SlideShare a Scribd company logo

How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?

Download as PPTX, PDF
Lorenzo Barbieri
Lorenzo Barbieri

Security can be applied at various levels. We’ll see the adventure of two friends building a web solution, but one of them is trying to sabotage from the inside. We’ll see if the loyal friend will succeed in protecting all the work, and how the solution should evolve to be more secure!

Technology
1 of 25
#azuresatpn How do you protect a hybrid Paas-iaas solution, built entirely in the cloud? lorenzo.barbieri@microsoft.com @_geniodelmale
EVERYTHING STARTS WITH A “GOOD” ARCHITECTURE Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize RG for - Dev-Test - Production
1ST STRIKE The case of disappearing resourcesAttack one! Destro y ‘em all! Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize RG for - Dev-Test - Production
MITIGATION Infrastructure as Code: • Script & Backup everything • ARM & Azure Policy PaaS safeguards: o Azure Web App Undelete o SQL Point in time Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize RG for - Dev-Test - Production
REMEDIATION Subscription role protection o RBAC Azure AD could be protected with MFA Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize RG for - Dev-Test - Production
2ND STRIKE The case of unexpected load Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize Attack two…o…o… oooo! $$$ $RG for - Dev-Test - Production
MITIGATION o Alert rules and monitoring o web.config based IP restriction o Functions in App Service Plan o App Service Diagnostics Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize +web.config RG for - Dev-Test - Production
REMEDIATION o Web App Firewall/Azure Firewall/Application Gateway/3rd party o API Management o Azure DDOS Protections for VNET Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize +web.config RG for - Dev-Test - Production
APP SERVICE DIAGNOSTICS • An interactive and intelligent experience for self-troubleshooting your app issues • What does that actually mean? • 🔒Diagnose and troubleshoot your app issues and learn about best practices • 🎨Use Genie to guide you through each problem category tile • 📈 Intelligent search capabilities • 🌏Straight out-of-the box, no extra configuration necessary
3RD STRIKE The case of data and storage loss Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Attack three! I know your secrets! Photo resize +web.config RG for - Dev-Test - Production
MITIGATION o Key rotation o Least user privilege (DB) o Alert Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize +web.config RG for - Dev-Test - Production
REMEDIATION o SQL DB Firewall o VNET Storage Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Photo resize +web.config o Handle Disconnect RG for - Dev-Test - Production
4TH STRIKE The case of being Gitted Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Fourth Attack! Keys from the octocat! Photo resize +web.config RG for - Dev-Test - Production
REMEDIATION o Move all the keys to a secure path o Use Team Build to set them before deployment o Azure Key Vault o Managed Service Identity Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Photo resize +web.config ? RG for - Dev-Test - Production
>_ SSH 5TH STRIKE The case of remote connections Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Remote Attack! Photo resize +web.config >_ SSH RG for - Dev-Test - Production
MITIGATION o Patching and security policies o Azure Security Center Not only for VMs, could check networks, App Services, Blob Storage, SQL, etc… Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Photo resize +web.config >_ SSH RG for - Dev-Test - Production
REMEDIATION o Network Security Groups Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Photo resize +web.config >_ SSH RG for - Dev-Test - Production
A BETTER ARCHITECTURE Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Photo resize +web.config RG for - Dev-Test - Production
RECAP – THE 7 GOLDEN RULES • Script everything • Backup everything • Least user privilege • Trust no one • Monitor everything • Assume cloud failure • Protect your secrets
TAKE A LOOK AT AZURE SECURITY CENTER
Export to Excel and Power BI SECURITY CENTER ARCHITECTURE IP Geotagging, … Netflow, SQL DB and Storage Logs, … Windows Events, Syslog, CEF, Configurations Threat Detections, Prescriptive Recommendations Security Dashboards Deliver Rapid Insights into Security State Across All Workloads Actionable Security Recommendations Investigation Tools and Log Search Curated, Prioritized Security Alerts Security Dashboards Deliver Rapid Insights into Security State Across All Workloads REST APIs NotificationsAutomation
AZURE SECURITY CENTER FEATURES  Server EDR with WDATP  Linux threat detection  Organization wide security policies & management groups  Programmatic automation:  Powershell cmdlets  REST APIs  JIT VM Access  Dynamic rule priorities  Adaptive application controls (Windows)  Alerts  Support for “groups for review”  File integrity monitoring  Process investigator- detection of fileless attacks  Azure App services threat detection  Azure Gov  Alerts map GA  Limited public preview:  Adaptive network hardening  PCI/CIS/ISO/SOC compliance reports  Public preview:  Network map  Secure score IAAS/PAAS  Docker containers on Linux servers  UEBA for Azure resources and identities with MCAS  Threat detection for Azure blob storage  Threat detection for Azure PostGresSQL  Threat detection for Azure MySQL Preview
RESOURCES • “Parts Unlimited” sample site with telemetry and fault injection: – https://microsoft.github.io/PartsUnlimited/ • The “bible of Chaos Engineering”: http://principlesofchaos.org/ • Only for the “Brave”, Netflix Chaos Monkey integrated with Spinnaker: https://github.com/Netflix/chaosmonkey • Cloud Bedlam: https://github.com/GitTorre/CloudBedlamLinux/tree/dotnet-core
Security BRK2395 Wed 9AM Azure Security fundamentals: Protecting infrastructure, apps, and data in the cloud BRK2038 Wed 2:15PM Simplify protection of cloud resources with Azure Security Center BRK2368 Tues 9AM Practical guide for using Azure Security Center to protect hybrid cloud environment (workshop: WRK2010 Tues 10:45AM) BRK3059 Thurs 3:15PM Manage keys, secrets, and certificates for secure apps and data with Azure Key Vault Monitoring BRK2270 Tues 4PM Full stack monitoring across application, infrastructure and network with Azure Monitor (workshop: WRK2012 Wed 9AM) BRK3354 Thurs 10:15AM Monitor your infrastructure and analyze operational logs at scale with Azure Monitory BRK3349 Tues 11:30AM Everything about Azure Monitor telemetry and building integration with ITSM and SIEM tools Resiliency BRK3060 Mon 4PM Backup your data with Azure Backup (workshop: WRK2011 Wed 12:30PM) BRK3078 Wed 11:30AM Ensure application availability with cloud- based disaster recovery, Azure Site Recovery BRK3064 Thurs 2:15PM Implement Cloud Backup and Disaster Recovery at Scale in Azure Automate BRK3063 Fri 12:30PM Azure Update, Inventory, and Automation for Linux and Windows VM management BRK3069 Wed 4PM What's new in PowerShell Governance BRK3062 Tues 2:15PM Architecting Security and Governance Across your Azure Subscriptions BRK3085 Thurs 4PM Deep dive into Implementing governance at scale through Azure Policy BRK2476 Thurs 9AM Make the most of Azure by optimizing your cloud spend through Azure Cost Management and Reserved Instances NEW Security & management hands on labs (to be updated CY18 Q4) Learn more about Azure Governance Learn more about Azure Security Learn more about Azure Monitor Learn more about Azure resiliency Learn more about Azure Automation Hands on experience AZURE SECURITY & MANAGEMENT@IGNITE
#azuresatpn Thank you very much! Feedbacks are important! Tweet: @_geniodelmale #azuresatpn or send me an email  lorenzo.barbieri@microsoft.com @_geniodelmale

