SlideShare a Scribd company logo

Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in the cloud

Download as PPTX, PDF
Lorenzo Barbieri
Lorenzo Barbieri

Slides from the sessions I've done at Azure Day in Rome and XeDevDay in Venice in May 2019 about Azure Security

Technology
1 of 29
#XeOneDay www.xedotnet.org lorenzo.barbieri@microsoft.com @_geniodelmale http://linkedin.com/in/geniodelmale How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud? Evento realizzato grazie al supporto di
EVERYTHING STARTS WITH A “GOOD” ARCHITECTURE Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize RG for - Dev-Test - Production
1ST STRIKE The case of disappearing resourcesAttack one! Destro y ‘em all! Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize RG for - Dev-Test - Production
MITIGATION Infrastructure as Code: • Script & Backup everything • ARM & Azure Policy PaaS safeguards: o Azure Web App Undelete o SQL Point in time Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize RG for - Dev-Test - Production
REMEDIATION Subscription role protection o RBAC Azure AD could be protected with MFA Delete Locks Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize RG for - Dev-Test - Production
2ND STRIKE The case of unexpected load Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize Attack two…o…o… oooo! $$$ $RG for - Dev-Test - Production
MITIGATION o Alert rules and monitoring o web.config based IP restriction o Functions in App Service Plan o GB*s daily quota o App Service Diagnostics Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize +web.config RG for - Dev-Test - Production
REMEDIATION o Web App Firewall/Azure Firewall/Application Gateway/3rd party o API Management o Azure DDOS Protections for VNET Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize +web.config RG for - Dev-Test - Production
3RD STRIKE The case of data and storage loss Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Attack three! I know your secrets! Photo resize +web.config RG for - Dev-Test - Production
MITIGATION o Key rotation o Least user privilege (DB) o Alert Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize +web.config RG for - Dev-Test - Production
REMEDIATION o SQL DB Firewall o VNET Storage o Managed Service Identity Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Photo resize +web.config o Handle Disconnect RG for - Dev-Test - Production
4TH STRIKE The case of being Gitted Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Fourth Attack! Keys from the octocat! Photo resize +web.config RG for - Dev-Test - Production
REMEDIATION o Move all the keys to a secure path o Use Azure Pipeline to set them before deployment o Azure Key Vault o Managed Service Identity Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Photo resize +web.config ? RG for - Dev-Test - Production
>_ SSH 5TH STRIKE The case of remote connections Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Remote Attack! Photo resize +web.config >_ SSH RG for - Dev-Test - Production
MITIGATION o Patching and security policies o Azure Security Center Not only for VMs, could check networks, App Services, Blob Storage, SQL, etc… Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Photo resize +web.config >_ SSH RG for - Dev-Test - Production
REMEDIATION o Network Security Groups o VNET Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Photo resize +web.config >_ SSH RG for - Dev-Test - Production
A BETTER ARCHITECTURE Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Photo resize +web.config RG for - Dev-Test - Production
RECAP – THE 7 GOLDEN RULES • Script everything • Backup everything • Least user privilege • Trust no one • Monitor everything • Assume cloud failure • Protect your secrets
WHAT IS DOING MICROSOFT TO SECURE AZURE? Built-in Partner Controls Unique Intelligence Secure Foundation Unique Intelligence Built in + Partner Controls
Built-in Partner Controls Unique Intelligence Secure Foundation Unique Intelligence Built in + Partner Controls SECURE FOUNDATION
Two-factor authentication with biometrics Employee & contractor vetting Metal detectors Video coverage rack front & back Inability to identify location of specific customer data Secure destruction bins Ongoing roaming patrols Video coverage Ongoing roaming patrols Front entrance gate 1 defined access point Video coverage Perimeter fencing Two-factor authentication with biometrics Video coverage No building signage 24x7x365 security operations Verified single person entry Ongoing roaming patrols Background check System check PHYSICAL DATACENTER SECURITY Access approval Perimeter Building Server environment Built-in Partner Controls Unique Intelligence Secure Foundation Unique Intelligence Built in + Partner Controls
Protect customer data Data, network segregation. DDoS protection at the edge. Platform segregation. Confidential computing. Secure hardware Custom-built hardware with integrated security and attestation Continuous testing War game exercises by Microsoft teams, vulnerability scanning & continuous monitoring CUSTOMER 2CUSTOMER 1 AZURE INFRASTRUCTURE SECURITYBuilt-in Partner Controls Unique Intelligence Secure Foundation Unique Intelligence Built in + Partner Controls
Identity & Access Apps & Data Security Network Security Threat Protection Security Management Role based access Encryption DDoS Protection Antimalware Log Management Multi-Factor Authentication Confidential Computing NG Firewall AI Based Detection and Response Security Posture Assessment Central Identity Management Key Management Web App Firewall Cloud Workload Protection Policy and governance Identity Protection Certificate Management Private Connections SQL Threat Protection Regulatory Compliance Privileged Identity Management Information Protection Network Segmentation IoT Security SIEM Built-in Partner Controls Unique Intelligence Unique Intelligence
VIRTUAL MACHINES APPLICATIONS STORAGE & DATABASES PROTECT DATA AND COMMUNICATIONS Enable built-in encryption across resources Azure Storage Service Encryption Azure Disk Encryption SQL TDE/Always Encrypted Encrypt data while in use Azure confidential computing Use delegated access to storage objects Shared Access Signature enables more granular access control Use a key management system Keep keys in a hardware HSM/don’t store key in apps/GitHub Use one Key Vault per security boundary/per app/per region Monitor/audit key usage-pipe information into SIEM for analysis/threat detection Use Key Vault to enroll and automatically renew certificates Built-in Partner Controls Unique Intelligence Unique Intelligence
Azure Security Center with advanced analytics for threat detection Virtual machines Applications Storage & databases Network PROTECT WORKLOADS AGAINST EVOLVING ATTACKS Mitigate potential vulnerabilities proactively Ensure up to date VMs with relevant security patches Enable host anti-malwareReduce surface area of attack Enable just in time access to management ports Configure Application Whitelisting to prevent malware execution Detect threats early and respond faster Use actionable alerts and incidents Interactive investigation tool and playbooks to orchestrate responses Built-in Partner Controls Unique Intelligence Unique Intelligence
TAKE A LOOK AT AZURE SECURITY CENTER Built-in Partner Controls Unique Intelligence Unique Intelligence
APP SERVICE DIAGNOSTICS • An interactive and intelligent experience for self-troubleshooting your app issues • What does that actually mean? • 🔒Diagnose and troubleshoot your app issues and learn about best practices • 🎨Use Genie to guide you through each problem category tile • 📈 Intelligent search capabilities • 🌏Straight out-of-the box, no extra configuration necessary Built-in Partner Controls Unique Intelligence Unique Intelligence
threats detected/monthBuilt-in Partner Controls Unique Intelligence Unique Intelligence Built-in Partner Controls
linkedin.com/in/geniodelmale lorenzo.barbieri@microsoft.com @_geniodelmale Thank you!!! Feedbacks are important! Tweet: @_geniodelmale #xeoneday or send me an email 

