SlideShare a Scribd company logo

Building an Enterprise-Grade Azure Governance Model

Karl Ots
Karl Ots

This document summarizes Karl Ots's presentation on building an enterprise-grade Azure governance model. The presentation covers key decisions for an Azure governance model including subscription structure, organization-wide controls, user access management, and the Azure provisioning process. It also discusses the roles of governance and cloud strategy. Specific technical implementations of governance controls like Azure Policy, role-based access control, and shared networking services are described.

Technology
1 of 39
Download to read offline
@fincooper Building an Enterprise-Grade Azure Governance Model Karl Ots, Zure Ltd 13.12.2019
@fincooper
@fincooper Karl Ots Chief Consulting Officer karl.ots@zure.com • Cloud & cybersecurity expert from Finland • Community leader, speaker, author & patented inventor • Working on Azure since 2011 • Helped to secure 100+ Azure applications, from startups to Fortune 500 enterprises • zure.ly/karl
@fincooper What to expect in this session • The technical fundamentals of building a comprehensive Azure Governance model. • After this session, you should have a better understanding of Azure governance best practices and in-house team roles & responsibilities. • You should also have an overview of the technical implementation of governance controls.
@fincooper Why cloud Governance? • When proper cloud governance model is followed, you can ensure your teams are operating in a secure and compliant Azure environment during design, development and operations. • Cloud governance complements your cloud strategy. • Cloud strategy provides a decision framework to determine how you will use cloud technologies.
@fincooper The role of Governance • Cloud Strategy • New apps predominantly from SaaS, custom apps on top of PaaS? • What to do with existing apps in onprem? EOL, IaaS or as-is? • Governance model • Policies • Security policies • Development policies • Guidelines • Implementation guideline • Reference architecture
@fincooper
@fincooper Key Governance decisions • Subscription model • Organization-wide governance controls • User access management • Azure provisioning process
@fincooper Key Governance decisions • Subscription model • Organization-wide governance controls • User access management • Azure provisioning process
@fincooper Subscription setup Subscription Account Department Enterprise Enrolment Organization Department Account Sandbox (MSDN) Shared Services Production Test Dev
@fincooper Key Governance decisions • Subscription model • Organization-wide governance controls • User access management • Azure provisioning process
@fincooper Organization-wide governance • Baseline governance controls that are common across the whole organization. • These controls might include: • Geopolicy (allowed Azure regions) • Mandatory tagging • Central user accounts • Shared services, such as network, integrations, data lake and monitoring
@fincooper Azure Policy • Policies are used for maintaining consistency and enforcing the governance model. • Policies are a core governance capability and provide ability create defined organizational controls on Azure resources which restrict, enforce or audit certain actions. Policy types are: • Deny • Audit • DeployIfNotExists • AuditIfNotExists
@fincooper Geopolicy controls • Explicitly control geographic placement of your Azure Resources according to your sovereignty, security, compliance or latency policies
@fincooper RBAC and policies Role Based Access Control (RBAC) Controls what actions a user may take on Azure resources Azure Policies Controls what actions may be taken at a given scope
@fincooper Azure Policy CRUD Azure Resource Manager Query Role-based Access Policy Definitions Resource Manager Templates Management Groups Subscriptions Resource Groups
@fincooper
@fincooper Shared services - networking • Virtual networks enable connectivity across Azure, the internet and the on- premises network. Each VNET is isolated from other VNETs by default. • VNETs can be peered to each other, enabling resources in VNETs to communicate with each other.
@fincooper Hub virtual network Gateway subnet ER / S2S NSG Management subnet NSG NVA DMZ subnet vnet peering On-premises network Gateway Workload subnet Spoke 1 virtual network vnet peering NSG Workload subnet Spoke 2 virtual network NSG
@fincooper Shared services - networking • How will developers get access to shared VNET? Time to market Control and responsibilities RBAC in the subnet (child resource) scope Fast Developer Pre-provisioned NICs Medium Centralized cloud operations Process outside native Azure capabilities Slow Centralized operations
@fincooper Hub virtual network Gateway subnet ER / S2S NSG Management subnet NSG NVA DMZ subnet vnet peering On-premises network Gateway Workload subnet Spoke 1 virtual network vnet peering NSG Workload subnet Spoke 2 virtual network NSG Hub RG Spoke 1 Vnet RG Spoke 2 Vnet RG
@fincooper
@fincooper Shared services – API Management • How will you manage access to publish new APIs and versions? • How will you split costs? • How about networking & integrations?
@fincooper Key Governance decisions • Subscription model • Organization-wide governance controls • User access management • Azure provisioning process
@fincooper Azure access in projects RBAC Role Scope Access level and risks Recommendation Owner Resource Group Access to create new resources and to delete resources from the Resource Group. Can assign access to Resource Group. Users should have an account in customer’s Azure Active Directory. In case of external partners, the account should be provisioned per standard customer’s policies for external accounts. This is the highest appropriate role when developing new services. Contributor Resource Group Access to create new resources and to delete resources from the Resource Group. Users should have an account in customer’s Azure Active Directory. In case of external partners, the account should be provisioned per standard customer’s policies for external accounts. This is the appropriate partner RBAC role when developing new services. Contributor Individual Resource(s) directly Access to edit and modify resource. No access to create new resources. Appropriate partner RBAC role when partner is responsible for operating and managing the service.
@fincooper Key Governance decisions • Subscription model • Organization-wide governance controls • User access management • Azure provisioning process
@fincooper Azure environment provisioning process 1. Azure request 2. Request approval 3. Environment provisioning 4. Environment handover 5. Operational Azure usage, monitoring, billing 6. End-of-life process
@fincooper Provisioning – input needed • Information needed to complete the request to provision Azure environment • Application business owner / internal cost center • User accounts that need access • Expected annual Azure cost • Privacy / data classification
@fincooper Provisioning – key decisions • Lifecycle of RBAC assignments • Assigning access to a group or individual user • If group, is it cloud-only or synced from on-premises • Links to existing IDP process
@fincooper RBAC lifecycle examples
@fincooper RBAC lifecycle examples
@fincooper
@fincooper
@fincooper Provisioning – key decisions • Lifecycle of RBAC assignments • Assigning access to a group or individual user • If group, is it cloud-only or synced from on-premises • Links to existing IDP process • Enforced policies • Tagging • Service catalogue • Other application-specific policies
@fincooper Key Governance decisions • Subscription model • Organization-wide governance controls • User access management • Azure provisioning process
@fincooper48 Governance Key Takeways • Governance earlier than later • Don’t forget to implement, maintain and audit • Understand RBAC • Plan Subscription model • Plan org-wide governance, such as Locks and Policies • Understand Application lifecycle principles
@fincooper Materials Frame the conversation to mitigate tangible business risks through consistent governance Framework1 Assess current and future state to establish a vision for applying the framework Assess2 Establish a minimally viable product (MVP) to serve as a foundation for governance MVP3 Mature with each release to align cloud adoption with existing IT functions Evolve4 https://aka.ms/CAF/govern https://aka.ms/CAF/gov/Assess https://aka.ms/CAF/gov/MVP https://aka.ms/CAF/gov/journey My slides: zure.ly/karl/slides
@fincooper
Building an Enterprise-Grade Azure Governance Model