Recommended

Microsoft Build2021で登場したハイブリッドクラウド関連情報をまとめてお届け!
Microsoft Build2021で登場したハイブリッドクラウド関連情報をまとめてお届け!Microsoft Build2021で登場したハイブリッドクラウド関連情報をまとめてお届け!
Microsoft Build2021で登場したハイブリッドクラウド関連情報をまとめてお届け!Masahiko Ebisuda
 
Winning in the Dark: Defending Serverless Infrastructure
Winning in the Dark: Defending Serverless InfrastructureWinning in the Dark: Defending Serverless Infrastructure
Winning in the Dark: Defending Serverless InfrastructurePuma Security, LLC
 
Cloud Security: Attacking The Metadata Service
Cloud Security: Attacking The Metadata ServiceCloud Security: Attacking The Metadata Service
Cloud Security: Attacking The Metadata ServicePuma Security, LLC
 
Weaponizing Your DevOps Pipeline
Weaponizing Your DevOps PipelineWeaponizing Your DevOps Pipeline
Weaponizing Your DevOps PipelinePuma Security, LLC
 
Lessons Learned Deploying Modern Cloud Systems in Highly Regulated Environments
Lessons Learned Deploying Modern Cloud Systems in Highly Regulated EnvironmentsLessons Learned Deploying Modern Cloud Systems in Highly Regulated Environments
Lessons Learned Deploying Modern Cloud Systems in Highly Regulated EnvironmentsPuma Security, LLC
 
Análisis de riesgos en Azure y protección de la información
Análisis de riesgos en Azure y protección de la informaciónAnálisis de riesgos en Azure y protección de la información
Análisis de riesgos en Azure y protección de la informaciónPlain Concepts
 
TDC 2016 - Arquitetura Java - Spring Cloud
TDC 2016 - Arquitetura Java - Spring CloudTDC 2016 - Arquitetura Java - Spring Cloud
TDC 2016 - Arquitetura Java - Spring CloudClaudio Eduardo de Oliveira
 
DevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit TestsDevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit TestsPuma Security, LLC
 

Recommended

Microsoft Build2021で登場したハイブリッドクラウド関連情報をまとめてお届け!
Microsoft Build2021で登場したハイブリッドクラウド関連情報をまとめてお届け!Microsoft Build2021で登場したハイブリッドクラウド関連情報をまとめてお届け!
Microsoft Build2021で登場したハイブリッドクラウド関連情報をまとめてお届け!Masahiko Ebisuda
 
Winning in the Dark: Defending Serverless Infrastructure
Winning in the Dark: Defending Serverless InfrastructureWinning in the Dark: Defending Serverless Infrastructure
Winning in the Dark: Defending Serverless InfrastructurePuma Security, LLC
 
Cloud Security: Attacking The Metadata Service
Cloud Security: Attacking The Metadata ServiceCloud Security: Attacking The Metadata Service
Cloud Security: Attacking The Metadata ServicePuma Security, LLC
 
Weaponizing Your DevOps Pipeline
Weaponizing Your DevOps PipelineWeaponizing Your DevOps Pipeline
Weaponizing Your DevOps PipelinePuma Security, LLC
 
Lessons Learned Deploying Modern Cloud Systems in Highly Regulated Environments
Lessons Learned Deploying Modern Cloud Systems in Highly Regulated EnvironmentsLessons Learned Deploying Modern Cloud Systems in Highly Regulated Environments
Lessons Learned Deploying Modern Cloud Systems in Highly Regulated EnvironmentsPuma Security, LLC
 
Análisis de riesgos en Azure y protección de la información
Análisis de riesgos en Azure y protección de la informaciónAnálisis de riesgos en Azure y protección de la información
Análisis de riesgos en Azure y protección de la informaciónPlain Concepts
 
