Azure security architecture / FAUG JKL 15.2.2018

•

1 like•153 views

Azure Security Architecture session, as presented in Finland Azure User Group in Jyväskylä on 15.2.2018 by Karl Ots, Azure MVP.

Technology

AZURE SECURITY
ARCHITECTURE
FAUG JYVÄSKYLÄ
15.2.2018

KARL OTS @ KOMPOZURE
• Co-organizer of Finland Azure User Group and IglooConf
• Working on Azure since 2011
• Patented inventor
• Worked with tens of different customers on full-scale Azure projects,
from startups to Fortune 500 enterprises
Managing Consultant
karl.ots@kompozure.com
+358 50 480 1102

IN THIS SESSION…
• Trusted cloud infrastructure
• Subscription governance
o Policies
o Resource Groups and
Subscriptions as management
level isolation
• Access control
o RBAC
o Azure AD
• Monitoring

2 Mil
kilometers
intra-datacenter
fiber
72+
Tb per second
Backbone
100+
datacenters
42
Azure regions
Millions
of servers
ACCESS
APPROVAL
Background check
System
check
PERIMETER
One defined
access point
Video
coverage
Perimeter
fencing
BUILDING
Two-factor
authentication with
biometrics
24x7x365
security
operations Verified single
person entry
SERVER
ENVIRONMENT
Employee &
contractor vetting
Inability to identify location
of specific customer data
Secure
destruction bins

RBAC ROLES AND SCOPE
Subscription
Resource Groups
Resources

RBAC AND POLICIES
Role Based Access
Control (RBAC)
• Controls what actions a
user may take on Azure
resources
Resource Manager
Policies
• Controls what actions
may be taken at a given
scope

RESOURCES
• Azure Trust Center
o https://www.microsoft.com/en-us/TrustCenter/
• Microsoft Azure Security - Getting Started (free Pluralsight course):
o https://www.pluralsight.com/courses/microsoft-azure-security-getting-
started?twoid=43eb6e26-b9fd-4aa0-b88f-2604b82e810f
• Azure Virtual Datacenter (eBook)
o https://azure.microsoft.com/en-us/resources/azure-virtual-
datacenter/en-us/
• PCI-DSS Compliant PaaS Blueprint
o aka.ms/pciblueprints

Azure PaaS and SaaS platforms usage seem to be easy and straightforward, but it's your responsibility to keep them properly secured. I will talk about steps to secure your subscription, network, applications and storage and how Azure can help you with current challenges. Then we talk about security best practices in general, such as user isolation, encryption at rest, certificate and password management with KeyVault. The final topic will explain the basics of disaster recovery plans and why you actually need them.

Azure Security Fundamentals

Lorenzo Barbieri

Getting Started with Azure Security Center

Cheah Eng Soon

Govern Your Cloud: The Foundation for Success

Alert Logic

Global Azure Bootcamp 2018 - Azure Security Center

Scott Hoag

Azure Security and Management

Allen Brokken

As presented at the (ISC)2 EMEA Secure Summit. Karl Ots has assessed the security of over 100 solutions built on the Microsoft Azure cloud. He has found that there are 6 key security pitfalls that are common across all industry verticals and company sizes. In this session, he will share what these security pitfalls are, why do they matter and how to mitigate them. 1. Upon completion, participant will know the most common threat vectors in real-life Microsoft Azure applications across all industries and company sizes.2. Upon completion, participant will be able to effectively articulate the presented risks to both software developers and technical decision makers.3. Upon completion, participant will be able to remediate the presented risks and focus their security investments in the most effective controls

.NET Fest 2019. Stas Lebedenko. Practical serverless use cases in Azure with ...

NETFest

Serverless technology is trending, but in-depth details are missing. How does it fit with non-serverless components? What are the practical use cases? Should you fight vendor lock-in? And what about limits and pitfalls with Azure? I will answer those questions, share a few tricks and short demo. I'll cover serverless usage scenarios with Azure, what problems can be solved, and what is a viable adoption strategy. Then I'm going to talk about technology shortcomings, when to omit it and how to rip all benefits. There are circumstances when a cloud-agnostic approach is beneficial, so I discuss serverless frameworks too and why vendor lock is not that bad. Finally, we'll look at a short demo that illustrates why you have to use specific serverless patterns.