Recommended

Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Azure Governance
Azure GovernanceAzure Governance
Azure Governance
Benjamin Hüpeden
 
Stephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsStephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environments
MSDEVMTL
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
Allen Brokken
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy
☁ Hicham KADIRI ☁
 
Security Best Practices on AWS
Security Best Practices on AWSSecurity Best Practices on AWS
Security Best Practices on AWS
Amazon Web Services
 
Azure WAF
Azure WAFAzure WAF
Azure WAF
Cheah Eng Soon
 

Recommended

Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Azure Governance
Azure GovernanceAzure Governance
Azure Governance
Benjamin Hüpeden
 
Stephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environmentsStephane Lapointe: Governance in Azure, keep control of your environments
Stephane Lapointe: Governance in Azure, keep control of your environments
MSDEVMTL
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
Allen Brokken
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy[Azure Governance] Lesson 4 : Azure Policy
[Azure Governance] Lesson 4 : Azure Policy
☁ Hicham KADIRI ☁
 
Security Best Practices on AWS
Security Best Practices on AWSSecurity Best Practices on AWS
Security Best Practices on AWS
Amazon Web Services
 
Azure WAF
Azure WAFAzure WAF
Azure WAF
Cheah Eng Soon
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
Alert Logic
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
Amazon Web Services
 
Azure key vault
Azure key vaultAzure key vault
Azure key vault
Rahul Nath
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
Kasun Rajapakse
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standard
arnaudlh
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access management
Dinusha Kumarasiri
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architecture
Karl Ots
 
Azure role based access control (rbac)
Azure role based access control (rbac)Azure role based access control (rbac)
Azure role based access control (rbac)
Srikanth Kappagantula
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Crishantha Nanayakkara
 