TDC 2016 - Arquitetura Java - Spring Cloud
TDC 2016 - Arquitetura Java - Spring CloudTDC 2016 - Arquitetura Java - Spring Cloud
TDC 2016 - Arquitetura Java - Spring CloudClaudio Eduardo de Oliveira
 
DevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit TestsDevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit TestsPuma Security, LLC
 
Cloud Security: Attacking The Metadata Service v2
Cloud Security: Attacking The Metadata Service v2Cloud Security: Attacking The Metadata Service v2
Cloud Security: Attacking The Metadata Service v2Puma Security, LLC
 
インフラ野郎 Azureチーム 博多夏祭り
インフラ野郎 Azureチーム 博多夏祭りインフラ野郎 Azureチーム 博多夏祭り
インフラ野郎 Azureチーム 博多夏祭りToru Makabe
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiGirish Kalamati
 
Acelera la integración de tu infraestructura con Azure
Acelera la integración de tu infraestructura con AzureAcelera la integración de tu infraestructura con Azure
Acelera la integración de tu infraestructura con AzurePlain Concepts
 
(おそらく)日本最速!_Microsoft Ignite 2019からのHybrid_Edge関連最新トピック紹介
(おそらく)日本最速!_Microsoft Ignite 2019からのHybrid_Edge関連最新トピック紹介(おそらく)日本最速!_Microsoft Ignite 2019からのHybrid_Edge関連最新トピック紹介
(おそらく)日本最速!_Microsoft Ignite 2019からのHybrid_Edge関連最新トピック紹介Masahiko Ebisuda
 
TDC2016SP - Construindo Microserviços usando Spring Cloud
TDC2016SP - Construindo Microserviços usando Spring CloudTDC2016SP - Construindo Microserviços usando Spring Cloud
TDC2016SP - Construindo Microserviços usando Spring Cloudtdc-globalcode
 
Protección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
Protección y acceso a tu información y aplicaciones en Azure y O365 – BarracudaProtección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
Protección y acceso a tu información y aplicaciones en Azure y O365 – BarracudaPlain Concepts
 
Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Jean-François LOMBARDO
 
Introducing Azure Bastion
Introducing Azure BastionIntroducing Azure Bastion
Introducing Azure BastionAmmar Hasayen
 
Global Windows Azure Bootcamp - San Diego
Global Windows Azure Bootcamp - San DiegoGlobal Windows Azure Bootcamp - San Diego
Global Windows Azure Bootcamp - San DiegoMichele Leroux Bustamante
 
Surviving the Azure Avalanche
Surviving the Azure AvalancheSurviving the Azure Avalanche
Surviving the Azure AvalancheMichele Leroux Bustamante
 
Windows Azure Essentials
Windows Azure EssentialsWindows Azure Essentials
Windows Azure EssentialsMichele Leroux Bustamante
 
Microsoft Azure News - Mar 2021
Microsoft Azure News - Mar 2021Microsoft Azure News - Mar 2021
Microsoft Azure News - Mar 2021Daniel Toomey
 
Spring Security 5.5 From Taxi to Takeoff
Spring Security 5.5 From Taxi to TakeoffSpring Security 5.5 From Taxi to Takeoff
Spring Security 5.5 From Taxi to TakeoffVMware Tanzu
 
EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020Peter Selch Dahl
 
Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185jtaylor707
 
Building Event-Driven Integration Architectures with Azure Event Grid (GIB2019)
Building Event-Driven Integration Architectures with Azure Event Grid (GIB2019)Building Event-Driven Integration Architectures with Azure Event Grid (GIB2019)
Building Event-Driven Integration Architectures with Azure Event Grid (GIB2019)Daniel Toomey
 
Using Azure Compute with VMSS, Kubernetes, and Service Fabric
Using Azure Compute with VMSS, Kubernetes, and Service FabricUsing Azure Compute with VMSS, Kubernetes, and Service Fabric
Using Azure Compute with VMSS, Kubernetes, and Service FabricTakeshi Fukuhara
 
Julia Liuson at SpringOne 2020
Julia Liuson at SpringOne 2020Julia Liuson at SpringOne 2020
Julia Liuson at SpringOne 2020VMware Tanzu
 
Becoming a Microsoft Specialist in Microsoft Azure Infrastructure
Becoming a Microsoft Specialist in Microsoft Azure InfrastructureBecoming a Microsoft Specialist in Microsoft Azure Infrastructure
Becoming a Microsoft Specialist in Microsoft Azure InfrastructureSyed Irtaza Ali
 
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...Lorenzo Barbieri
 
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloudHow do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloudLorenzo Barbieri
 

More Related Content

What's hot

Cloud Security: Attacking The Metadata Service v2
Cloud Security: Attacking The Metadata Service v2Cloud Security: Attacking The Metadata Service v2
Cloud Security: Attacking The Metadata Service v2Puma Security, LLC
 
インフラ野郎 Azureチーム 博多夏祭り
インフラ野郎 Azureチーム 博多夏祭りインフラ野郎 Azureチーム 博多夏祭り
インフラ野郎 Azureチーム 博多夏祭りToru Makabe
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiGirish Kalamati
 
Acelera la integración de tu infraestructura con Azure
Acelera la integración de tu infraestructura con AzureAcelera la integración de tu infraestructura con Azure
Acelera la integración de tu infraestructura con AzurePlain Concepts
 