Tour to Azure Security Center

Lalit Rawat

Power of the cloud - Introduction to azure security

Bruno Capuano

Slides used during the session Introduction to Microsoft Azure Security Azure provides you with a wide array of configurable security options and the ability to control them so that you can customize security to meet the unique requirements of your organization’s deployments. This presentation helps you understand how Azure security capabilities can help you fulfill these requirements using options such as Azure AD, Azure Security Center, Azure Advisor, and Azure Monitor.

Azure Security Center- Zero to Hero

Kasun Rajapakse

Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...

wwwally

Azure vm introduction

Lalit Rawat

Azure sentinel

Marius Sandbu

CSS17: Houston - Azure Shared Security Model Overview

Alert Logic

CSS 17: NYC - Building Secure Solutions in AWS

Alert Logic

Shared Security Responsibility for the Azure Cloud

Alert Logic

Trust No-One Architecture For Services And Data

Aidan Finn

Azure Security Overview

Allen Brokken

Best Practices in Cloud Security

Alert Logic

CSS 17: NYC - Protecting your Web Applications

Alert Logic

Azure Penetration Testing

Cheah Eng Soon

Azure 101: Shared responsibility in the Azure Cloud

Paulo Renato

Whether you’re working exclusively on Azure or with multiple cloud environments, there are certain things you should consider when moving assets to the public cloud. As with any cloud deployment, security is a top priority, and moving your workloads to the Azure cloud doesn’t mean you’re not responsible for the security of your operating system, applications, and data. Building on the security of the Azure infrastructure, this shared security responsibility starts with making sure your environment is secure. In this session, we will discuss step-by-step what you need to do to secure access at the administrative, application and network layers.

Securing virtual workload and cloud

Himani Singh

Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft

Alert Logic

CSF18 - Securing the Cloud - Karim El-Melhaoui

NCCOMMS

Securing Azure Infrastructure

Karl Ots

Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...

Codit

“Internet of Things” is changing our world and today the Internet of Things knows almost as many applications as there are types of devices connected. In this session, Sam and Glenn will give an overview of the latest IoT solutions, the different learnings from the field and explain which key components are instrumental to integrating your solutions to the Azure IoT platform to ensure they are robust, future-proof and secure.

What's hot

ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...

Karl Ots

.NET Fest 2019. Stas Lebedenko. Practical serverless use cases in Azure with ...

NETFest

Tour to Azure Security Center

Lalit Rawat

Power of the cloud - Introduction to azure security

Bruno Capuano

Azure Security Center- Zero to Hero

Kasun Rajapakse

Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...

wwwally

Azure vm introduction

Lalit Rawat

Azure sentinel

Marius Sandbu

CSS17: Houston - Azure Shared Security Model Overview

Alert Logic

CSS 17: NYC - Building Secure Solutions in AWS

Alert Logic

Shared Security Responsibility for the Azure Cloud

Alert Logic

Trust No-One Architecture For Services And Data

Aidan Finn

Azure Security Overview

Allen Brokken

Best Practices in Cloud Security

Alert Logic

CSS 17: NYC - Protecting your Web Applications

Alert Logic

Azure Penetration Testing

Cheah Eng Soon

Azure 101: Shared responsibility in the Azure Cloud

Paulo Renato

Securing virtual workload and cloud

Himani Singh

Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft

Alert Logic

CSF18 - Securing the Cloud - Karim El-Melhaoui

NCCOMMS

What's hot (20)

ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...

.NET Fest 2019. Stas Lebedenko. Practical serverless use cases in Azure with ...

Tour to Azure Security Center

Power of the cloud - Introduction to azure security

Azure Security Center- Zero to Hero

Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...

Azure vm introduction

Azure sentinel

CSS17: Houston - Azure Shared Security Model Overview

CSS 17: NYC - Building Secure Solutions in AWS

Shared Security Responsibility for the Azure Cloud

Trust No-One Architecture For Services And Data

Azure Security Overview

Best Practices in Cloud Security

CSS 17: NYC - Protecting your Web Applications

Azure Penetration Testing

Azure 101: Shared responsibility in the Azure Cloud

Securing virtual workload and cloud

Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft

CSF18 - Securing the Cloud - Karim El-Melhaoui

Similar to Azure security architecture / FAUG JKL 15.2.2018

Securing Azure Infrastructure

Karl Ots

Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...

