption is available for both Standard and Premium Storage, handling encryption, decryption, and key management in a totally transparent fashion. All data is encrypted using 256-bit AES encryption, one of the strongest block ciphers available. 

    Azure Disk Encryption
    A new capability that lets you encrypt your Windows and Linux IaaS virtual machine disks. Azure Disk Encryption leverages the industry standard BitLocker feature of Windows and the DM-Crypt feature of Linux to provide volume encryption for the OS and the data disks. The solution is integrated with Azure Key Vault to help you control and manage the disk encryption keys and secrets in your key vault subscription, while ensuring that all data in the virtual machine disks are encrypted at rest in your Azure storage. (in this case, Key Vault stands in for a hardware based TPM
  • So… why do we care about these?

    The ability to rapidly publish and secure APIs enables microservice architecture – applications composed of many small, simpler, single purpose components
    This reduces overall complexity of code, and allows very strong controls to be put into place for communications between application components. This also reduces the scope and impact of maintenance and changes
    Compare this to monolithic application design, that lacks this ability to segregate communication and process, and where maintenance or changes to a particular functional component mean maintenance on the entire application infrastructure.

    With Azure Key Vault, you can encrypt keys and small secrets like passwords using keys stored in hardware security modules (HSMs). For added assurance, you can import or generate keys in HSMs. If you choose to do this, Microsoft will process your keys in FIPS 140-2 Level 2 validated HSMs (hardware and firmware). Key Vault is designed so that Microsoft does not see or extract your keys. Monitor and audit key use with Azure logging—pipe logs into Azure HDInsight or your SIEM for additional analysis and threat detection.
    Effectively, application administrators never need to know the credentials used for back end accounts or system to system communications – removing the risk of accidental leakage or intentional malfeasance

    Azure SQL is in the early stages of supporting Active Directory security principals for access to databases – this greatly simplifies access control and access management by reusing existing roles and individual identities rather than having to recreate/duplicate them at the DB level or making satisficing choices (i.e. single DB account granted wide permissions to the DB rather than role/user specific level of access)

    Virtual Machine Scale Sets
    Deploy (and scale based on demand) multiple virtual machines with an identical configuration
    Update the underlying model and quietly push updates to running instances
    Manage individual instances, including decommissioning malfunctioning or compromised instances (and then patch the model and other running instances) without impairing the performance of the application
  • TADD
    Accountability for the costs 
    Identify the business owner 
    Accountability for provisioning and deprovisioning of resources 
    Process controls 
    Request -> Approval -> Deployment 
    Auditability 
    Identify additional considerations 
    Sensitivity of data 
    Regulatory obligations 

×