Recommended

Azure API Management: improve your existing API
Azure API Management: improve your existing APIAzure API Management: improve your existing API
Azure API Management: improve your existing API
Lorenzo Barbieri
 
The Cloud promises - Global Azure Bootcamp Paris 2019
The Cloud promises - Global Azure Bootcamp Paris 2019The Cloud promises - Global Azure Bootcamp Paris 2019
The Cloud promises - Global Azure Bootcamp Paris 2019
Alex Danvy
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Community
 
aOS Monaco 2019 - B1 - Construire son infrastructure sur Azure un jeu d'enfan...
aOS Monaco 2019 - B1 - Construire son infrastructure sur Azure un jeu d'enfan...aOS Monaco 2019 - B1 - Construire son infrastructure sur Azure un jeu d'enfan...
aOS Monaco 2019 - B1 - Construire son infrastructure sur Azure un jeu d'enfan...
aOS Community
 
Locking down word press
Locking down word pressLocking down word press
Locking down word press
Zachary Russell
 
03_Overview of Azure AI and How to Use It Today_GAB2019
03_Overview of Azure AI and How to Use It Today_GAB201903_Overview of Azure AI and How to Use It Today_GAB2019
03_Overview of Azure AI and How to Use It Today_GAB2019
Kumton Suttiraksiri
 
DevSecOps in 10 minutes
DevSecOps in 10 minutesDevSecOps in 10 minutes
DevSecOps in 10 minutes
kieranjacobsen
 
WSO2Con EU 2016: Securing APIs: How, What, Why, When
WSO2Con EU 2016: Securing APIs: How, What, Why, WhenWSO2Con EU 2016: Securing APIs: How, What, Why, When
WSO2Con EU 2016: Securing APIs: How, What, Why, When
WSO2
 

Recommended

Azure API Management: improve your existing API
Azure API Management: improve your existing APIAzure API Management: improve your existing API
Azure API Management: improve your existing API
Lorenzo Barbieri
 
The Cloud promises - Global Azure Bootcamp Paris 2019
The Cloud promises - Global Azure Bootcamp Paris 2019The Cloud promises - Global Azure Bootcamp Paris 2019
The Cloud promises - Global Azure Bootcamp Paris 2019
Alex Danvy
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Community
 
aOS Monaco 2019 - B1 - Construire son infrastructure sur Azure un jeu d'enfan...
aOS Monaco 2019 - B1 - Construire son infrastructure sur Azure un jeu d'enfan...aOS Monaco 2019 - B1 - Construire son infrastructure sur Azure un jeu d'enfan...
aOS Monaco 2019 - B1 - Construire son infrastructure sur Azure un jeu d'enfan...
aOS Community
 
Locking down word press
Locking down word pressLocking down word press
Locking down word press
Zachary Russell
 
03_Overview of Azure AI and How to Use It Today_GAB2019
03_Overview of Azure AI and How to Use It Today_GAB201903_Overview of Azure AI and How to Use It Today_GAB2019
03_Overview of Azure AI and How to Use It Today_GAB2019
Kumton Suttiraksiri
 
DevSecOps in 10 minutes
DevSecOps in 10 minutesDevSecOps in 10 minutes
DevSecOps in 10 minutes
kieranjacobsen
 
