SlideShare a Scribd company logo

Azure security guidelines for developers

Ivo Andreev
Ivo Andreev

Azure security baselines and benchmarks, Security Maturity Model, Industrial Internet Consortium IIC , Certification, Web Application Firewall, API Management Service

Software
1 of 10
Download to read offline
MVP Unplugged #5 Sofia, Oct 28th 2021 Azure Security for Developers
It is Never Just the Security Tools
Security Certification (A Story) • We have own product and wish to obtain security certification badge • Contacted Microsoft officials from Nordics, Germany and US (10+ people) with a question: “Please propose an organization from your network that: Can perform audit of a platform solution in Azure Issue label/badge to verify compliance”
Typical Security Schemes • L1 – Basic security requirements (checklist self-declaration) • L2 – L1 + Security-by-Design • L3 – L2 + Static code analysis, 3rd party scanning binaries for vulnerabilities • L4 – L3 + Structured pentest from approved 3rd party lab
Internet Security at its Best
IoT Security Maturity Model • Developed by the Industrial Internet Consortium IIC (250+ companies across 30 countries, incl. Microsoft) • Guide organizations in security practices • Objectives o Foster collaboration - business stakeholders vs tech experts o Define framework for defining security target o Define performance indicators o Guiding the process of maturing • Primary Authors o Sandy Carielli - Entrust Datacard o Matthew Eble - Praetorian o Frederick Hirsch - Fujitsu o Ekaterina Rudina - Kaspersky Lab o Ron Zahavi - Microsoft Azure IoT
Azure Security Benchmark • Security Benchmark o Best practices and recommendations to help improve the security of workloads, data, and services on Azure. • Currently v2 is released o V1: https://docs.microsoft.com/en-us/security/benchmark/azure/overview-v1 o V2: https://docs.microsoft.com/en-us/security/benchmark/azure/overview • Security Controls – high level description of feature to be addressed • Security Baselines – benchmark implementation of individual AZ service o Network Security o Identity Management o Privileged Access o Data Protection o Asset Management o Logging and Threat Detection o Incident Response o Posture and Vulnerability Management o Endpoint Security o Backup and Recovery
Azure Security Baselines • Improve security through tools, tracking and security features • Security Baselines (from around 100) o App Service o Web Application Firewall o API Management o SQL Database Security o Service bus o Logic apps o Storage o Event Hub o Event Grid
Takeaways Azure Security Benchmark • https://docs.microsoft.com/en-us/security/benchmark/azure/ Security Benchmarks Docs • https://github.com/MicrosoftDocs/SecurityBenchmarks Security Maturity Model • https://www.iiconsortium.org/smm.htm • https://www.iiconsortium.org/pdf/SMM_Description_and_Intended_Use_V1.2.pdf Microsoft Cloud Adoption Framework for Azure (Security) • https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/secure/ • https://github.com/microsoft/CloudAdoptionFramework
Upcoming Events jsTalks (Bulgaria), 2021 November 19-20 http://jstalks.net/

Recommended

Azure API Management - why should I care?
Azure API Management - why should I care?Azure API Management - why should I care?
Azure API Management - why should I care?
Jouni Heikniemi
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2C
Joonas Westlin
 
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 EcosystemWSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
kanimozhin
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
Apigee | Google Cloud
 
Integration Monday - Logic App Patterns
Integration Monday - Logic App PatternsIntegration Monday - Logic App Patterns
Integration Monday - Logic App Patterns
BizTalk360
 
Secure and Optimize APIs using Azure API Management
Secure and Optimize APIs using Azure API ManagementSecure and Optimize APIs using Azure API Management
Secure and Optimize APIs using Azure API Management
BizTalk360
 
Everything you always wanted to know about API Management (but were afraid to...
Everything you always wanted to know about API Management (but were afraid to...Everything you always wanted to know about API Management (but were afraid to...
Everything you always wanted to know about API Management (but were afraid to...
Massimo Bonanni
 