Codit

2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...

aOS Community

Microsoft Azure Security Overview

Alert Logic

366864108 azure-security

ober64

Monitoring Security Policies for Container and OpenStack Clouds

PLUMgrid

Container and OpenStack clouds often co-exist in data centers. Monitoring both environments require views into the underlay and overlay infrastructure, but infrastructure monitoring alone is no longer sufficient and needs to be paired with security policy views as containers and microservices are constantly reshaping data center traffic and flow patterns. A visualization GUI that correlates containers and VMs with security policy views provide a powerful tool for any operations team to detect security flow violations in real-time. Enterprises and cloud providers are adopting visualization and monitoring platforms in addition to OpenStack Horizon to keep their infrastructure running with 100% uptime. New tools that help with proactive remediation of issues are being deployed to quickly bring back the system to healthy conditions.

5. 2010 11-03 bucharest oracle-tech_day_securityDoina Draganescu

Cloud gateways for regulatory compliance

Ulf Mattsson

Consumers have no control over security once data is inside the public cloud. Completely reliant on provider for application and storage security. A private cloud gives a single Cloud Consumers organization the exclusive access to and usage of the infrastructure and computational resources. But Consumer has limited capability to manage security within outsourced IaaS private cloud. a cloud service mapping can be compared against a catalogue of security controls to determine which controls exist and which do not — as provided by the consumer, the cloud service provider, or a third party. This can in turn be compared to a compliance framework or set of requirements such as PCI DSS. The PCI guidance is defining how Cloud security is a shared responsibility between the cloud service provider (CSP) and its clients. If payment card data is stored, processed or transmitted in a cloud environment, PCI DSS will apply to that environment, and will typically involve validation of both the CSP’s infrastructure and the client’s usage of that environment. Gartner studied Cloud Gateways and came up with the definition of six different types. A Public Cloud Gateways. Provides isolation for the sensitive data from the Public Cloud and the security control stays within your organization. A Cloud Gateway can Protect any data sent or received via HTTP or FTP through enterprise, remote, or mobile channels and Securely integrate enterprise data into cloud applications, emailed reports, and process analytics on protected data from remote requests. You control all security functions from inside your enterprise – vital for compliance with many regulations and laws. You can Protect Data with Tokenization or Encryption. This solution enforces fine grained, field-level data protection with Vaultless Tokenization or encryption, and comprehensive activity monitoring. It should support Multiple Deployment Options with a flexible gateway architecture that allows you to easily deploy the Cloud Gateway on physical or virtual servers, to protect data in public, private, or hybrid cloud environments. It should offer protection by column, field, or even by character without any back-end system modifications or loss in functionality. Files should also be fully encrypted or tokenized.

Understanding AWS security

Amazon Web Services

The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability and control. You have to know what you have and where it is before you can assess the environment against best practices and internal or compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says: "Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?" That's the level of granularity you can choose to implement if you wish.

Presentation database security audit vault & database firewall

xKinAnx

Database Options

Connor McDonald

AppGate: Achieving Compliance in the Cloud

Cryptzone

IT Resilience Use Case

PT Datacomm Diangraha

DTU Global Azure 2023 Bootcamp - Multi-cloud App Dev for Java Developers with...

Juarez Junior

See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...

PLUMgrid

After deployment and build-out of an OpenStack cloud, operators require a complete end to end single pane view of the SDN-based network overlay, all the associated workloads and hypervisors and physical infrastructure. Enterprises and cloud providers alike have aggressively adopted SDN visualization and monitoring platforms in addition to OpenStack horizon to keep their infrastructure running with 100% uptime. Additionally, new tools that aim at helping with proactive remediation of issues are being deployed and leveraged to quickly bring back the system to healthy conditions. In this session, attendees will discover: How comprehensive visualization could help operations staff How to correlate physical and virtual networks How to immediately identify problems as they arise

Red Hat OpenShift & CoreOS by Ludovic Aelbrecht, Senior Solution Architect at...

Kangaroot

Presentation building and running your private cloudsolarisyourep

Presentation building and running your private cloud

xKinAnx

Building a Secure and Compliant Azure Virtual Data Center

Patrick Sklodowski

IRJET - Cloud based Datacenter in Virtual Private Network

IRJET Journal

Similar to Azure security architecture / FAUG JKL 15.2.2018 (20)

Securing Azure Infrastructure

Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...

2019-06-04 aOS Strasbourg - Technique 3 - MS Threat Protection - Seyfallah Ta...