WSO2Con EU 2016: Securing APIs: How, What, Why, When
WSO2Con EU 2016: Securing APIs: How, What, Why, WhenWSO2Con EU 2016: Securing APIs: How, What, Why, When
WSO2Con EU 2016: Securing APIs: How, What, Why, When
WSO2
 
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid themUpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
Karl Ots
 
Top 18 azure security fails and how to avoid them
Top 18 azure security fails and how to avoid themTop 18 azure security fails and how to avoid them
Top 18 azure security fails and how to avoid them
Karl Ots
 
Assume breach, layered security in Azure tested and explained
Assume breach, layered security in Azure tested and explainedAssume breach, layered security in Azure tested and explained
Assume breach, layered security in Azure tested and explained
Martyn Coupland
 
DevOps in Microsoft Azure
DevOps in Microsoft Azure DevOps in Microsoft Azure
DevOps in Microsoft Azure
Mohit Chhabra
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIs
Apigee | Google Cloud
 
AWS Lambda Security Inside & Out
AWS Lambda Security Inside & OutAWS Lambda Security Inside & Out
AWS Lambda Security Inside & Out
PureSec
 
Why Protection From DDoS Attacks is Critical For Your Business
Why Protection From DDoS Attacks is Critical For Your BusinessWhy Protection From DDoS Attacks is Critical For Your Business
Why Protection From DDoS Attacks is Critical For Your Business
WP Engine
 
Azure CDN - Accelerated Availability & Performance
Azure CDN - Accelerated Availability & PerformanceAzure CDN - Accelerated Availability & Performance
Azure CDN - Accelerated Availability & Performance
BizTalk360
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the Cloud
Alert Logic
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the Cloud
Alert Logic
 
Putting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud ScalePutting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud Scale
Amazon Web Services
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web Apps
Alert Logic
 
JAWS-UG SRE支部#1 SREのプラクティスにAWSで取り組むときの悩み
JAWS-UG SRE支部#1 SREのプラクティスにAWSで取り組むときの悩みJAWS-UG SRE支部#1 SREのプラクティスにAWSで取り組むときの悩み
JAWS-UG SRE支部#1 SREのプラクティスにAWSで取り組むときの悩み
Yuki Ando
 
Global Azure Bootcamp - Azure Logic Apps in practice by Praveen Nair
Global Azure Bootcamp - Azure Logic Apps in practice by Praveen NairGlobal Azure Bootcamp - Azure Logic Apps in practice by Praveen Nair
Global Azure Bootcamp - Azure Logic Apps in practice by Praveen Nair
Praveen Nair
 
Top Azure security fails and how to avoid them
Top Azure security fails and how to avoid themTop Azure security fails and how to avoid them
Top Azure security fails and how to avoid them
Karl Ots
 
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS SecurityAWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
Amazon Web Services
 
20190522 Azure Tech Lab Build 2019 recap
20190522 Azure Tech Lab Build 2019 recap20190522 Azure Tech Lab Build 2019 recap
20190522 Azure Tech Lab Build 2019 recap
Issei Hiraoka
 
CSS17: Houston - Stories from the Security Operations Center
CSS17: Houston - Stories from the Security Operations CenterCSS17: Houston - Stories from the Security Operations Center
CSS17: Houston - Stories from the Security Operations Center
Alert Logic
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit Giri
OWASP Delhi
 
Infrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOpsInfrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOps
kieranjacobsen
 
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
Lorenzo Barbieri
 
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
Lorenzo Barbieri
 

More Related Content

What's hot

UpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid themUpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
Karl Ots
 
Top 18 azure security fails and how to avoid them
Top 18 azure security fails and how to avoid themTop 18 azure security fails and how to avoid them
Top 18 azure security fails and how to avoid them
Karl Ots
 
Assume breach, layered security in Azure tested and explained
Assume breach, layered security in Azure tested and explainedAssume breach, layered security in Azure tested and explained
Assume breach, layered security in Azure tested and explained
Martyn Coupland
 
DevOps in Microsoft Azure
DevOps in Microsoft Azure DevOps in Microsoft Azure
DevOps in Microsoft Azure
Mohit Chhabra
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIs
Apigee | Google Cloud
 
AWS Lambda Security Inside & Out
AWS Lambda Security Inside & OutAWS Lambda Security Inside & Out
AWS Lambda Security Inside & Out
PureSec
 
Why Protection From DDoS Attacks is Critical For Your Business
Why Protection From DDoS Attacks is Critical For Your BusinessWhy Protection From DDoS Attacks is Critical For Your Business
Why Protection From DDoS Attacks is Critical For Your Business
WP Engine
 
Azure CDN - Accelerated Availability & Performance
Azure CDN - Accelerated Availability & PerformanceAzure CDN - Accelerated Availability & Performance
Azure CDN - Accelerated Availability & Performance
BizTalk360
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the Cloud
Alert Logic
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the Cloud
Alert Logic
 
Putting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud ScalePutting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud Scale
Amazon Web Services
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web Apps
Alert Logic
 