Recommended

Azure API Management - why should I care?
Azure API Management - why should I care?Azure API Management - why should I care?
Azure API Management - why should I care?
Jouni Heikniemi
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2C
Joonas Westlin
 
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 EcosystemWSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
kanimozhin
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
Apigee | Google Cloud
 
Integration Monday - Logic App Patterns
Integration Monday - Logic App PatternsIntegration Monday - Logic App Patterns
Integration Monday - Logic App Patterns
BizTalk360
 
Secure and Optimize APIs using Azure API Management
Secure and Optimize APIs using Azure API ManagementSecure and Optimize APIs using Azure API Management
Secure and Optimize APIs using Azure API Management
BizTalk360
 
Everything you always wanted to know about API Management (but were afraid to...
Everything you always wanted to know about API Management (but were afraid to...Everything you always wanted to know about API Management (but were afraid to...
Everything you always wanted to know about API Management (but were afraid to...
Massimo Bonanni
 
Azure API Management Update
Azure API Management UpdateAzure API Management Update
Azure API Management Update
BizTalk360
 
Azure API Apps
Azure API AppsAzure API Apps
Azure API Apps
BizTalk360
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlOAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
Maarten Balliauw
 
Microsoft Azure Api Management
Microsoft Azure Api ManagementMicrosoft Azure Api Management
Microsoft Azure Api Management
Vinícius Batista de Souza
 
AlertSite Slideshow for the Booth at Web 2.0 Expo 2009
AlertSite Slideshow for the Booth at Web 2.0 Expo 2009AlertSite Slideshow for the Booth at Web 2.0 Expo 2009
AlertSite Slideshow for the Booth at Web 2.0 Expo 2009
AlertSite
 
Spring Boot Authentication...and More!
Spring Boot Authentication...and More! Spring Boot Authentication...and More!
Spring Boot Authentication...and More!
Stormpath
 
Azure API Management
Azure API ManagementAzure API Management
Azure API Management
jeremysbrown
 
What's Better than Microservices? Serverless Microservices.
What's Better than Microservices? Serverless Microservices.What's Better than Microservices? Serverless Microservices.
What's Better than Microservices? Serverless Microservices.
Apigee | Google Cloud
 
Azure API Management
Azure API ManagementAzure API Management
Azure API Management
Daniel Toomey
 
API Security Lifecycle
API Security LifecycleAPI Security Lifecycle
API Security Lifecycle
Apigee | Google Cloud
 
Building Resilient Microservices
Building Resilient Microservices Building Resilient Microservices
Building Resilient Microservices
IndicThreads
 
Stormpath 101: Spring Boot + Spring Security
Stormpath 101: Spring Boot + Spring SecurityStormpath 101: Spring Boot + Spring Security
Stormpath 101: Spring Boot + Spring Security
Stormpath
 
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - HMAC and http...
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - HMAC and http...I Love APIs 2015: Advanced Security Extensions in Apigee Edge - HMAC and http...
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - HMAC and http...
Apigee | Google Cloud
 
CSF18 - External Collaboration with Azure B2B - Sjoukje Zaal
CSF18 - External Collaboration with Azure B2B - Sjoukje ZaalCSF18 - External Collaboration with Azure B2B - Sjoukje Zaal
CSF18 - External Collaboration with Azure B2B - Sjoukje Zaal
NCCOMMS
 
Building a document e-signing workflow with Azure Durable Functions
Building a document e-signing workflow with Azure Durable FunctionsBuilding a document e-signing workflow with Azure Durable Functions
Building a document e-signing workflow with Azure Durable Functions
Joonas Westlin
 
O365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicO365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav Lulic
NCCOMMS
 
Azure Logic Apps
Azure Logic AppsAzure Logic Apps
Azure Logic Apps
BizTalk360
 
Gab2016 - Découverte d'Azure IoT Hub
Gab2016 - Découverte d'Azure IoT Hub Gab2016 - Découverte d'Azure IoT Hub
Gab2016 - Découverte d'Azure IoT Hub
Samir Arezki ☁
 