Microsoft Azure Security Overview

366864108 azure-security

Monitoring Security Policies for Container and OpenStack Clouds

5. 2010 11-03 bucharest oracle-tech_day_security

Cloud gateways for regulatory compliance

Understanding AWS security

Presentation database security audit vault & database firewall

Database Options

AppGate: Achieving Compliance in the Cloud

IT Resilience Use Case

DTU Global Azure 2023 Bootcamp - Multi-cloud App Dev for Java Developers with...

See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...

Red Hat OpenShift & CoreOS by Ludovic Aelbrecht, Senior Solution Architect at...

Presentation building and running your private cloud

Building a Secure and Compliant Azure Virtual Data Center

IRJET - Cloud based Datacenter in Virtual Private Network

More from Karl Ots

TechDays Finland 2020: Best practices of securing web applications running on...

Karl Ots

The multitude of security controls and guidelines for both Kubernetes and Azure can be overwhelming. Based on real-life experiences from securing web applications running on Azure Kubernetes Service, Karl has compiled a list of best practices that bring them together. In this session, you will learn how to build, operate and develop secure web applications on top of Azure Kubernetes Service. After this session, you will know which security controls are available, how effective they are and what will be the cost of implementing them.

TechDays Finland 2020: Azuren tietoturva haltuun!

Karl Ots

Azure-ratkaisujen suunnittelu, rakentaminen ja operointi tietoturvallisesti ei ole lainkaan suoraviivaista. Sekä käytettävissä olevista tietoturvakontrolleista että ohjeistuksesta on niin laaja ylitarjonta, että alkuun on hankala päästä, parhaiden käytäntöjen käytöstä puhumattakaan. Tätä haastetta ei lainkaan helpota se, että organisaatioiden olemassa oleva tietoturvaosaaminen on harvoin siellä, missä ketterien digitaalisten sovellusten rakentaminen on. Miten voimme saada Azuren palveluista hyödyt irti, jos digisovellusten ja tietoturvavaatimusten maailmat eivät kohtaa? Tässä esityksessä Karl käy käytännönläheisesti läpi työkalut ja prosessit, joilla suojataan Azure-sovellukset ja -infrastruktuuri, suunnittelupöydältä tuotantoon vientiin asti. Esityksen jälkeen kuulija tuntee Azuressa käytössä olevat tietoturvakontrollit sekä niiden vaikutuksen tietoturvaan, sovelluskehitystehokkuuteen ja kustannuksiin. Kuulijalla osaa myös soveltaa oppimaansa päivittääkseen oman organisaationsa tietoturvavaatimukset Azure-aikaan.

IglooConf 2020: Best practices of securing web applications running on Azure ...

Karl Ots

Building an Enterprise-Grade Azure Governance Model

Karl Ots

As presented at the CloudBrew 2019 conference in 13.12.2019. When proper governance model is followed, your Azure application development teams are operating in a secure and compliant Azure environment during design, development and operations. In this "lessons learned" type of session, Karl will will share practical tips on how to build a comprehensive Azure governance model, based on real-life experiences from working with multi-billion dollar corporations. After this session, you should have a better understanding of Azure governance best practices and in-house team roles & responsibilities. You will also have an overview of the technical fundamentals of a comprehensive Azure Governance.

CloudBurst Malmö: Best practices of securing web applications running on Azur...

Karl Ots

The multitude of security controls and guidelines for both Kubernetes and Azure can be overwhelming. Based on real-life experiences from securing web applications running on Azure Kubernetes Service, Karl has compiled a list of best practices that bring these worlds together. In this session, you will learn how to build, operate and develop secure web applications on top of Azure Kubernetes Service. After this session, you will know which security controls are available, how effective they are and what will be the cost of implementing them.

IT Camp 19: Top Azure security fails and how to avoid them

Karl Ots

FAUG Jyväskylä 28.5.2019 - Azure Monitoring

Karl Ots

DevSum - Top Azure security fails and how to avoid them

Karl Ots

Techorama Belgium 2019 - Building an Azure Governance model for the Enterprise

Karl Ots

In this session Karl will walk you through the fundamentals of building a comprehensive Azure Governance model, based on real-life experiences with working on multi-vendor hybrid IaaS / PaaS projects in the enterprise. When proper governance model is followed, you can ensure your teams are operating in a secure and compliant Azure environment during design, development and operations. After this session, you should have a better understanding of Azure governance best practices and in-house team roles & responsibilities. You should also have an overview of the technical implementation of governance controls. As presented in Antwerpen, Belgium at 22nd of May 2019.