JAWS-UG SRE支部#1 SREのプラクティスにAWSで取り組むときの悩み
JAWS-UG SRE支部#1 SREのプラクティスにAWSで取り組むときの悩みJAWS-UG SRE支部#1 SREのプラクティスにAWSで取り組むときの悩み
JAWS-UG SRE支部#1 SREのプラクティスにAWSで取り組むときの悩み
Yuki Ando
 
Global Azure Bootcamp - Azure Logic Apps in practice by Praveen Nair
Global Azure Bootcamp - Azure Logic Apps in practice by Praveen NairGlobal Azure Bootcamp - Azure Logic Apps in practice by Praveen Nair
Global Azure Bootcamp - Azure Logic Apps in practice by Praveen Nair
Praveen Nair
 
Top Azure security fails and how to avoid them
Top Azure security fails and how to avoid themTop Azure security fails and how to avoid them
Top Azure security fails and how to avoid them
Karl Ots
 
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS SecurityAWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
Amazon Web Services
 
20190522 Azure Tech Lab Build 2019 recap
20190522 Azure Tech Lab Build 2019 recap20190522 Azure Tech Lab Build 2019 recap
20190522 Azure Tech Lab Build 2019 recap
Issei Hiraoka
 
CSS17: Houston - Stories from the Security Operations Center
CSS17: Houston - Stories from the Security Operations CenterCSS17: Houston - Stories from the Security Operations Center
CSS17: Houston - Stories from the Security Operations Center
Alert Logic
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit Giri
OWASP Delhi
 
Infrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOpsInfrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOps
kieranjacobsen
 

What's hot (20)

UpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid themUpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
 
Top 18 azure security fails and how to avoid them
Top 18 azure security fails and how to avoid themTop 18 azure security fails and how to avoid them
Top 18 azure security fails and how to avoid them
 
Assume breach, layered security in Azure tested and explained
Assume breach, layered security in Azure tested and explainedAssume breach, layered security in Azure tested and explained
Assume breach, layered security in Azure tested and explained
 
DevOps in Microsoft Azure
DevOps in Microsoft Azure DevOps in Microsoft Azure
DevOps in Microsoft Azure
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIs
 
AWS Lambda Security Inside & Out
AWS Lambda Security Inside & OutAWS Lambda Security Inside & Out
AWS Lambda Security Inside & Out
 
Why Protection From DDoS Attacks is Critical For Your Business
Why Protection From DDoS Attacks is Critical For Your BusinessWhy Protection From DDoS Attacks is Critical For Your Business
Why Protection From DDoS Attacks is Critical For Your Business
 
Azure CDN - Accelerated Availability & Performance
Azure CDN - Accelerated Availability & PerformanceAzure CDN - Accelerated Availability & Performance
Azure CDN - Accelerated Availability & Performance
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the Cloud
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the Cloud
 
Putting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud ScalePutting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud Scale
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web Apps
 
JAWS-UG SRE支部#1 SREのプラクティスにAWSで取り組むときの悩み
JAWS-UG SRE支部#1 SREのプラクティスにAWSで取り組むときの悩みJAWS-UG SRE支部#1 SREのプラクティスにAWSで取り組むときの悩み
JAWS-UG SRE支部#1 SREのプラクティスにAWSで取り組むときの悩み
 
Global Azure Bootcamp - Azure Logic Apps in practice by Praveen Nair
Global Azure Bootcamp - Azure Logic Apps in practice by Praveen NairGlobal Azure Bootcamp - Azure Logic Apps in practice by Praveen Nair
Global Azure Bootcamp - Azure Logic Apps in practice by Praveen Nair
 
Top Azure security fails and how to avoid them
Top Azure security fails and how to avoid themTop Azure security fails and how to avoid them
Top Azure security fails and how to avoid them
 
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS SecurityAWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
 
20190522 Azure Tech Lab Build 2019 recap
20190522 Azure Tech Lab Build 2019 recap20190522 Azure Tech Lab Build 2019 recap
20190522 Azure Tech Lab Build 2019 recap
 
CSS17: Houston - Stories from the Security Operations Center
CSS17: Houston - Stories from the Security Operations CenterCSS17: Houston - Stories from the Security Operations Center
CSS17: Houston - Stories from the Security Operations Center
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit Giri
 
Infrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOpsInfrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOps
 

Similar to Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in the cloud

How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
Lorenzo Barbieri
 
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
Lorenzo Barbieri
 
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloudHow do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud
Lorenzo Barbieri
 
December 2022 Microsoft 365 Need to Know Webinar
December 2022 Microsoft 365 Need to Know WebinarDecember 2022 Microsoft 365 Need to Know Webinar
December 2022 Microsoft 365 Need to Know Webinar
Robert Crane
 
Azure: PaaS or IaaS
Azure: PaaS or IaaSAzure: PaaS or IaaS
Azure: PaaS or IaaS
Shahed Chowdhuri
 
Capture the Cloud with Azure
Capture the Cloud with AzureCapture the Cloud with Azure
Capture the Cloud with Azure
Shahed Chowdhuri
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
Peter Selch Dahl
 
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
Azure Key Vault with a PaaS Architecture and ARM Template DeploymentAzure Key Vault with a PaaS Architecture and ARM Template Deployment
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
Roy Kim
 
