Azure security baselines and benchmarks, Security Maturity Model, Industrial Internet Consortium IIC , Certification, Web Application Firewall, API Management Service
3. Security Certification (A Story)
• We have own product and wish to obtain security certification badge
• Contacted Microsoft officials from Nordics, Germany and US (10+ people)
with a question:
“Please propose an organization from your network that:
Can perform audit of a platform solution in Azure
Issue label/badge to verify compliance”
6. IoT Security Maturity Model
• Developed by the Industrial Internet Consortium IIC (250+ companies
across 30 countries, incl. Microsoft)
• Guide organizations in security practices
• Objectives
o Foster collaboration - business stakeholders vs tech experts
o Define framework for defining security target
o Define performance indicators
o Guiding the process of maturing
• Primary Authors
o Sandy Carielli - Entrust Datacard
o Matthew Eble - Praetorian
o Frederick Hirsch - Fujitsu
o Ekaterina Rudina - Kaspersky Lab
o Ron Zahavi - Microsoft Azure IoT
7. Azure Security Benchmark
• Security Benchmark
o Best practices and recommendations to help improve the security of workloads, data, and services on Azure.
• Currently v2 is released
o V1: https://docs.microsoft.com/en-us/security/benchmark/azure/overview-v1
o V2: https://docs.microsoft.com/en-us/security/benchmark/azure/overview
• Security Controls – high level description of feature to be addressed
• Security Baselines – benchmark implementation of individual AZ service
o Network Security
o Identity Management
o Privileged Access
o Data Protection
o Asset Management
o Logging and Threat Detection
o Incident Response
o Posture and Vulnerability Management
o Endpoint Security
o Backup and Recovery
8. Azure Security Baselines
• Improve security through tools, tracking and security features
• Security Baselines (from around 100)
o App Service
o Web Application Firewall
o API Management
o SQL Database Security
o Service bus
o Logic apps
o Storage
o Event Hub
o Event Grid
9. Takeaways
Azure Security Benchmark
• https://docs.microsoft.com/en-us/security/benchmark/azure/
Security Benchmarks Docs
• https://github.com/MicrosoftDocs/SecurityBenchmarks
Security Maturity Model
• https://www.iiconsortium.org/smm.htm
• https://www.iiconsortium.org/pdf/SMM_Description_and_Intended_Use_V1.2.pdf
Microsoft Cloud Adoption Framework for Azure (Security)
• https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/secure/
• https://github.com/microsoft/CloudAdoptionFramework