Api management 101
Api management 101Api management 101
Api management 101
Michael Stephenson
 
How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
Apigee | Google Cloud
 
Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...
Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...
Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...
Microsoft Tech Community
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
Denise Bailey
 

More Related Content

What's hot

OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlOAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
Maarten Balliauw
 
Spring Boot Authentication...and More!
Spring Boot Authentication...and More! Spring Boot Authentication...and More!
Spring Boot Authentication...and More!
Stormpath
 

What's hot (20)

Azure API Management Update
Azure API Management UpdateAzure API Management Update
Azure API Management Update
 
Azure API Apps
Azure API AppsAzure API Apps
Azure API Apps
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlOAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
 
Microsoft Azure Api Management
Microsoft Azure Api ManagementMicrosoft Azure Api Management
Microsoft Azure Api Management
 
AlertSite Slideshow for the Booth at Web 2.0 Expo 2009
AlertSite Slideshow for the Booth at Web 2.0 Expo 2009AlertSite Slideshow for the Booth at Web 2.0 Expo 2009
AlertSite Slideshow for the Booth at Web 2.0 Expo 2009
 
Spring Boot Authentication...and More!
Spring Boot Authentication...and More! Spring Boot Authentication...and More!
Spring Boot Authentication...and More!
 
Azure API Management
Azure API ManagementAzure API Management
Azure API Management
 
What's Better than Microservices? Serverless Microservices.
What's Better than Microservices? Serverless Microservices.What's Better than Microservices? Serverless Microservices.
What's Better than Microservices? Serverless Microservices.
 
Azure API Management
Azure API ManagementAzure API Management
Azure API Management
 
API Security Lifecycle
API Security LifecycleAPI Security Lifecycle
API Security Lifecycle
 
Building Resilient Microservices
Building Resilient Microservices Building Resilient Microservices
Building Resilient Microservices
 
Stormpath 101: Spring Boot + Spring Security
Stormpath 101: Spring Boot + Spring SecurityStormpath 101: Spring Boot + Spring Security
Stormpath 101: Spring Boot + Spring Security
 
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - HMAC and http...
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - HMAC and http...I Love APIs 2015: Advanced Security Extensions in Apigee Edge - HMAC and http...
I Love APIs 2015: Advanced Security Extensions in Apigee Edge - HMAC and http...
 
CSF18 - External Collaboration with Azure B2B - Sjoukje Zaal
CSF18 - External Collaboration with Azure B2B - Sjoukje ZaalCSF18 - External Collaboration with Azure B2B - Sjoukje Zaal
CSF18 - External Collaboration with Azure B2B - Sjoukje Zaal
 
Building a document e-signing workflow with Azure Durable Functions
Building a document e-signing workflow with Azure Durable FunctionsBuilding a document e-signing workflow with Azure Durable Functions
Building a document e-signing workflow with Azure Durable Functions
 
O365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicO365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav Lulic
 
Azure Logic Apps
Azure Logic AppsAzure Logic Apps
Azure Logic Apps
 
Gab2016 - Découverte d'Azure IoT Hub
Gab2016 - Découverte d'Azure IoT Hub Gab2016 - Découverte d'Azure IoT Hub
Gab2016 - Découverte d'Azure IoT Hub
 
Api management 101
Api management 101Api management 101
Api management 101
 
How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
 

Similar to Azure security guidelines for developers

Owasp Summit - Wednesday evening briefing master
Owasp Summit - Wednesday evening briefing masterOwasp Summit - Wednesday evening briefing master
Owasp Summit - Wednesday evening briefing master
Dinis Cruz
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slides
Steve Arnold
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
 
Build a complete security operations and compliance program using a graph dat...
Build a complete security operations and compliance program using a graph dat...Build a complete security operations and compliance program using a graph dat...
Build a complete security operations and compliance program using a graph dat...
Erkang Zheng
 

Similar to Azure security guidelines for developers (20)

Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...
Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...
Azure IoT Edge: a breakthrough platform and service running cloud intelligenc...
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
 
TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptx
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
 
Owasp Summit - Wednesday evening briefing master
Owasp Summit - Wednesday evening briefing masterOwasp Summit - Wednesday evening briefing master
Owasp Summit - Wednesday evening briefing master
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slides
 
Build Security into the Software with Sparrow
Build Security into the Software with SparrowBuild Security into the Software with Sparrow
Build Security into the Software with Sparrow
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
 
Extract Oct 2019: DSO-LG Rolling Slides
Extract Oct 2019: DSO-LG Rolling SlidesExtract Oct 2019: DSO-LG Rolling Slides
Extract Oct 2019: DSO-LG Rolling Slides
 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-security
 
Compliance with AWS
Compliance with AWSCompliance with AWS
Compliance with AWS
 
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
CloudBrew 2017 - Security + DevOps + Azure = AwesomenessCloudBrew 2017 - Security + DevOps + Azure = Awesomeness
CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
 
Build a complete security operations and compliance program using a graph dat...
Build a complete security operations and compliance program using a graph dat...Build a complete security operations and compliance program using a graph dat...
Build a complete security operations and compliance program using a graph dat...
 
Data Privacy By Design with AWS
Data Privacy By Design with AWSData Privacy By Design with AWS
Data Privacy By Design with AWS
 
Sådan implementerer du i praksis
Sådan implementerer du i praksisSådan implementerer du i praksis
Sådan implementerer du i praksis
 
Product Security
Product SecurityProduct Security
Product Security
 

More from Ivo Andreev

Cybersecurity and Generative AI - for Good and Bad vol.2
Cybersecurity and Generative AI - for Good and Bad vol.2Cybersecurity and Generative AI - for Good and Bad vol.2
Cybersecurity and Generative AI - for Good and Bad vol.2
Ivo Andreev
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and Bad
Ivo Andreev
 
How do OpenAI GPT Models Work - Misconceptions and Tips for Developers
How do OpenAI GPT Models Work - Misconceptions and Tips for DevelopersHow do OpenAI GPT Models Work - Misconceptions and Tips for Developers
How do OpenAI GPT Models Work - Misconceptions and Tips for Developers
Ivo Andreev
 
Collecting and Analysing Satellite Data with Azure Orbital
Collecting and Analysing Satellite Data with Azure OrbitalCollecting and Analysing Satellite Data with Azure Orbital
Collecting and Analysing Satellite Data with Azure Orbital
Ivo Andreev
 
Constrained Optimization with Genetic Algorithms and Project Bonsai
Constrained Optimization with Genetic Algorithms and Project BonsaiConstrained Optimization with Genetic Algorithms and Project Bonsai
Constrained Optimization with Genetic Algorithms and Project Bonsai
Ivo Andreev
 
Industrial IoT on Azure
Industrial IoT on AzureIndustrial IoT on Azure
Industrial IoT on Azure
Ivo Andreev
 
The Power of Auto ML and How Does it Work
The Power of Auto ML and How Does it WorkThe Power of Auto ML and How Does it Work
The Power of Auto ML and How Does it Work
Ivo Andreev
 

More from Ivo Andreev (20)

Cybersecurity and Generative AI - for Good and Bad vol.2
Cybersecurity and Generative AI - for Good and Bad vol.2Cybersecurity and Generative AI - for Good and Bad vol.2
Cybersecurity and Generative AI - for Good and Bad vol.2
 
Architecting AI Solutions in Azure for Business
Architecting AI Solutions in Azure for BusinessArchitecting AI Solutions in Azure for Business
Architecting AI Solutions in Azure for Business
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and Bad
 
JS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIJS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AI
 
How do OpenAI GPT Models Work - Misconceptions and Tips for Developers
How do OpenAI GPT Models Work - Misconceptions and Tips for DevelopersHow do OpenAI GPT Models Work - Misconceptions and Tips for Developers
How do OpenAI GPT Models Work - Misconceptions and Tips for Developers
 