Keepler | Full-Stack Serverless Applications on GCP
Keepler | Full-Stack Serverless Applications on GCPKeepler | Full-Stack Serverless Applications on GCP
Keepler | Full-Stack Serverless Applications on GCP
Keepler Data Tech
 
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft Azure
K.Mohamed Faizal
 
Capture the Cloud with Azure
Capture the Cloud with AzureCapture the Cloud with Azure
Capture the Cloud with Azure
Shahed Chowdhuri
 
Microsoft Azure Platform-as-a-Service (PaaS)
Microsoft Azure Platform-as-a-Service (PaaS)Microsoft Azure Platform-as-a-Service (PaaS)
Microsoft Azure Platform-as-a-Service (PaaS)
Chris Dufour
 
Serverless architecture with Azure
Serverless architecture with AzureServerless architecture with Azure
Serverless architecture with Azure
Christos Matskas
 
DockerCon SF 2015: Faster, Cheaper, Safer
DockerCon SF 2015: Faster, Cheaper, SaferDockerCon SF 2015: Faster, Cheaper, Safer
DockerCon SF 2015: Faster, Cheaper, Safer
Docker, Inc.
 
SSAS Azure RemoteApp
SSAS Azure RemoteAppSSAS Azure RemoteApp
SSAS Azure RemoteApp
Riwut Libinuko
 
Microsoft Azure For Solutions Architects
Microsoft Azure For Solutions ArchitectsMicrosoft Azure For Solutions Architects
Microsoft Azure For Solutions Architects
Roy Kim
 
Azure presentation nnug dec 2010
Azure presentation nnug dec 2010Azure presentation nnug dec 2010
Azure presentation nnug dec 2010
Ethos Technologies
 
Azure en Nutanix: your journey to the hybrid cloud
Azure en Nutanix: your journey to the hybrid cloudAzure en Nutanix: your journey to the hybrid cloud
Azure en Nutanix: your journey to the hybrid cloud
ICT-Partners
 
Cloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 FoundationCloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 Foundation
Ammar Hasayen
 
WebApplicationArchitectureAzure.pptx
WebApplicationArchitectureAzure.pptxWebApplicationArchitectureAzure.pptx
WebApplicationArchitectureAzure.pptx
Prashanth Panduranga
 

Similar to Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in the cloud (20)

How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
 
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
 
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloudHow do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud
 
December 2022 Microsoft 365 Need to Know Webinar
December 2022 Microsoft 365 Need to Know WebinarDecember 2022 Microsoft 365 Need to Know Webinar
December 2022 Microsoft 365 Need to Know Webinar
 
Azure: PaaS or IaaS
Azure: PaaS or IaaSAzure: PaaS or IaaS
Azure: PaaS or IaaS
 
Capture the Cloud with Azure
Capture the Cloud with AzureCapture the Cloud with Azure
Capture the Cloud with Azure
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
 
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
Azure Key Vault with a PaaS Architecture and ARM Template DeploymentAzure Key Vault with a PaaS Architecture and ARM Template Deployment
Azure Key Vault with a PaaS Architecture and ARM Template Deployment
 
Keepler | Full-Stack Serverless Applications on GCP
Keepler | Full-Stack Serverless Applications on GCPKeepler | Full-Stack Serverless Applications on GCP
Keepler | Full-Stack Serverless Applications on GCP
 
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft Azure
 
Capture the Cloud with Azure
Capture the Cloud with AzureCapture the Cloud with Azure
Capture the Cloud with Azure
 
Microsoft Azure Platform-as-a-Service (PaaS)
Microsoft Azure Platform-as-a-Service (PaaS)Microsoft Azure Platform-as-a-Service (PaaS)
Microsoft Azure Platform-as-a-Service (PaaS)
 
Serverless architecture with Azure
Serverless architecture with AzureServerless architecture with Azure
Serverless architecture with Azure
 
DockerCon SF 2015: Faster, Cheaper, Safer
DockerCon SF 2015: Faster, Cheaper, SaferDockerCon SF 2015: Faster, Cheaper, Safer
DockerCon SF 2015: Faster, Cheaper, Safer
 
SSAS Azure RemoteApp
SSAS Azure RemoteAppSSAS Azure RemoteApp
SSAS Azure RemoteApp
 
Microsoft Azure For Solutions Architects
Microsoft Azure For Solutions ArchitectsMicrosoft Azure For Solutions Architects
Microsoft Azure For Solutions Architects
 
Azure presentation nnug dec 2010
Azure presentation nnug dec 2010Azure presentation nnug dec 2010
Azure presentation nnug dec 2010
 
Azure en Nutanix: your journey to the hybrid cloud
Azure en Nutanix: your journey to the hybrid cloudAzure en Nutanix: your journey to the hybrid cloud
Azure en Nutanix: your journey to the hybrid cloud
 
Cloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 FoundationCloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 Foundation
 
WebApplicationArchitectureAzure.pptx
WebApplicationArchitectureAzure.pptxWebApplicationArchitectureAzure.pptx
WebApplicationArchitectureAzure.pptx
 