Azure governance
Azure governanceAzure governance
Azure governance
girish goudar
 
Mastering Azure Monitor
Mastering Azure MonitorMastering Azure Monitor
Mastering Azure Monitor
Richard Conway
 
Azure governance v4.0
Azure governance v4.0Azure governance v4.0
Azure governance v4.0
Marcos Oikawa
 
Govern your Azure environment through Azure Policy
Govern your Azure environment through Azure PolicyGovern your Azure environment through Azure Policy
Govern your Azure environment through Azure Policy
Microsoft Tech Community
 
Aws landing zone
Aws landing zoneAws landing zone
Aws landing zone
Igor Ivanovic
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to Azure
Robert Crane
 
Azure Migrate
Azure MigrateAzure Migrate
Azure Migrate
Mustafa
 
Windows Azure Virtual Machines
Windows Azure Virtual MachinesWindows Azure Virtual Machines
Windows Azure Virtual Machines
Clint Edmonson
 
Techorama Belgium 2019 - Building an Azure Governance model for the Enterprise
Techorama Belgium 2019 - Building an Azure Governance model for the EnterpriseTechorama Belgium 2019 - Building an Azure Governance model for the Enterprise
Techorama Belgium 2019 - Building an Azure Governance model for the Enterprise
Karl Ots
 
TechDays Finland 2020: Azuren tietoturva haltuun!
TechDays Finland 2020: Azuren tietoturva haltuun!TechDays Finland 2020: Azuren tietoturva haltuun!
TechDays Finland 2020: Azuren tietoturva haltuun!
Karl Ots
 

More Related Content

What's hot

Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
Alert Logic
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
Amazon Web Services
 
Azure key vault
Azure key vaultAzure key vault
Azure key vault
Rahul Nath
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
Kasun Rajapakse
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standard
arnaudlh
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access management
Dinusha Kumarasiri
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architecture
Karl Ots
 
Azure role based access control (rbac)
Azure role based access control (rbac)Azure role based access control (rbac)
Azure role based access control (rbac)
Srikanth Kappagantula
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Crishantha Nanayakkara
 
Azure governance
Azure governanceAzure governance
Azure governance
girish goudar
 
Mastering Azure Monitor
Mastering Azure MonitorMastering Azure Monitor
Mastering Azure Monitor
Richard Conway
 
Azure governance v4.0
Azure governance v4.0Azure governance v4.0
Azure governance v4.0
Marcos Oikawa
 
Govern your Azure environment through Azure Policy
Govern your Azure environment through Azure PolicyGovern your Azure environment through Azure Policy
Govern your Azure environment through Azure Policy
Microsoft Tech Community
 
Aws landing zone
Aws landing zoneAws landing zone
Aws landing zone
Igor Ivanovic
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to Azure
Robert Crane
 
Azure Migrate
Azure MigrateAzure Migrate
Azure Migrate
Mustafa
 
Windows Azure Virtual Machines
Windows Azure Virtual MachinesWindows Azure Virtual Machines
Windows Azure Virtual Machines
Clint Edmonson
 

What's hot (20)

Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
Azure key vault
Azure key vaultAzure key vault
Azure key vault
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
 
Azure DDoS Protection Standard
Azure DDoS Protection StandardAzure DDoS Protection Standard
Azure DDoS Protection Standard
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access management
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architecture
 
Azure role based access control (rbac)
Azure role based access control (rbac)Azure role based access control (rbac)
Azure role based access control (rbac)
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
Azure governance
Azure governanceAzure governance
Azure governance
 
Mastering Azure Monitor
Mastering Azure MonitorMastering Azure Monitor
Mastering Azure Monitor
 
Azure governance v4.0
Azure governance v4.0Azure governance v4.0
Azure governance v4.0
 
Govern your Azure environment through Azure Policy
Govern your Azure environment through Azure PolicyGovern your Azure environment through Azure Policy
Govern your Azure environment through Azure Policy
 
Aws landing zone
Aws landing zoneAws landing zone
Aws landing zone
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to Azure
 
Azure Migrate
Azure MigrateAzure Migrate
Azure Migrate
 
Windows Azure Virtual Machines
Windows Azure Virtual MachinesWindows Azure Virtual Machines
Windows Azure Virtual Machines
 

Similar to Building an Enterprise-Grade Azure Governance Model

Techorama Belgium 2019 - Building an Azure Governance model for the Enterprise
Techorama Belgium 2019 - Building an Azure Governance model for the EnterpriseTechorama Belgium 2019 - Building an Azure Governance model for the Enterprise
Techorama Belgium 2019 - Building an Azure Governance model for the Enterprise
Karl Ots
 
