Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Azure Enterprise Security in Practice Radu Vunvulea Codecamp Cluj Napoca Nov 2017

190 views

Published on

How does an enterprise looks like when you talk about security and cloud? Complicated, rigid and challenging to accept cloud based architectures.
After working closely with security teams from different companies I identified different approaches and requirements that are standard for enterprises. In this session I want to discuss and share with you lessons learned on how we can map security requirements to Azure.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Azure Enterprise Security in Practice Radu Vunvulea Codecamp Cluj Napoca Nov 2017

  1. 1. 1 ENTERPRISE SECURITY IN PRACTICE RADU VUNVULEA, OCTOBER 2017 @RADU VUNVULEA
  2. 2. ENTERPRISE AND SECURITY
  3. 3. RADU VUNVULEA Technology Enthusiast Dreamer Microsoft Azure MVP Speaker & Trainer Writer & Blogger Idealist Software Architecture Crafter
  4. 4. SANDBOX Group resources Control Manage
  5. 5. DIRECT ACCESS Same network Visible between each other Easy access and control
  6. 6. ISOLATION Restric traffic Controls what goes to and from VNET Isolate from outside
  7. 7. NSG – TIPS AND TRICKS
  8. 8. CROSS SYSTEM COMMUNICATION Specify what can be exchange between systems Full control on inbound and outbound traffic NSG
  9. 9. NETWORK VIRTUAL APPLIANCE Control security from only one location Cross location synchronization
  10. 10. MONITOR AND AUDIT All traffic goes through virtual appliance Push audit data to on-premises system Firewall, IDS, IPS UDR
  11. 11. EXTERNAL TRAFFIC CONTROL Full control of IP Filtering Traffic goes through VPN S2S VPN Internet
  12. 12. IPSEC VPN TERMINATED OUTSIDE FIREWALL Cannot be done using S2S VPN VPN terminated before NGFW, inside Virtual Gateway Appliance VPN
  13. 13. IPSEC VPN TERMINATED OUTSIDE FIREWALL Cannot be done using S2S VPN VPN terminated before NGFW, inside Virtual Gateway Appliance VPN OpenVPN
  14. 14. IPSEC VPN TERMINATED OUTSIDE FIREWALL Appliance plays the role of firewall and VPN Gateway VPN
  15. 15. DEVICE AUTHENTICATION USING CERTIFICATES Supported only for Point-to-Site VPN Site-to-Site VPN is connected directly to VPN hardware certificates
  16. 16. CASCADED VIRTUAL APPLIANCES Multiple virtual appliances connected together
  17. 17. VNET TO VNET CONNECTIVITY Peering – Fast and reliable VPN Gateway – More granular control of what goes in or out Peering / VPN Gateway
  18. 18. CENTRAL LOGGING DATA Activity Logs Azure Diagnostic Logs AAD Reporting VM and Cloud Services Storage Analytics Network Security Groups Application Insights Security Alert Configurable, +180 days, 90 days
  19. 19. MONITOR AND REACT - OMS
  20. 20. API AND INFRASTRUCTURE CHANGES CLOUD SERVICE PROVIDER CAN MAKE CHANGES ONLY AFTER THE NATURE OF CHANGE IS UNDERSTOOD AND A SECURITY ASSESSMENT IS DONE YES • Microsoft announce 12 months in advance any breaking changes at API or functionality level NO • Infrastructure and services change are done on the fly as long as the API or functionality is not altered
  21. 21. IDENTITY AND ACCESS MANAGEMENT
  22. 22. AZURE ACTIVE DIRECTORY
  23. 23. Mitigation

×