(おそらく)日本最速!_Microsoft Ignite 2019からのHybrid_Edge関連最新トピック紹介
(おそらく)日本最速!_Microsoft Ignite 2019からのHybrid_Edge関連最新トピック紹介(おそらく)日本最速!_Microsoft Ignite 2019からのHybrid_Edge関連最新トピック紹介
(おそらく)日本最速!_Microsoft Ignite 2019からのHybrid_Edge関連最新トピック紹介Masahiko Ebisuda
 
TDC2016SP - Construindo Microserviços usando Spring Cloud
TDC2016SP - Construindo Microserviços usando Spring CloudTDC2016SP - Construindo Microserviços usando Spring Cloud
TDC2016SP - Construindo Microserviços usando Spring Cloudtdc-globalcode
 
Protección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
Protección y acceso a tu información y aplicaciones en Azure y O365 – BarracudaProtección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
Protección y acceso a tu información y aplicaciones en Azure y O365 – BarracudaPlain Concepts
 
Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Jean-François LOMBARDO
 
Introducing Azure Bastion
Introducing Azure BastionIntroducing Azure Bastion
Introducing Azure BastionAmmar Hasayen
 
Microsoft Azure News - Mar 2021
Microsoft Azure News - Mar 2021Microsoft Azure News - Mar 2021
Microsoft Azure News - Mar 2021Daniel Toomey
 
Spring Security 5.5 From Taxi to Takeoff
Spring Security 5.5 From Taxi to TakeoffSpring Security 5.5 From Taxi to Takeoff
Spring Security 5.5 From Taxi to TakeoffVMware Tanzu
 
EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020Peter Selch Dahl
 
Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185jtaylor707
 
Building Event-Driven Integration Architectures with Azure Event Grid (GIB2019)
Building Event-Driven Integration Architectures with Azure Event Grid (GIB2019)Building Event-Driven Integration Architectures with Azure Event Grid (GIB2019)
Building Event-Driven Integration Architectures with Azure Event Grid (GIB2019)Daniel Toomey
 
Using Azure Compute with VMSS, Kubernetes, and Service Fabric
Using Azure Compute with VMSS, Kubernetes, and Service FabricUsing Azure Compute with VMSS, Kubernetes, and Service Fabric
Using Azure Compute with VMSS, Kubernetes, and Service FabricTakeshi Fukuhara
 
Julia Liuson at SpringOne 2020
Julia Liuson at SpringOne 2020Julia Liuson at SpringOne 2020
Julia Liuson at SpringOne 2020VMware Tanzu
 
Becoming a Microsoft Specialist in Microsoft Azure Infrastructure
Becoming a Microsoft Specialist in Microsoft Azure InfrastructureBecoming a Microsoft Specialist in Microsoft Azure Infrastructure
Becoming a Microsoft Specialist in Microsoft Azure InfrastructureSyed Irtaza Ali
 

What's hot (20)

Cloud Security: Attacking The Metadata Service v2
Cloud Security: Attacking The Metadata Service v2Cloud Security: Attacking The Metadata Service v2
Cloud Security: Attacking The Metadata Service v2
 
インフラ野郎 Azureチーム 博多夏祭り
インフラ野郎 Azureチーム 博多夏祭りインフラ野郎 Azureチーム 博多夏祭り
インフラ野郎 Azureチーム 博多夏祭り
 
Azure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish KalamatiAzure from scratch part 2 By Girish Kalamati
Azure from scratch part 2 By Girish Kalamati
 
Acelera la integración de tu infraestructura con Azure
Acelera la integración de tu infraestructura con AzureAcelera la integración de tu infraestructura con Azure
Acelera la integración de tu infraestructura con Azure
 
(おそらく)日本最速!_Microsoft Ignite 2019からのHybrid_Edge関連最新トピック紹介
(おそらく)日本最速!_Microsoft Ignite 2019からのHybrid_Edge関連最新トピック紹介(おそらく)日本最速!_Microsoft Ignite 2019からのHybrid_Edge関連最新トピック紹介
(おそらく)日本最速!_Microsoft Ignite 2019からのHybrid_Edge関連最新トピック紹介
 
TDC2016SP - Construindo Microserviços usando Spring Cloud
TDC2016SP - Construindo Microserviços usando Spring CloudTDC2016SP - Construindo Microserviços usando Spring Cloud
TDC2016SP - Construindo Microserviços usando Spring Cloud
 
Protección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
Protección y acceso a tu información y aplicaciones en Azure y O365 – BarracudaProtección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
Protección y acceso a tu información y aplicaciones en Azure y O365 – Barracuda
 
Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022
 
Introducing Azure Bastion
Introducing Azure BastionIntroducing Azure Bastion
Introducing Azure Bastion
 
Global Windows Azure Bootcamp - San Diego
Global Windows Azure Bootcamp - San DiegoGlobal Windows Azure Bootcamp - San Diego
Global Windows Azure Bootcamp - San Diego
 
Surviving the Azure Avalanche
Surviving the Azure AvalancheSurviving the Azure Avalanche
Surviving the Azure Avalanche
 
Windows Azure Essentials
Windows Azure EssentialsWindows Azure Essentials
Windows Azure Essentials
 
Microsoft Azure News - Mar 2021
Microsoft Azure News - Mar 2021Microsoft Azure News - Mar 2021
Microsoft Azure News - Mar 2021
 
Spring Security 5.5 From Taxi to Takeoff
Spring Security 5.5 From Taxi to TakeoffSpring Security 5.5 From Taxi to Takeoff
Spring Security 5.5 From Taxi to Takeoff
 
EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020
 
Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185Securing your cloud perimeter with azure network security brk3185
Securing your cloud perimeter with azure network security brk3185
 