More from Lorenzo Barbieri

Microsoft Ignite Milan: Copilot Adoption In Italy
Microsoft Ignite Milan: Copilot Adoption In ItalyMicrosoft Ignite Milan: Copilot Adoption In Italy
Microsoft Ignite Milan: Copilot Adoption In Italy
Lorenzo Barbieri
 
Can Santa Cloud survive the Generative AI revolution?
Can Santa Cloud survive the Generative AI revolution?Can Santa Cloud survive the Generative AI revolution?
Can Santa Cloud survive the Generative AI revolution?
Lorenzo Barbieri
 
Build and Modernize Intelligent Apps​
Build and Modernize Intelligent Apps​Build and Modernize Intelligent Apps​
Build and Modernize Intelligent Apps​
Lorenzo Barbieri
 
Develop any software from anywhere!
Develop any software from anywhere!Develop any software from anywhere!
Develop any software from anywhere!
Lorenzo Barbieri
 
Personal Branding for Developers @ PyCon Italy 2023
Personal Branding for Developers @ PyCon Italy 2023Personal Branding for Developers @ PyCon Italy 2023
Personal Branding for Developers @ PyCon Italy 2023
Lorenzo Barbieri
 
Storytelling inclusivo
Storytelling inclusivoStorytelling inclusivo
Storytelling inclusivo
Lorenzo Barbieri
 
Effective Public Speaking
Effective Public SpeakingEffective Public Speaking
Effective Public Speaking
Lorenzo Barbieri
 
GitHub for partners
GitHub for partnersGitHub for partners
GitHub for partners
Lorenzo Barbieri
 
Codemotion DevCast: App Modernization in the Cloud
Codemotion DevCast: App Modernization in the CloudCodemotion DevCast: App Modernization in the Cloud
Codemotion DevCast: App Modernization in the Cloud
Lorenzo Barbieri
 
Azure DevOps & GitHub... Better Together!
Azure DevOps & GitHub... Better Together!Azure DevOps & GitHub... Better Together!
Azure DevOps & GitHub... Better Together!
Lorenzo Barbieri
 
Azure Academyadi: Introduction to GitHub and AzureDevOps
Azure Academyadi: Introduction to GitHub and AzureDevOpsAzure Academyadi: Introduction to GitHub and AzureDevOps
Azure Academyadi: Introduction to GitHub and AzureDevOps
Lorenzo Barbieri
 
Kubernetes vs App Service
Kubernetes vs App ServiceKubernetes vs App Service
Kubernetes vs App Service
Lorenzo Barbieri
 
Practical Personal Branding for Developers
Practical Personal Branding for DevelopersPractical Personal Branding for Developers
Practical Personal Branding for Developers
Lorenzo Barbieri
 
Prepare a Short Pitch
Prepare a Short PitchPrepare a Short Pitch
Prepare a Short Pitch
Lorenzo Barbieri
 
Kubernetes for .NET Developers
Kubernetes for .NET DevelopersKubernetes for .NET Developers
Kubernetes for .NET Developers
Lorenzo Barbieri
 
Accessible Public Speaking
Accessible Public SpeakingAccessible Public Speaking
Accessible Public Speaking
Lorenzo Barbieri
 
Kubernetes VS. App Service: When the orchestrator challenges the platform
Kubernetes VS. App Service: When the orchestrator challenges the platformKubernetes VS. App Service: When the orchestrator challenges the platform
Kubernetes VS. App Service: When the orchestrator challenges the platform
Lorenzo Barbieri
 
Public Speaking For Geeks: Work from Home Edition!
Public Speaking For Geeks: Work from Home Edition!Public Speaking For Geeks: Work from Home Edition!
Public Speaking For Geeks: Work from Home Edition!
Lorenzo Barbieri
 
Public Speaking for Geeks @ MS Ignite The Tour Milan
Public Speaking for Geeks @ MS Ignite The Tour MilanPublic Speaking for Geeks @ MS Ignite The Tour Milan
Public Speaking for Geeks @ MS Ignite The Tour Milan
Lorenzo Barbieri
 
DevOps@Work Roma 2020 Keynote
DevOps@Work Roma 2020 KeynoteDevOps@Work Roma 2020 Keynote
DevOps@Work Roma 2020 Keynote
Lorenzo Barbieri
 

More from Lorenzo Barbieri (20)

Microsoft Ignite Milan: Copilot Adoption In Italy
Microsoft Ignite Milan: Copilot Adoption In ItalyMicrosoft Ignite Milan: Copilot Adoption In Italy
Microsoft Ignite Milan: Copilot Adoption In Italy
 
Can Santa Cloud survive the Generative AI revolution?
Can Santa Cloud survive the Generative AI revolution?Can Santa Cloud survive the Generative AI revolution?
Can Santa Cloud survive the Generative AI revolution?
 
Build and Modernize Intelligent Apps​
Build and Modernize Intelligent Apps​Build and Modernize Intelligent Apps​
Build and Modernize Intelligent Apps​
 
Develop any software from anywhere!
Develop any software from anywhere!Develop any software from anywhere!
Develop any software from anywhere!
 