TechDays Finland 2020: Azuren tietoturva haltuun!
TechDays Finland 2020: Azuren tietoturva haltuun!TechDays Finland 2020: Azuren tietoturva haltuun!
TechDays Finland 2020: Azuren tietoturva haltuun!
Karl Ots
 
AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...
AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...
AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...
Amazon Web Services
 
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance ConversationMicrosoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
Nicholas Vossburg
 
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure CloudCloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
Predica Group
 
Em13c New Features- Two of Two
Em13c New Features- Two of TwoEm13c New Features- Two of Two
Em13c New Features- Two of Two
Kellyn Pot'Vin-Gorman
 
IT Camp 19: Top Azure security fails and how to avoid them
IT Camp 19: Top Azure security fails and how to avoid themIT Camp 19: Top Azure security fails and how to avoid them
IT Camp 19: Top Azure security fails and how to avoid them
Karl Ots
 
DevSum - Top Azure security fails and how to avoid them
DevSum - Top Azure security fails and how to avoid themDevSum - Top Azure security fails and how to avoid them
DevSum - Top Azure security fails and how to avoid them
Karl Ots
 
IglooConf 2019 Secure your Azure applications like a pro
IglooConf 2019 Secure your Azure applications like a proIglooConf 2019 Secure your Azure applications like a pro
IglooConf 2019 Secure your Azure applications like a pro
Karl Ots
 
Introducing Azure Arc
Introducing Azure ArcIntroducing Azure Arc
Introducing Azure Arc
Mohamed Wali
 
PayPal Decision Management Architecture
PayPal Decision Management ArchitecturePayPal Decision Management Architecture
PayPal Decision Management ArchitecturePradeep Ballal
 
Techorama Belgium 2019: top Azure security fails and how to avoid them
Techorama Belgium 2019: top Azure security fails and how to avoid themTechorama Belgium 2019: top Azure security fails and how to avoid them
Techorama Belgium 2019: top Azure security fails and how to avoid them
Karl Ots
 
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Amazon Web Services
 
Automated Security & Continuous Compliance on Microsoft Azure
Automated Security & Continuous Compliance on Microsoft AzureAutomated Security & Continuous Compliance on Microsoft Azure
Automated Security & Continuous Compliance on Microsoft Azure
2nd Watch
 
Interop ITX: Moving applications: From Legacy to Cloud-to-Cloud
Interop ITX: Moving applications: From Legacy to Cloud-to-CloudInterop ITX: Moving applications: From Legacy to Cloud-to-Cloud
Interop ITX: Moving applications: From Legacy to Cloud-to-Cloud
Susan Wu
 
Baby-Stepping Into the Cloud with Hybrid Workloads
Baby-Stepping Into the Cloud with Hybrid WorkloadsBaby-Stepping Into the Cloud with Hybrid Workloads
Baby-Stepping Into the Cloud with Hybrid Workloads
Christian Buckley
 
Hybrid SharePoint Solutions for the Business Decision-Maker
Hybrid SharePoint Solutions for the Business Decision-MakerHybrid SharePoint Solutions for the Business Decision-Maker
Hybrid SharePoint Solutions for the Business Decision-Maker
Christian Buckley
 
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid themUpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
Karl Ots
 
Cost Control Across Cloud, On-Premise and VM Computers by Mark Lavi, Calm.io
Cost Control Across Cloud, On-Premise and VM Computers by Mark Lavi, Calm.ioCost Control Across Cloud, On-Premise and VM Computers by Mark Lavi, Calm.io
Cost Control Across Cloud, On-Premise and VM Computers by Mark Lavi, Calm.io
Docker, Inc.
 
Azure Governance for Enterprise
Azure Governance for EnterpriseAzure Governance for Enterprise
Azure Governance for Enterprise
Mohit Chhabra
 

Similar to Building an Enterprise-Grade Azure Governance Model (20)

Techorama Belgium 2019 - Building an Azure Governance model for the Enterprise
Techorama Belgium 2019 - Building an Azure Governance model for the EnterpriseTechorama Belgium 2019 - Building an Azure Governance model for the Enterprise
Techorama Belgium 2019 - Building an Azure Governance model for the Enterprise
 
TechDays Finland 2020: Azuren tietoturva haltuun!
TechDays Finland 2020: Azuren tietoturva haltuun!TechDays Finland 2020: Azuren tietoturva haltuun!
TechDays Finland 2020: Azuren tietoturva haltuun!
 
AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...
AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...
AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...
 