Techorama Belgium 2019: top Azure security fails and how to avoid them

Karl Ots

Azure Low Lands 2018: Monitoring real life Azure applications when to use wha...

Karl Ots

Modern applications leverage a variety of services, and often span across on premises, IaaS, PaaS and SaaS. Monitoring these environments is different from traditional systems. We have more and more data available from the platform with the likes of ARM Activity Logs, Azure Monitor, Log Analytics and Application Insights. With a massive amount of signal and noise being generated in all these systems, how do we get our arms around what is happening? Is my application impacted in an ongoing Azure outage? Are my integrations intact? Which services from Azure should I use to monitor my application end-to-end? Come and hear how to answer these questions. After the session, you’ll have deeper understanding of end-to-end monitoring techniques in Azure solutions and know which services to choose for which scenario. As presented in Rotterdam at Azure Low Lands 2019.

IglooConf 2019 Secure your Azure applications like a pro

Karl Ots

UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...

Karl Ots

As presented on 22th of November 2018 in Prague. Modern applications leverage a variety of services, and often span across on premises, IaaS, PaaS and SaaS. Monitoring these environments is different from traditional systems. We have more and more data available from the platform with the likes of ARM Activity Logs, Azure Monitor, Log Analytics and Application Insights. With a massive amount of signal and noise being generated in all these systems, how do we get our arms around what is happening? Is my application impacted in an ongoing Azure outage? Are my integrations intact? Which services from Azure should I use to monitor my application end-to-end? Come and hear how to answer these questions. After the session, you’ll have deeper understanding of end-to-end monitoring techniques in Azure solutions and know which services to choose for which scenario.

UpdateConf 2018: Top 18 Azure security fails and how to avoid them

Karl Ots

Top Azure security fails and how to avoid them

Karl Ots

Top 18 azure security fails and how to avoid them

Karl Ots

Monitoring real-life Azure applications: When to use what and why

Karl Ots

Slides from my presentation at Intelligent Cloud Conf on 29.5.2018 in Copenhagen Modern applications leverage a variety of services, and often span across on premises, IaaS, PaaS and SaaS. Monitoring these environments is different from traditional systems. We have more and more data available from the platform with the likes of ARM Activity Logs, Azure Monitor, Log Analytics and Application Insights. With a massive amount of signal and noise being generated in all these systems, how do we get our arms around what is happening? Is my application impacted in an ongoing Azure outage? Are my integrations intact? Which services from Azure should I use to monitor my application end-to-end? Come and hear how to answer these questions. After the session, you’ll have deeper understanding of end-to-end monitoring techniques in Azure solutions and know which services to choose for which scenario. .

Azure Saturday: Security + DevOps + Azure = Awesomeness

Karl Ots

Slides from my presentation at Azure Saturday on 26.5.2018 in Munich. In this session, I will cover the Secure DevOps Toolkit for Azure, a set of security-related tools, Powershell modules, extensions and automations for Azure. The session is a collection of lessons learned using the Toolkit from real-life projects. After this sessions you will be able to improve the security of your Azure usage from IDE to Operations, regardless of your current state of security and level of cloud adoption.

Navigating in the sea of containers in azure when to choose which service and...

Karl Ots

As presented on 21st of March 2018 at TechDays Finland. There’s a plethora of Container-related services available in Azure. Azure Container Instance, Azure Container Registry, and Azure Container Service to name a few. It can be hard to get your head around all of them, especially if you come from Microsoft background as I did. I will cover each of these services in this talk, explain their differencies and help you figure out which scenarios they fit best. If you’re new to Containers, you should feel more comfortable around them after this session.

Kubernetes in Azure

Karl Ots

There’s a plethora of Container-related services available in Azure: Azure Container Instance, Azure Container Service, managed Kubernetes and managed container registry to name a few. I will cover the most useful container and container orchestration related services in this talk, explain their differences and help you figure out which scenarios they fit best. As presented by Karl Ots, Azure MVP at CNCF & Kubernetes Finland meetup. on February 22, 2018.

More from Karl Ots (20)

TechDays Finland 2020: Best practices of securing web applications running on...

TechDays Finland 2020: Azuren tietoturva haltuun!

IglooConf 2020: Best practices of securing web applications running on Azure ...

Building an Enterprise-Grade Azure Governance Model

CloudBurst Malmö: Best practices of securing web applications running on Azur...