Building Event-Driven Integration Architectures with Azure Event Grid (GIB2019)
Building Event-Driven Integration Architectures with Azure Event Grid (GIB2019)Building Event-Driven Integration Architectures with Azure Event Grid (GIB2019)
Building Event-Driven Integration Architectures with Azure Event Grid (GIB2019)
 
Using Azure Compute with VMSS, Kubernetes, and Service Fabric
Using Azure Compute with VMSS, Kubernetes, and Service FabricUsing Azure Compute with VMSS, Kubernetes, and Service Fabric
Using Azure Compute with VMSS, Kubernetes, and Service Fabric
 
Julia Liuson at SpringOne 2020
Julia Liuson at SpringOne 2020Julia Liuson at SpringOne 2020
Julia Liuson at SpringOne 2020
 
Becoming a Microsoft Specialist in Microsoft Azure Infrastructure
Becoming a Microsoft Specialist in Microsoft Azure InfrastructureBecoming a Microsoft Specialist in Microsoft Azure Infrastructure
Becoming a Microsoft Specialist in Microsoft Azure Infrastructure
 

Similar to How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?

Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...Lorenzo Barbieri
 
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloudHow do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloudLorenzo Barbieri
 
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?Lorenzo Barbieri
 
December 2022 Microsoft 365 Need to Know Webinar
December 2022 Microsoft 365 Need to Know WebinarDecember 2022 Microsoft 365 Need to Know Webinar
December 2022 Microsoft 365 Need to Know WebinarRobert Crane
 
20201015 Azure PaaS Update at Microsoft Ignite 2020
20201015 Azure PaaS Update at Microsoft Ignite 202020201015 Azure PaaS Update at Microsoft Ignite 2020
20201015 Azure PaaS Update at Microsoft Ignite 2020Issei Hiraoka
 
Azure Nights August2017
Azure Nights August2017Azure Nights August2017
Azure Nights August2017Michael Frank
 
Microsoft Azure News - 2018 December
Microsoft Azure News - 2018 DecemberMicrosoft Azure News - 2018 December
Microsoft Azure News - 2018 DecemberDaniel Toomey
 
NoSQL on microsoft azure april 2014
NoSQL on microsoft azure april 2014NoSQL on microsoft azure april 2014
NoSQL on microsoft azure april 2014Brian Benz
 
アプリケーションエンジニアへのいちおし Azure Update at Microsoft Ignite 2020
アプリケーションエンジニアへのいちおし Azure Update at Microsoft Ignite 2020アプリケーションエンジニアへのいちおし Azure Update at Microsoft Ignite 2020
アプリケーションエンジニアへのいちおし Azure Update at Microsoft Ignite 2020Issei Hiraoka
 
Microsoft Azure News - 2018 October
Microsoft Azure News - 2018 OctoberMicrosoft Azure News - 2018 October
Microsoft Azure News - 2018 OctoberDaniel Toomey
 
Microsoft Azure For Solutions Architects
Microsoft Azure For Solutions ArchitectsMicrosoft Azure For Solutions Architects
Microsoft Azure For Solutions ArchitectsRoy Kim
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azurekloia
 
Azure for beginners series session 4
Azure for beginners series session 4Azure for beginners series session 4
Azure for beginners series session 4Lalit Rawat
 
Continuous Deployment @ AWS Re:Invent
Continuous Deployment @ AWS Re:InventContinuous Deployment @ AWS Re:Invent
Continuous Deployment @ AWS Re:InventJohn Schneider
 
Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...
Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...
Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...Amazon Web Services
 
Week 4 lecture material cc (1)
Week 4 lecture material cc (1)Week 4 lecture material cc (1)
Week 4 lecture material cc (1)Ankit Gupta
 
Microsoft Azure News - 2018 August
Microsoft Azure News - 2018 AugustMicrosoft Azure News - 2018 August
Microsoft Azure News - 2018 AugustDaniel Toomey
 
Java Serverless Application Development using Microsoft Azure - DevJam 2021
Java Serverless Application Development using Microsoft Azure - DevJam 2021Java Serverless Application Development using Microsoft Azure - DevJam 2021
Java Serverless Application Development using Microsoft Azure - DevJam 2021shaunthomas999
 
Microsoft Azure News - June 2021
Microsoft Azure News - June 2021Microsoft Azure News - June 2021
Microsoft Azure News - June 2021Daniel Toomey
 
Chef as a One-Stop Solution on Microsoft Azure
Chef as a One-Stop Solution on Microsoft AzureChef as a One-Stop Solution on Microsoft Azure
Chef as a One-Stop Solution on Microsoft AzureKarsten Müller
 

Similar to How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud? (20)

Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in ...
 
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloudHow do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud
 
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
 
December 2022 Microsoft 365 Need to Know Webinar
December 2022 Microsoft 365 Need to Know WebinarDecember 2022 Microsoft 365 Need to Know Webinar
December 2022 Microsoft 365 Need to Know Webinar
 
20201015 Azure PaaS Update at Microsoft Ignite 2020
20201015 Azure PaaS Update at Microsoft Ignite 202020201015 Azure PaaS Update at Microsoft Ignite 2020
20201015 Azure PaaS Update at Microsoft Ignite 2020
 
Azure Nights August2017
Azure Nights August2017Azure Nights August2017
Azure Nights August2017
 
Microsoft Azure News - 2018 December
Microsoft Azure News - 2018 DecemberMicrosoft Azure News - 2018 December
Microsoft Azure News - 2018 December
 
NoSQL on microsoft azure april 2014
NoSQL on microsoft azure april 2014NoSQL on microsoft azure april 2014
NoSQL on microsoft azure april 2014
 