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance ConversationMicrosoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
 
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure CloudCloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
 
Em13c New Features- Two of Two
Em13c New Features- Two of TwoEm13c New Features- Two of Two
Em13c New Features- Two of Two
 
IT Camp 19: Top Azure security fails and how to avoid them
IT Camp 19: Top Azure security fails and how to avoid themIT Camp 19: Top Azure security fails and how to avoid them
IT Camp 19: Top Azure security fails and how to avoid them
 
DevSum - Top Azure security fails and how to avoid them
DevSum - Top Azure security fails and how to avoid themDevSum - Top Azure security fails and how to avoid them
DevSum - Top Azure security fails and how to avoid them
 
IglooConf 2019 Secure your Azure applications like a pro
IglooConf 2019 Secure your Azure applications like a proIglooConf 2019 Secure your Azure applications like a pro
IglooConf 2019 Secure your Azure applications like a pro
 
Introducing Azure Arc
Introducing Azure ArcIntroducing Azure Arc
Introducing Azure Arc
 
PayPal Decision Management Architecture
PayPal Decision Management ArchitecturePayPal Decision Management Architecture
PayPal Decision Management Architecture
 
Techorama Belgium 2019: top Azure security fails and how to avoid them
Techorama Belgium 2019: top Azure security fails and how to avoid themTechorama Belgium 2019: top Azure security fails and how to avoid them
Techorama Belgium 2019: top Azure security fails and how to avoid them
 
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
 
Automated Security & Continuous Compliance on Microsoft Azure
Automated Security & Continuous Compliance on Microsoft AzureAutomated Security & Continuous Compliance on Microsoft Azure
Automated Security & Continuous Compliance on Microsoft Azure
 
Interop ITX: Moving applications: From Legacy to Cloud-to-Cloud
Interop ITX: Moving applications: From Legacy to Cloud-to-CloudInterop ITX: Moving applications: From Legacy to Cloud-to-Cloud
Interop ITX: Moving applications: From Legacy to Cloud-to-Cloud
 
Baby-Stepping Into the Cloud with Hybrid Workloads
Baby-Stepping Into the Cloud with Hybrid WorkloadsBaby-Stepping Into the Cloud with Hybrid Workloads
Baby-Stepping Into the Cloud with Hybrid Workloads
 
Hybrid SharePoint Solutions for the Business Decision-Maker
Hybrid SharePoint Solutions for the Business Decision-MakerHybrid SharePoint Solutions for the Business Decision-Maker
Hybrid SharePoint Solutions for the Business Decision-Maker
 
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid themUpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
 
Cost Control Across Cloud, On-Premise and VM Computers by Mark Lavi, Calm.io
Cost Control Across Cloud, On-Premise and VM Computers by Mark Lavi, Calm.ioCost Control Across Cloud, On-Premise and VM Computers by Mark Lavi, Calm.io
Cost Control Across Cloud, On-Premise and VM Computers by Mark Lavi, Calm.io
 
Azure Governance for Enterprise
Azure Governance for EnterpriseAzure Governance for Enterprise
Azure Governance for Enterprise
 

More from Karl Ots

TechDays Finland 2020: Best practices of securing web applications running on...
TechDays Finland 2020: Best practices of securing web applications running on...TechDays Finland 2020: Best practices of securing web applications running on...
TechDays Finland 2020: Best practices of securing web applications running on...
Karl Ots
 
IglooConf 2020: Best practices of securing web applications running on Azure ...
IglooConf 2020: Best practices of securing web applications running on Azure ...IglooConf 2020: Best practices of securing web applications running on Azure ...
IglooConf 2020: Best practices of securing web applications running on Azure ...
Karl Ots
 
CloudBurst Malmö: Best practices of securing web applications running on Azur...
CloudBurst Malmö: Best practices of securing web applications running on Azur...CloudBurst Malmö: Best practices of securing web applications running on Azur...
CloudBurst Malmö: Best practices of securing web applications running on Azur...
Karl Ots
 
FAUG Jyväskylä 28.5.2019 - Azure Monitoring
FAUG Jyväskylä 28.5.2019 - Azure MonitoringFAUG Jyväskylä 28.5.2019 - Azure Monitoring
FAUG Jyväskylä 28.5.2019 - Azure Monitoring
Karl Ots
 
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
Karl Ots
 
Azure Low Lands 2018: Monitoring real life Azure applications when to use wha...
Azure Low Lands 2018: Monitoring real life Azure applications when to use wha...Azure Low Lands 2018: Monitoring real life Azure applications when to use wha...
Azure Low Lands 2018: Monitoring real life Azure applications when to use wha...
Karl Ots
 
UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...
UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...
UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...
Karl Ots
 
Top Azure security fails and how to avoid them
Top Azure security fails and how to avoid themTop Azure security fails and how to avoid them
Top Azure security fails and how to avoid them
Karl Ots
 
Top 18 azure security fails and how to avoid them
Top 18 azure security fails and how to avoid themTop 18 azure security fails and how to avoid them
Top 18 azure security fails and how to avoid them
Karl Ots
 
FAUG #9: Azure security architecture and stories from the trenches
FAUG #9: Azure security architecture and stories from the trenchesFAUG #9: Azure security architecture and stories from the trenches
FAUG #9: Azure security architecture and stories from the trenches
Karl Ots
 
Monitoring real-life Azure applications: When to use what and why
Monitoring real-life Azure applications: When to use what and whyMonitoring real-life Azure applications: When to use what and why
Monitoring real-life Azure applications: When to use what and why
Karl Ots
 
Azure Saturday: Security + DevOps + Azure = Awesomeness
Azure Saturday: Security + DevOps + Azure = AwesomenessAzure Saturday: Security + DevOps + Azure = Awesomeness
Azure Saturday: Security + DevOps + Azure = Awesomeness
Karl Ots
 
Navigating in the sea of containers in azure when to choose which service and...
Navigating in the sea of containers in azure when to choose which service and...Navigating in the sea of containers in azure when to choose which service and...
Navigating in the sea of containers in azure when to choose which service and...
Karl Ots
 
Kubernetes in Azure
Kubernetes in AzureKubernetes in Azure
Kubernetes in Azure
Karl Ots
 
Azure security architecture / FAUG JKL 15.2.2018
Azure security architecture / FAUG JKL 15.2.2018Azure security architecture / FAUG JKL 15.2.2018
Azure security architecture / FAUG JKL 15.2.2018
Karl Ots
 
Securing Azure Infrastructure
Securing Azure InfrastructureSecuring Azure Infrastructure
Securing Azure Infrastructure
Karl Ots
 
CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
CloudBrew 2017 - Security + DevOps + Azure = AwesomenessCloudBrew 2017 - Security + DevOps + Azure = Awesomeness
CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
Karl Ots
 
Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
Karl Ots
 
Building globally scalable media solutions with Azure Media Services part 2
Building globally scalable media solutions with Azure Media Services part 2Building globally scalable media solutions with Azure Media Services part 2
Building globally scalable media solutions with Azure Media Services part 2
Karl Ots
 
Security + DevOps + Azure = Awesomeness
Security + DevOps + Azure = AwesomenessSecurity + DevOps + Azure = Awesomeness
Security + DevOps + Azure = Awesomeness
Karl Ots
 

More from Karl Ots (20)

TechDays Finland 2020: Best practices of securing web applications running on...
TechDays Finland 2020: Best practices of securing web applications running on...TechDays Finland 2020: Best practices of securing web applications running on...
TechDays Finland 2020: Best practices of securing web applications running on...
 
IglooConf 2020: Best practices of securing web applications running on Azure ...
IglooConf 2020: Best practices of securing web applications running on Azure ...IglooConf 2020: Best practices of securing web applications running on Azure ...
IglooConf 2020: Best practices of securing web applications running on Azure ...
 
CloudBurst Malmö: Best practices of securing web applications running on Azur...
CloudBurst Malmö: Best practices of securing web applications running on Azur...CloudBurst Malmö: Best practices of securing web applications running on Azur...
CloudBurst Malmö: Best practices of securing web applications running on Azur...
 
FAUG Jyväskylä 28.5.2019 - Azure Monitoring
FAUG Jyväskylä 28.5.2019 - Azure MonitoringFAUG Jyväskylä 28.5.2019 - Azure Monitoring
FAUG Jyväskylä 28.5.2019 - Azure Monitoring
 
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
 
Azure Low Lands 2018: Monitoring real life Azure applications when to use wha...
Azure Low Lands 2018: Monitoring real life Azure applications when to use wha...Azure Low Lands 2018: Monitoring real life Azure applications when to use wha...
Azure Low Lands 2018: Monitoring real life Azure applications when to use wha...
 
UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...
UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...
UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...
 