OpenAI GPT in Depth - Questions and Misconceptions
OpenAI GPT in Depth - Questions and MisconceptionsOpenAI GPT in Depth - Questions and Misconceptions
OpenAI GPT in Depth - Questions and Misconceptions
 
Cutting Edge Computer Vision for Everyone
Cutting Edge Computer Vision for EveryoneCutting Edge Computer Vision for Everyone
Cutting Edge Computer Vision for Everyone
 
Collecting and Analysing Spaceborn Data
Collecting and Analysing Spaceborn DataCollecting and Analysing Spaceborn Data
Collecting and Analysing Spaceborn Data
 
Collecting and Analysing Satellite Data with Azure Orbital
Collecting and Analysing Satellite Data with Azure OrbitalCollecting and Analysing Satellite Data with Azure Orbital
Collecting and Analysing Satellite Data with Azure Orbital
 
Language Studio and Custom Models
Language Studio and Custom ModelsLanguage Studio and Custom Models
Language Studio and Custom Models
 
CosmosDB for IoT Scenarios
CosmosDB for IoT ScenariosCosmosDB for IoT Scenarios
CosmosDB for IoT Scenarios
 
Forecasting time series powerful and simple
Forecasting time series powerful and simpleForecasting time series powerful and simple
Forecasting time series powerful and simple
 
Constrained Optimization with Genetic Algorithms and Project Bonsai
Constrained Optimization with Genetic Algorithms and Project BonsaiConstrained Optimization with Genetic Algorithms and Project Bonsai
Constrained Optimization with Genetic Algorithms and Project Bonsai
 
Autonomous Machines with Project Bonsai
Autonomous Machines with Project BonsaiAutonomous Machines with Project Bonsai
Autonomous Machines with Project Bonsai
 
Global azure virtual 2021 - Azure Lighthouse
Global azure virtual 2021 - Azure LighthouseGlobal azure virtual 2021 - Azure Lighthouse
Global azure virtual 2021 - Azure Lighthouse
 
Flux QL - Nexgen Management of Time Series Inspired by JS
Flux QL - Nexgen Management of Time Series Inspired by JSFlux QL - Nexgen Management of Time Series Inspired by JS
Flux QL - Nexgen Management of Time Series Inspired by JS
 
Azure architecture design patterns - proven solutions to common challenges
Azure architecture design patterns - proven solutions to common challengesAzure architecture design patterns - proven solutions to common challenges
Azure architecture design patterns - proven solutions to common challenges
 
Industrial IoT on Azure
Industrial IoT on AzureIndustrial IoT on Azure
Industrial IoT on Azure
 
The Power of Auto ML and How Does it Work
The Power of Auto ML and How Does it WorkThe Power of Auto ML and How Does it Work
The Power of Auto ML and How Does it Work
 
Flying a Drone with JavaScript and Computer Vision
Flying a Drone with JavaScript and Computer VisionFlying a Drone with JavaScript and Computer Vision
Flying a Drone with JavaScript and Computer Vision
 

Recently uploaded

Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Gáspár Nagy
 
iGaming Platform & Lottery Solutions by Skilrock
iGaming Platform & Lottery Solutions by SkilrockiGaming Platform & Lottery Solutions by Skilrock
iGaming Platform & Lottery Solutions by Skilrock
Skilrock Technologies
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
Tendenci - The Open Source AMS (Association Management Software)
 
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdfMastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
mbmh111980
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar
 

Recently uploaded (20)

How to install and activate eGrabber JobGrabber
How to install and activate eGrabber JobGrabberHow to install and activate eGrabber JobGrabber
How to install and activate eGrabber JobGrabber
 
KLARNA - Language Models and Knowledge Graphs: A Systems Approach
KLARNA - Language Models and Knowledge Graphs: A Systems ApproachKLARNA - Language Models and Knowledge Graphs: A Systems Approach
KLARNA - Language Models and Knowledge Graphs: A Systems Approach
 
De mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEDe mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FME
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
Breaking the Code : A Guide to WhatsApp Business API.pdf
Breaking the Code : A Guide to WhatsApp Business API.pdfBreaking the Code : A Guide to WhatsApp Business API.pdf
Breaking the Code : A Guide to WhatsApp Business API.pdf
 
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
 
INGKA DIGITAL: Linked Metadata by Design
INGKA DIGITAL: Linked Metadata by DesignINGKA DIGITAL: Linked Metadata by Design
INGKA DIGITAL: Linked Metadata by Design
 
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
 
Advanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowAdvanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should Know
 
iGaming Platform & Lottery Solutions by Skilrock
iGaming Platform & Lottery Solutions by SkilrockiGaming Platform & Lottery Solutions by Skilrock
iGaming Platform & Lottery Solutions by Skilrock
 
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
 
AI/ML Infra Meetup | Perspective on Deep Learning Framework
AI/ML Infra Meetup | Perspective on Deep Learning FrameworkAI/ML Infra Meetup | Perspective on Deep Learning Framework
AI/ML Infra Meetup | Perspective on Deep Learning Framework
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
 
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdfMastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
 
Crafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM IntegrationCrafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM Integration
 
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...
Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...
 

Azure security guidelines for developers

  • 1. MVP Unplugged #5 Sofia, Oct 28th 2021 Azure Security for Developers
  • 2. It is Never Just the Security Tools
  • 3. Security Certification (A Story) • We have own product and wish to obtain security certification badge • Contacted Microsoft officials from Nordics, Germany and US (10+ people) with a question: “Please propose an organization from your network that: Can perform audit of a platform solution in Azure Issue label/badge to verify compliance”
  • 4. Typical Security Schemes • L1 – Basic security requirements (checklist self-declaration) • L2 – L1 + Security-by-Design • L3 – L2 + Static code analysis, 3rd party scanning binaries for vulnerabilities • L4 – L3 + Structured pentest from approved 3rd party lab
  • 6. IoT Security Maturity Model • Developed by the Industrial Internet Consortium IIC (250+ companies across 30 countries, incl. Microsoft) • Guide organizations in security practices • Objectives o Foster collaboration - business stakeholders vs tech experts o Define framework for defining security target o Define performance indicators o Guiding the process of maturing • Primary Authors o Sandy Carielli - Entrust Datacard o Matthew Eble - Praetorian o Frederick Hirsch - Fujitsu o Ekaterina Rudina - Kaspersky Lab o Ron Zahavi - Microsoft Azure IoT
  • 7. Azure Security Benchmark • Security Benchmark o Best practices and recommendations to help improve the security of workloads, data, and services on Azure. • Currently v2 is released o V1: https://docs.microsoft.com/en-us/security/benchmark/azure/overview-v1 o V2: https://docs.microsoft.com/en-us/security/benchmark/azure/overview • Security Controls – high level description of feature to be addressed • Security Baselines – benchmark implementation of individual AZ service o Network Security o Identity Management o Privileged Access o Data Protection o Asset Management o Logging and Threat Detection o Incident Response o Posture and Vulnerability Management o Endpoint Security o Backup and Recovery
  • 8. Azure Security Baselines • Improve security through tools, tracking and security features • Security Baselines (from around 100) o App Service o Web Application Firewall o API Management o SQL Database Security o Service bus o Logic apps o Storage o Event Hub o Event Grid
  • 9. Takeaways Azure Security Benchmark • https://docs.microsoft.com/en-us/security/benchmark/azure/ Security Benchmarks Docs • https://github.com/MicrosoftDocs/SecurityBenchmarks Security Maturity Model • https://www.iiconsortium.org/smm.htm • https://www.iiconsortium.org/pdf/SMM_Description_and_Intended_Use_V1.2.pdf Microsoft Cloud Adoption Framework for Azure (Security) • https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/secure/ • https://github.com/microsoft/CloudAdoptionFramework
  • 10. Upcoming Events jsTalks (Bulgaria), 2021 November 19-20 http://jstalks.net/