アプリケーションエンジニアへのいちおし Azure Update at Microsoft Ignite 2020
アプリケーションエンジニアへのいちおし Azure Update at Microsoft Ignite 2020アプリケーションエンジニアへのいちおし Azure Update at Microsoft Ignite 2020
アプリケーションエンジニアへのいちおし Azure Update at Microsoft Ignite 2020
 
Microsoft Azure News - 2018 October
Microsoft Azure News - 2018 OctoberMicrosoft Azure News - 2018 October
Microsoft Azure News - 2018 October
 
Microsoft Azure For Solutions Architects
Microsoft Azure For Solutions ArchitectsMicrosoft Azure For Solutions Architects
Microsoft Azure For Solutions Architects
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
 
Azure for beginners series session 4
Azure for beginners series session 4Azure for beginners series session 4
Azure for beginners series session 4
 
Continuous Deployment @ AWS Re:Invent
Continuous Deployment @ AWS Re:InventContinuous Deployment @ AWS Re:Invent
Continuous Deployment @ AWS Re:Invent
 
Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...
Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...
Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...
 
Week 4 lecture material cc (1)
Week 4 lecture material cc (1)Week 4 lecture material cc (1)
Week 4 lecture material cc (1)
 
Microsoft Azure News - 2018 August
Microsoft Azure News - 2018 AugustMicrosoft Azure News - 2018 August
Microsoft Azure News - 2018 August
 
Java Serverless Application Development using Microsoft Azure - DevJam 2021
Java Serverless Application Development using Microsoft Azure - DevJam 2021Java Serverless Application Development using Microsoft Azure - DevJam 2021
Java Serverless Application Development using Microsoft Azure - DevJam 2021
 
Microsoft Azure News - June 2021
Microsoft Azure News - June 2021Microsoft Azure News - June 2021
Microsoft Azure News - June 2021
 
Chef as a One-Stop Solution on Microsoft Azure
Chef as a One-Stop Solution on Microsoft AzureChef as a One-Stop Solution on Microsoft Azure
Chef as a One-Stop Solution on Microsoft Azure
 

More from Lorenzo Barbieri

Microsoft Ignite Milan: Copilot Adoption In Italy
Microsoft Ignite Milan: Copilot Adoption In ItalyMicrosoft Ignite Milan: Copilot Adoption In Italy
Microsoft Ignite Milan: Copilot Adoption In ItalyLorenzo Barbieri
 
Can Santa Cloud survive the Generative AI revolution?
Can Santa Cloud survive the Generative AI revolution?Can Santa Cloud survive the Generative AI revolution?
Can Santa Cloud survive the Generative AI revolution?Lorenzo Barbieri
 
Build and Modernize Intelligent Apps​
Build and Modernize Intelligent Apps​Build and Modernize Intelligent Apps​
Build and Modernize Intelligent Apps​Lorenzo Barbieri
 
Develop any software from anywhere!
Develop any software from anywhere!Develop any software from anywhere!
Develop any software from anywhere!Lorenzo Barbieri
 
Personal Branding for Developers @ PyCon Italy 2023
Personal Branding for Developers @ PyCon Italy 2023Personal Branding for Developers @ PyCon Italy 2023
Personal Branding for Developers @ PyCon Italy 2023Lorenzo Barbieri
 
Codemotion DevCast: App Modernization in the Cloud
Codemotion DevCast: App Modernization in the CloudCodemotion DevCast: App Modernization in the Cloud
Codemotion DevCast: App Modernization in the CloudLorenzo Barbieri
 
Azure DevOps & GitHub... Better Together!
Azure DevOps & GitHub... Better Together!Azure DevOps & GitHub... Better Together!
Azure DevOps & GitHub... Better Together!Lorenzo Barbieri
 
Azure Academyadi: Introduction to GitHub and AzureDevOps
Azure Academyadi: Introduction to GitHub and AzureDevOpsAzure Academyadi: Introduction to GitHub and AzureDevOps
Azure Academyadi: Introduction to GitHub and AzureDevOpsLorenzo Barbieri
 
Practical Personal Branding for Developers
Practical Personal Branding for DevelopersPractical Personal Branding for Developers
Practical Personal Branding for DevelopersLorenzo Barbieri
 
Kubernetes for .NET Developers
Kubernetes for .NET DevelopersKubernetes for .NET Developers
Kubernetes for .NET DevelopersLorenzo Barbieri
 
Accessible Public Speaking
Accessible Public SpeakingAccessible Public Speaking
Accessible Public SpeakingLorenzo Barbieri
 
Kubernetes VS. App Service: When the orchestrator challenges the platform
Kubernetes VS. App Service: When the orchestrator challenges the platformKubernetes VS. App Service: When the orchestrator challenges the platform
Kubernetes VS. App Service: When the orchestrator challenges the platformLorenzo Barbieri
 
Public Speaking For Geeks: Work from Home Edition!
Public Speaking For Geeks: Work from Home Edition!Public Speaking For Geeks: Work from Home Edition!
Public Speaking For Geeks: Work from Home Edition!Lorenzo Barbieri
 
Public Speaking for Geeks @ MS Ignite The Tour Milan
Public Speaking for Geeks @ MS Ignite The Tour MilanPublic Speaking for Geeks @ MS Ignite The Tour Milan
Public Speaking for Geeks @ MS Ignite The Tour MilanLorenzo Barbieri
 
DevOps@Work Roma 2020 Keynote
DevOps@Work Roma 2020 KeynoteDevOps@Work Roma 2020 Keynote
DevOps@Work Roma 2020 KeynoteLorenzo Barbieri
 

More from Lorenzo Barbieri (20)

Microsoft Ignite Milan: Copilot Adoption In Italy
Microsoft Ignite Milan: Copilot Adoption In ItalyMicrosoft Ignite Milan: Copilot Adoption In Italy
Microsoft Ignite Milan: Copilot Adoption In Italy
 
Can Santa Cloud survive the Generative AI revolution?
Can Santa Cloud survive the Generative AI revolution?Can Santa Cloud survive the Generative AI revolution?
Can Santa Cloud survive the Generative AI revolution?
 