Personal Branding for Developers @ PyCon Italy 2023
Personal Branding for Developers @ PyCon Italy 2023Personal Branding for Developers @ PyCon Italy 2023
Personal Branding for Developers @ PyCon Italy 2023
 
Storytelling inclusivo
Storytelling inclusivoStorytelling inclusivo
Storytelling inclusivo
 
Effective Public Speaking
Effective Public SpeakingEffective Public Speaking
Effective Public Speaking
 
GitHub for partners
GitHub for partnersGitHub for partners
GitHub for partners
 
Codemotion DevCast: App Modernization in the Cloud
Codemotion DevCast: App Modernization in the CloudCodemotion DevCast: App Modernization in the Cloud
Codemotion DevCast: App Modernization in the Cloud
 
Azure DevOps & GitHub... Better Together!
Azure DevOps & GitHub... Better Together!Azure DevOps & GitHub... Better Together!
Azure DevOps & GitHub... Better Together!
 
Azure Academyadi: Introduction to GitHub and AzureDevOps
Azure Academyadi: Introduction to GitHub and AzureDevOpsAzure Academyadi: Introduction to GitHub and AzureDevOps
Azure Academyadi: Introduction to GitHub and AzureDevOps
 
Kubernetes vs App Service
Kubernetes vs App ServiceKubernetes vs App Service
Kubernetes vs App Service
 
Practical Personal Branding for Developers
Practical Personal Branding for DevelopersPractical Personal Branding for Developers
Practical Personal Branding for Developers
 
Prepare a Short Pitch
Prepare a Short PitchPrepare a Short Pitch
Prepare a Short Pitch
 
Kubernetes for .NET Developers
Kubernetes for .NET DevelopersKubernetes for .NET Developers
Kubernetes for .NET Developers
 
Accessible Public Speaking
Accessible Public SpeakingAccessible Public Speaking
Accessible Public Speaking
 
Kubernetes VS. App Service: When the orchestrator challenges the platform
Kubernetes VS. App Service: When the orchestrator challenges the platformKubernetes VS. App Service: When the orchestrator challenges the platform
Kubernetes VS. App Service: When the orchestrator challenges the platform
 
Public Speaking For Geeks: Work from Home Edition!
Public Speaking For Geeks: Work from Home Edition!Public Speaking For Geeks: Work from Home Edition!
Public Speaking For Geeks: Work from Home Edition!
 
Public Speaking for Geeks @ MS Ignite The Tour Milan
Public Speaking for Geeks @ MS Ignite The Tour MilanPublic Speaking for Geeks @ MS Ignite The Tour Milan
Public Speaking for Geeks @ MS Ignite The Tour Milan
 
DevOps@Work Roma 2020 Keynote
DevOps@Work Roma 2020 KeynoteDevOps@Work Roma 2020 Keynote
DevOps@Work Roma 2020 Keynote
 

Recently uploaded

Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
FODUU
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 

Recently uploaded (20)

Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 

Azure Security: How to protect a hybrid PaaS-IaaS solution built entirely in the cloud