Top Azure security fails and how to avoid them
Top Azure security fails and how to avoid themTop Azure security fails and how to avoid them
Top Azure security fails and how to avoid them
 
Top 18 azure security fails and how to avoid them
Top 18 azure security fails and how to avoid themTop 18 azure security fails and how to avoid them
Top 18 azure security fails and how to avoid them
 
FAUG #9: Azure security architecture and stories from the trenches
FAUG #9: Azure security architecture and stories from the trenchesFAUG #9: Azure security architecture and stories from the trenches
FAUG #9: Azure security architecture and stories from the trenches
 
Monitoring real-life Azure applications: When to use what and why
Monitoring real-life Azure applications: When to use what and whyMonitoring real-life Azure applications: When to use what and why
Monitoring real-life Azure applications: When to use what and why
 
Azure Saturday: Security + DevOps + Azure = Awesomeness
Azure Saturday: Security + DevOps + Azure = AwesomenessAzure Saturday: Security + DevOps + Azure = Awesomeness
Azure Saturday: Security + DevOps + Azure = Awesomeness
 
Navigating in the sea of containers in azure when to choose which service and...
Navigating in the sea of containers in azure when to choose which service and...Navigating in the sea of containers in azure when to choose which service and...
Navigating in the sea of containers in azure when to choose which service and...
 
Kubernetes in Azure
Kubernetes in AzureKubernetes in Azure
Kubernetes in Azure
 
Azure security architecture / FAUG JKL 15.2.2018
Azure security architecture / FAUG JKL 15.2.2018Azure security architecture / FAUG JKL 15.2.2018
Azure security architecture / FAUG JKL 15.2.2018
 
Securing Azure Infrastructure
Securing Azure InfrastructureSecuring Azure Infrastructure
Securing Azure Infrastructure
 
CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
CloudBrew 2017 - Security + DevOps + Azure = AwesomenessCloudBrew 2017 - Security + DevOps + Azure = Awesomeness
CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
 
Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
 
Building globally scalable media solutions with Azure Media Services part 2
Building globally scalable media solutions with Azure Media Services part 2Building globally scalable media solutions with Azure Media Services part 2
Building globally scalable media solutions with Azure Media Services part 2
 
Security + DevOps + Azure = Awesomeness
Security + DevOps + Azure = AwesomenessSecurity + DevOps + Azure = Awesomeness
Security + DevOps + Azure = Awesomeness
 

Recently uploaded

Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 

Recently uploaded (20)

Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 

Building an Enterprise-Grade Azure Governance Model

  • 1. @fincooper Building an Enterprise-Grade Azure Governance Model Karl Ots, Zure Ltd 13.12.2019
  • 3. @fincooper Karl Ots Chief Consulting Officer karl.ots@zure.com • Cloud & cybersecurity expert from Finland • Community leader, speaker, author & patented inventor • Working on Azure since 2011 • Helped to secure 100+ Azure applications, from startups to Fortune 500 enterprises • zure.ly/karl
  • 4. @fincooper What to expect in this session • The technical fundamentals of building a comprehensive Azure Governance model. • After this session, you should have a better understanding of Azure governance best practices and in-house team roles & responsibilities. • You should also have an overview of the technical implementation of governance controls.
  • 5. @fincooper Why cloud Governance? • When proper cloud governance model is followed, you can ensure your teams are operating in a secure and compliant Azure environment during design, development and operations. • Cloud governance complements your cloud strategy. • Cloud strategy provides a decision framework to determine how you will use cloud technologies.
  • 6. @fincooper The role of Governance • Cloud Strategy • New apps predominantly from SaaS, custom apps on top of PaaS? • What to do with existing apps in onprem? EOL, IaaS or as-is? • Governance model • Policies • Security policies • Development policies • Guidelines • Implementation guideline • Reference architecture
  • 8. @fincooper Key Governance decisions • Subscription model • Organization-wide governance controls • User access management • Azure provisioning process
  • 9. @fincooper Key Governance decisions • Subscription model • Organization-wide governance controls • User access management • Azure provisioning process
  • 10. @fincooper Subscription setup Subscription Account Department Enterprise Enrolment Organization Department Account Sandbox (MSDN) Shared Services Production Test Dev
  • 11. @fincooper Key Governance decisions • Subscription model • Organization-wide governance controls • User access management • Azure provisioning process
  • 12. @fincooper Organization-wide governance • Baseline governance controls that are common across the whole organization. • These controls might include: • Geopolicy (allowed Azure regions) • Mandatory tagging • Central user accounts • Shared services, such as network, integrations, data lake and monitoring
  • 13. @fincooper Azure Policy • Policies are used for maintaining consistency and enforcing the governance model. • Policies are a core governance capability and provide ability create defined organizational controls on Azure resources which restrict, enforce or audit certain actions. Policy types are: • Deny • Audit • DeployIfNotExists • AuditIfNotExists
  • 14. @fincooper Geopolicy controls • Explicitly control geographic placement of your Azure Resources according to your sovereignty, security, compliance or latency policies
  • 15. @fincooper RBAC and policies Role Based Access Control (RBAC) Controls what actions a user may take on Azure resources Azure Policies Controls what actions may be taken at a given scope
  • 16. @fincooper Azure Policy CRUD Azure Resource Manager Query Role-based Access Policy Definitions Resource Manager Templates Management Groups Subscriptions Resource Groups
  • 18. @fincooper Shared services - networking • Virtual networks enable connectivity across Azure, the internet and the on- premises network. Each VNET is isolated from other VNETs by default. • VNETs can be peered to each other, enabling resources in VNETs to communicate with each other.
  • 19. @fincooper Hub virtual network Gateway subnet ER / S2S NSG Management subnet NSG NVA DMZ subnet vnet peering On-premises network Gateway Workload subnet Spoke 1 virtual network vnet peering NSG Workload subnet Spoke 2 virtual network NSG
  • 20. @fincooper Shared services - networking • How will developers get access to shared VNET? Time to market Control and responsibilities RBAC in the subnet (child resource) scope Fast Developer Pre-provisioned NICs Medium Centralized cloud operations Process outside native Azure capabilities Slow Centralized operations
  • 21. @fincooper Hub virtual network Gateway subnet ER / S2S NSG Management subnet NSG NVA DMZ subnet vnet peering On-premises network Gateway Workload subnet Spoke 1 virtual network vnet peering NSG Workload subnet Spoke 2 virtual network NSG Hub RG Spoke 1 Vnet RG Spoke 2 Vnet RG
  • 23. @fincooper Shared services – API Management • How will you manage access to publish new APIs and versions? • How will you split costs? • How about networking & integrations?
  • 24. @fincooper Key Governance decisions • Subscription model • Organization-wide governance controls • User access management • Azure provisioning process
  • 25. @fincooper Azure access in projects RBAC Role Scope Access level and risks Recommendation Owner Resource Group Access to create new resources and to delete resources from the Resource Group. Can assign access to Resource Group. Users should have an account in customer’s Azure Active Directory. In case of external partners, the account should be provisioned per standard customer’s policies for external accounts. This is the highest appropriate role when developing new services. Contributor Resource Group Access to create new resources and to delete resources from the Resource Group. Users should have an account in customer’s Azure Active Directory. In case of external partners, the account should be provisioned per standard customer’s policies for external accounts. This is the appropriate partner RBAC role when developing new services. Contributor Individual Resource(s) directly Access to edit and modify resource. No access to create new resources. Appropriate partner RBAC role when partner is responsible for operating and managing the service.
  • 26. @fincooper Key Governance decisions • Subscription model • Organization-wide governance controls • User access management • Azure provisioning process
  • 27. @fincooper Azure environment provisioning process 1. Azure request 2. Request approval 3. Environment provisioning 4. Environment handover 5. Operational Azure usage, monitoring, billing 6. End-of-life process
  • 28. @fincooper Provisioning – input needed • Information needed to complete the request to provision Azure environment • Application business owner / internal cost center • User accounts that need access • Expected annual Azure cost • Privacy / data classification
  • 29. @fincooper Provisioning – key decisions • Lifecycle of RBAC assignments • Assigning access to a group or individual user • If group, is it cloud-only or synced from on-premises • Links to existing IDP process
  • 34. @fincooper Provisioning – key decisions • Lifecycle of RBAC assignments • Assigning access to a group or individual user • If group, is it cloud-only or synced from on-premises • Links to existing IDP process • Enforced policies • Tagging • Service catalogue • Other application-specific policies
  • 35. @fincooper Key Governance decisions • Subscription model • Organization-wide governance controls • User access management • Azure provisioning process
  • 36. @fincooper48 Governance Key Takeways • Governance earlier than later • Don’t forget to implement, maintain and audit • Understand RBAC • Plan Subscription model • Plan org-wide governance, such as Locks and Policies • Understand Application lifecycle principles
  • 37. @fincooper Materials Frame the conversation to mitigate tangible business risks through consistent governance Framework1 Assess current and future state to establish a vision for applying the framework Assess2 Establish a minimally viable product (MVP) to serve as a foundation for governance MVP3 Mature with each release to align cloud adoption with existing IT functions Evolve4 https://aka.ms/CAF/govern https://aka.ms/CAF/gov/Assess https://aka.ms/CAF/gov/MVP https://aka.ms/CAF/gov/journey My slides: zure.ly/karl/slides