Build and Modernize Intelligent Apps​
Build and Modernize Intelligent Apps​Build and Modernize Intelligent Apps​
Build and Modernize Intelligent Apps​
 
Develop any software from anywhere!
Develop any software from anywhere!Develop any software from anywhere!
Develop any software from anywhere!
 
Personal Branding for Developers @ PyCon Italy 2023
Personal Branding for Developers @ PyCon Italy 2023Personal Branding for Developers @ PyCon Italy 2023
Personal Branding for Developers @ PyCon Italy 2023
 
Storytelling inclusivo
Storytelling inclusivoStorytelling inclusivo
Storytelling inclusivo
 
Effective Public Speaking
Effective Public SpeakingEffective Public Speaking
Effective Public Speaking
 
GitHub for partners
GitHub for partnersGitHub for partners
GitHub for partners
 
Codemotion DevCast: App Modernization in the Cloud
Codemotion DevCast: App Modernization in the CloudCodemotion DevCast: App Modernization in the Cloud
Codemotion DevCast: App Modernization in the Cloud
 
Azure DevOps & GitHub... Better Together!
Azure DevOps & GitHub... Better Together!Azure DevOps & GitHub... Better Together!
Azure DevOps & GitHub... Better Together!
 
Azure Academyadi: Introduction to GitHub and AzureDevOps
Azure Academyadi: Introduction to GitHub and AzureDevOpsAzure Academyadi: Introduction to GitHub and AzureDevOps
Azure Academyadi: Introduction to GitHub and AzureDevOps
 
Kubernetes vs App Service
Kubernetes vs App ServiceKubernetes vs App Service
Kubernetes vs App Service
 
Practical Personal Branding for Developers
Practical Personal Branding for DevelopersPractical Personal Branding for Developers
Practical Personal Branding for Developers
 
Prepare a Short Pitch
Prepare a Short PitchPrepare a Short Pitch
Prepare a Short Pitch
 
Kubernetes for .NET Developers
Kubernetes for .NET DevelopersKubernetes for .NET Developers
Kubernetes for .NET Developers
 
Accessible Public Speaking
Accessible Public SpeakingAccessible Public Speaking
Accessible Public Speaking
 
Kubernetes VS. App Service: When the orchestrator challenges the platform
Kubernetes VS. App Service: When the orchestrator challenges the platformKubernetes VS. App Service: When the orchestrator challenges the platform
Kubernetes VS. App Service: When the orchestrator challenges the platform
 
Public Speaking For Geeks: Work from Home Edition!
Public Speaking For Geeks: Work from Home Edition!Public Speaking For Geeks: Work from Home Edition!
Public Speaking For Geeks: Work from Home Edition!
 
Public Speaking for Geeks @ MS Ignite The Tour Milan
Public Speaking for Geeks @ MS Ignite The Tour MilanPublic Speaking for Geeks @ MS Ignite The Tour Milan
Public Speaking for Geeks @ MS Ignite The Tour Milan
 
DevOps@Work Roma 2020 Keynote
DevOps@Work Roma 2020 KeynoteDevOps@Work Roma 2020 Keynote
DevOps@Work Roma 2020 Keynote
 

Recently uploaded

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 

Recently uploaded (20)

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 

How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?