  • 1. #XeOneDay www.xedotnet.org lorenzo.barbieri@microsoft.com @_geniodelmale http://linkedin.com/in/geniodelmale How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud? Evento realizzato grazie al supporto di
  • 2. EVERYTHING STARTS WITH A “GOOD” ARCHITECTURE Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize RG for - Dev-Test - Production
  • 3. 1ST STRIKE The case of disappearing resourcesAttack one! Destro y ‘em all! Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize RG for - Dev-Test - Production
  • 4. MITIGATION Infrastructure as Code: • Script & Backup everything • ARM & Azure Policy PaaS safeguards: o Azure Web App Undelete o SQL Point in time Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize RG for - Dev-Test - Production
  • 5. REMEDIATION Subscription role protection o RBAC Azure AD could be protected with MFA Delete Locks Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize RG for - Dev-Test - Production
  • 6. 2ND STRIKE The case of unexpected load Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize Attack two…o…o… oooo! $$$ $RG for - Dev-Test - Production
  • 7. MITIGATION o Alert rules and monitoring o web.config based IP restriction o Functions in App Service Plan o GB*s daily quota o App Service Diagnostics Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize +web.config RG for - Dev-Test - Production
  • 8. REMEDIATION o Web App Firewall/Azure Firewall/Application Gateway/3rd party o API Management o Azure DDOS Protections for VNET Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize +web.config RG for - Dev-Test - Production
  • 9. 3RD STRIKE The case of data and storage loss Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Attack three! I know your secrets! Photo resize +web.config RG for - Dev-Test - Production
  • 10. MITIGATION o Key rotation o Least user privilege (DB) o Alert Web UI Users Photos URLs RAW Photos Thumbnails Watermarking Photo resize +web.config RG for - Dev-Test - Production
  • 11. REMEDIATION o SQL DB Firewall o VNET Storage o Managed Service Identity Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Photo resize +web.config o Handle Disconnect RG for - Dev-Test - Production
  • 12. 4TH STRIKE The case of being Gitted Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Fourth Attack! Keys from the octocat! Photo resize +web.config RG for - Dev-Test - Production
  • 13. REMEDIATION o Move all the keys to a secure path o Use Azure Pipeline to set them before deployment o Azure Key Vault o Managed Service Identity Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Photo resize +web.config ? RG for - Dev-Test - Production
  • 14. >_ SSH 5TH STRIKE The case of remote connections Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Remote Attack! Photo resize +web.config >_ SSH RG for - Dev-Test - Production
  • 15. MITIGATION o Patching and security policies o Azure Security Center Not only for VMs, could check networks, App Services, Blob Storage, SQL, etc… Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Photo resize +web.config >_ SSH RG for - Dev-Test - Production
  • 16. REMEDIATION o Network Security Groups o VNET Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Photo resize +web.config >_ SSH RG for - Dev-Test - Production
  • 17. A BETTER ARCHITECTURE Web UI Users Photos URLs +SQL DB Firewall RAW Photos Thumbnails Watermarking Photo resize +web.config RG for - Dev-Test - Production
  • 18. RECAP – THE 7 GOLDEN RULES • Script everything • Backup everything • Least user privilege • Trust no one • Monitor everything • Assume cloud failure • Protect your secrets
  • 19. WHAT IS DOING MICROSOFT TO SECURE AZURE? Built-in Partner Controls Unique Intelligence Secure Foundation Unique Intelligence Built in + Partner Controls
  • 20. Built-in Partner Controls Unique Intelligence Secure Foundation Unique Intelligence Built in + Partner Controls SECURE FOUNDATION
  • 21. Two-factor authentication with biometrics Employee & contractor vetting Metal detectors Video coverage rack front & back Inability to identify location of specific customer data Secure destruction bins Ongoing roaming patrols Video coverage Ongoing roaming patrols Front entrance gate 1 defined access point Video coverage Perimeter fencing Two-factor authentication with biometrics Video coverage No building signage 24x7x365 security operations Verified single person entry Ongoing roaming patrols Background check System check PHYSICAL DATACENTER SECURITY Access approval Perimeter Building Server environment Built-in Partner Controls Unique Intelligence Secure Foundation Unique Intelligence Built in + Partner Controls
  • 22. Protect customer data Data, network segregation. DDoS protection at the edge. Platform segregation. Confidential computing. Secure hardware Custom-built hardware with integrated security and attestation Continuous testing War game exercises by Microsoft teams, vulnerability scanning & continuous monitoring CUSTOMER 2CUSTOMER 1 AZURE INFRASTRUCTURE SECURITYBuilt-in Partner Controls Unique Intelligence Secure Foundation Unique Intelligence Built in + Partner Controls
  • 23. Identity & Access Apps & Data Security Network Security Threat Protection Security Management Role based access Encryption DDoS Protection Antimalware Log Management Multi-Factor Authentication Confidential Computing NG Firewall AI Based Detection and Response Security Posture Assessment Central Identity Management Key Management Web App Firewall Cloud Workload Protection Policy and governance Identity Protection Certificate Management Private Connections SQL Threat Protection Regulatory Compliance Privileged Identity Management Information Protection Network Segmentation IoT Security SIEM Built-in Partner Controls Unique Intelligence Unique Intelligence
  • 24. VIRTUAL MACHINES APPLICATIONS STORAGE & DATABASES PROTECT DATA AND COMMUNICATIONS Enable built-in encryption across resources Azure Storage Service Encryption Azure Disk Encryption SQL TDE/Always Encrypted Encrypt data while in use Azure confidential computing Use delegated access to storage objects Shared Access Signature enables more granular access control Use a key management system Keep keys in a hardware HSM/don’t store key in apps/GitHub Use one Key Vault per security boundary/per app/per region Monitor/audit key usage-pipe information into SIEM for analysis/threat detection Use Key Vault to enroll and automatically renew certificates Built-in Partner Controls Unique Intelligence Unique Intelligence
  • 25. Azure Security Center with advanced analytics for threat detection Virtual machines Applications Storage & databases Network PROTECT WORKLOADS AGAINST EVOLVING ATTACKS Mitigate potential vulnerabilities proactively Ensure up to date VMs with relevant security patches Enable host anti-malwareReduce surface area of attack Enable just in time access to management ports Configure Application Whitelisting to prevent malware execution Detect threats early and respond faster Use actionable alerts and incidents Interactive investigation tool and playbooks to orchestrate responses Built-in Partner Controls Unique Intelligence Unique Intelligence
  • 26. TAKE A LOOK AT AZURE SECURITY CENTER Built-in Partner Controls Unique Intelligence Unique Intelligence
  • 27. APP SERVICE DIAGNOSTICS • An interactive and intelligent experience for self-troubleshooting your app issues • What does that actually mean? • 🔒Diagnose and troubleshoot your app issues and learn about best practices • 🎨Use Genie to guide you through each problem category tile • 📈 Intelligent search capabilities • 🌏Straight out-of-the box, no extra configuration necessary Built-in Partner Controls Unique Intelligence Unique Intelligence
  • 28. threats detected/monthBuilt-in Partner Controls Unique Intelligence Unique Intelligence Built-in Partner Controls
  • 29. linkedin.com/in/geniodelmale lorenzo.barbieri@microsoft.com @_geniodelmale Thank you!!! Feedbacks are important! Tweet: @_geniodelmale #xeoneday or send me an email 

Editor's Notes

  1. 24
  2. 25