IT Camp 19: Top Azure security fails and how to avoid them

FAUG Jyväskylä 28.5.2019 - Azure Monitoring

DevSum - Top Azure security fails and how to avoid them

Techorama Belgium 2019 - Building an Azure Governance model for the Enterprise

Techorama Belgium 2019: top Azure security fails and how to avoid them

Azure Low Lands 2018: Monitoring real life Azure applications when to use wha...

IglooConf 2019 Secure your Azure applications like a pro

UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...

UpdateConf 2018: Top 18 Azure security fails and how to avoid them

Top Azure security fails and how to avoid them

Top 18 azure security fails and how to avoid them

Monitoring real-life Azure applications: When to use what and why

Azure Saturday: Security + DevOps + Azure = Awesomeness

Navigating in the sea of containers in azure when to choose which service and...

Kubernetes in Azure

Recently uploaded

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Paul Groth

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

Generating a custom Ruby SDK for your web service or Rails API using Smithy

g2nightmarescribd

Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!

Knowledge engineering: from people to machines and back

Elena Simperl

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Product School

JMeter webinar - integration with InfluxDB and Grafana

RTTS

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Product School

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

Neuro-symbolic is not enough, we need neuro-*semantic*

Frank van Harmelen

Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”. All of this illustrated with link prediction over knowledge graphs, but the argument is general.

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Recently uploaded (20)

Assuring Contact Center Experiences for Your Customers With ThousandEyes

How world-class product teams are winning in the AI era by CEO and Founder, P...

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

Generating a custom Ruby SDK for your web service or Rails API using Smithy

Elevating Tactical DDD Patterns Through Object Calisthenics

Knowledge engineering: from people to machines and back

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

JMeter webinar - integration with InfluxDB and Grafana

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Mission to Decommission: Importance of Decommissioning Products to Increase E...

When stars align: studies in data quality, knowledge graphs, and machine lear...

Neuro-symbolic is not enough, we need neuro-*semantic*

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

GraphRAG is All You need? LLM & Knowledge Graph

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

UiPath Test Automation using UiPath Test Suite series, part 4

Azure security architecture / FAUG JKL 15.2.2018

1. AZURE SECURITY ARCHITECTURE FAUG JYVÄSKYLÄ 15.2.2018

2. KARL OTS @ KOMPOZURE • Co-organizer of Finland Azure User Group and IglooConf • Working on Azure since 2011 • Patented inventor • Worked with tens of different customers on full-scale Azure projects, from startups to Fortune 500 enterprises Managing Consultant karl.ots@kompozure.com +358 50 480 1102

3. IN THIS SESSION… • Trusted cloud infrastructure • Subscription governance o Policies o Resource Groups and Subscriptions as management level isolation • Access control o RBAC o Azure AD • Monitoring

4. 2 Mil kilometers intra-datacenter fiber 72+ Tb per second Backbone 100+ datacenters 42 Azure regions Millions of servers ACCESS APPROVAL Background check System check PERIMETER One defined access point Video coverage Perimeter fencing BUILDING Two-factor authentication with biometrics 24x7x365 security operations Verified single person entry SERVER ENVIRONMENT Employee & contractor vetting Inability to identify location of specific customer data Secure destruction bins

6. ACCESS CONTROL

7. RBAC ROLES AND SCOPE Subscription Resource Groups Resources

8. RBAC AND POLICIES Role Based Access Control (RBAC) • Controls what actions a user may take on Azure resources Resource Manager Policies • Controls what actions may be taken at a given scope

9. MONITORING

10.

11. COLLECTING LOGS

12. LOG INTEGRATION

13. RESOURCES • Azure Trust Center o https://www.microsoft.com/en-us/TrustCenter/ • Microsoft Azure Security - Getting Started (free Pluralsight course): o https://www.pluralsight.com/courses/microsoft-azure-security-getting- started?twoid=43eb6e26-b9fd-4aa0-b88f-2604b82e810f • Azure Virtual Datacenter (eBook) o https://azure.microsoft.com/en-us/resources/azure-virtual- datacenter/en-us/ • PCI-DSS Compliant PaaS Blueprint o aka.ms/pciblueprints

14. KOMPOZURE YOUR AZURE PARTNER

Azure security architecture / FAUG JKL 15.2.2018

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Azure security architecture / FAUG JKL 15.2.2018

Similar to Azure security architecture / FAUG JKL 15.2.2018 (20)

More from Karl Ots

More from Karl Ots (20)

Recently uploaded

Recently uploaded (20)

Azure security architecture / FAUG JKL 15.2.2018