  • 1. #azuresatpn How do you protect a hybrid Paas-iaas solution, built entirely in the cloud? lorenzo.barbieri@microsoft.com @_geniodelmale
  • 2. EVERYTHING STARTS WITH A “GOOD” ARCHITECTURE Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize RG for - Dev-Test - Production
  • 3. 1ST STRIKE The case of disappearing resourcesAttack one! Destro y ‘em all! Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize RG for - Dev-Test - Production
  • 4. MITIGATION Infrastructure as Code: • Script & Backup everything • ARM & Azure Policy PaaS safeguards: o Azure Web App Undelete o SQL Point in time Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize RG for - Dev-Test - Production
  • 5. REMEDIATION Subscription role protection o RBAC Azure AD could be protected with MFA Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize RG for - Dev-Test - Production
  • 6. 2ND STRIKE The case of unexpected load Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize Attack two…o…o… oooo! $$$ $RG for - Dev-Test - Production
  • 7. MITIGATION o Alert rules and monitoring o web.config based IP restriction o Functions in App Service Plan o App Service Diagnostics Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize +web.config RG for - Dev-Test - Production
  • 8. REMEDIATION o Web App Firewall/Azure Firewall/Application Gateway/3rd party o API Management o Azure DDOS Protections for VNET Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize +web.config RG for - Dev-Test - Production
  • 9. APP SERVICE DIAGNOSTICS • An interactive and intelligent experience for self-troubleshooting your app issues • What does that actually mean? • 🔒Diagnose and troubleshoot your app issues and learn about best practices • 🎨Use Genie to guide you through each problem category tile • 📈 Intelligent search capabilities • 🌏Straight out-of-the box, no extra configuration necessary
  • 10. 3RD STRIKE The case of data and storage loss Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Attack three! I know your secrets! Photo resize +web.config RG for - Dev-Test - Production
  • 11. MITIGATION o Key rotation o Least user privilege (DB) o Alert Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize +web.config RG for - Dev-Test - Production
  • 12. REMEDIATION o SQL DB Firewall o VNET Storage Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Photo resize +web.config o Handle Disconnect RG for - Dev-Test - Production
  • 13. 4TH STRIKE The case of being Gitted Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Fourth Attack! Keys from the octocat! Photo resize +web.config RG for - Dev-Test - Production
  • 14. REMEDIATION o Move all the keys to a secure path o Use Team Build to set them before deployment o Azure Key Vault o Managed Service Identity Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Photo resize +web.config ? RG for - Dev-Test - Production
  • 15. >_ SSH 5TH STRIKE The case of remote connections Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Remote Attack! Photo resize +web.config >_ SSH RG for - Dev-Test - Production
  • 16. MITIGATION o Patching and security policies o Azure Security Center Not only for VMs, could check networks, App Services, Blob Storage, SQL, etc… Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Photo resize +web.config >_ SSH RG for - Dev-Test - Production
  • 17. REMEDIATION o Network Security Groups Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Photo resize +web.config >_ SSH RG for - Dev-Test - Production
  • 18. A BETTER ARCHITECTURE Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Photo resize +web.config RG for - Dev-Test - Production
  • 19. RECAP – THE 7 GOLDEN RULES • Script everything • Backup everything • Least user privilege • Trust no one • Monitor everything • Assume cloud failure • Protect your secrets
  • 20. TAKE A LOOK AT AZURE SECURITY CENTER
  • 21. Export to Excel and Power BI SECURITY CENTER ARCHITECTURE IP Geotagging, … Netflow, SQL DB and Storage Logs, … Windows Events, Syslog, CEF, Configurations Threat Detections, Prescriptive Recommendations Security Dashboards Deliver Rapid Insights into Security State Across All Workloads Actionable Security Recommendations Investigation Tools and Log Search Curated, Prioritized Security Alerts Security Dashboards Deliver Rapid Insights into Security State Across All Workloads REST APIs NotificationsAutomation
  • 22. AZURE SECURITY CENTER FEATURES  Server EDR with WDATP  Linux threat detection  Organization wide security policies & management groups  Programmatic automation:  Powershell cmdlets  REST APIs  JIT VM Access  Dynamic rule priorities  Adaptive application controls (Windows)  Alerts  Support for “groups for review”  File integrity monitoring  Process investigator- detection of fileless attacks  Azure App services threat detection  Azure Gov  Alerts map GA  Limited public preview:  Adaptive network hardening  PCI/CIS/ISO/SOC compliance reports  Public preview:  Network map  Secure score IAAS/PAAS  Docker containers on Linux servers  UEBA for Azure resources and identities with MCAS  Threat detection for Azure blob storage  Threat detection for Azure PostGresSQL  Threat detection for Azure MySQL Preview
  • 23. RESOURCES • “Parts Unlimited” sample site with telemetry and fault injection: – https://microsoft.github.io/PartsUnlimited/ • The “bible of Chaos Engineering”: http://principlesofchaos.org/ • Only for the “Brave”, Netflix Chaos Monkey integrated with Spinnaker: https://github.com/Netflix/chaosmonkey • Cloud Bedlam: https://github.com/GitTorre/CloudBedlamLinux/tree/dotnet-core
  • 24. Security BRK2395 Wed 9AM Azure Security fundamentals: Protecting infrastructure, apps, and data in the cloud BRK2038 Wed 2:15PM Simplify protection of cloud resources with Azure Security Center BRK2368 Tues 9AM Practical guide for using Azure Security Center to protect hybrid cloud environment (workshop: WRK2010 Tues 10:45AM) BRK3059 Thurs 3:15PM Manage keys, secrets, and certificates for secure apps and data with Azure Key Vault Monitoring BRK2270 Tues 4PM Full stack monitoring across application, infrastructure and network with Azure Monitor (workshop: WRK2012 Wed 9AM) BRK3354 Thurs 10:15AM Monitor your infrastructure and analyze operational logs at scale with Azure Monitory BRK3349 Tues 11:30AM Everything about Azure Monitor telemetry and building integration with ITSM and SIEM tools Resiliency BRK3060 Mon 4PM Backup your data with Azure Backup (workshop: WRK2011 Wed 12:30PM) BRK3078 Wed 11:30AM Ensure application availability with cloud- based disaster recovery, Azure Site Recovery BRK3064 Thurs 2:15PM Implement Cloud Backup and Disaster Recovery at Scale in Azure Automate BRK3063 Fri 12:30PM Azure Update, Inventory, and Automation for Linux and Windows VM management BRK3069 Wed 4PM What's new in PowerShell Governance BRK3062 Tues 2:15PM Architecting Security and Governance Across your Azure Subscriptions BRK3085 Thurs 4PM Deep dive into Implementing governance at scale through Azure Policy BRK2476 Thurs 9AM Make the most of Azure by optimizing your cloud spend through Azure Cost Management and Reserved Instances NEW Security & management hands on labs (to be updated CY18 Q4) Learn more about Azure Governance Learn more about Azure Security Learn more about Azure Monitor Learn more about Azure resiliency Learn more about Azure Automation Hands on experience AZURE SECURITY & MANAGEMENT@IGNITE
  • 25. #azuresatpn Thank you very much! Feedbacks are important! Tweet: @_geniodelmale #azuresatpn or send me an email  lorenzo.barbieri@microsoft.com @_geniodelmale