SlideShare a Scribd company logo

ITProceed 2015 - Securing Sensitive Data with Azure Key Vault

Tom Kerkhove
Tom Kerkhove

Security has become more and more important as we move to the cloud and countries & companies are being hacked – remember the Sony hack? But how do we securely store sensitive data such as connection strings to our databases? Where do we store our encryption keys? Can I share them with my customers? How do I prevent abuse of my secrets and block them from doing so? That’s what this session is all about – I will introduce you to the concepts of Microsoft Azure Key Vault where you can use this as it allows you to securely store keys, credentials and other secrets in the cloud. We will also have a look at how it enables us to store encryption keys for SQL Server TDE and how it can help you safeguard your cloud solutions even more.

1 of 41
Securing sensitive data with Azure Key Vault Tom Kerkhove Tweet and win an Ignite 2016 ticket #itproceed
Who am I? Tom Kerkhove • Integration Professional at Codit • IoT Competency Lead at Codit • Kinect for Windows MVP • Microsoft Azure Advisor
How can Codit help? Integration services • Advice • Projects • Implementation • SOA Governance • Managed Services • Integration as a Service • Integration Cloud • API Management • Internet of Things
Demo Scenario • Customer applies to the SaaS – Gives Twilio & Azure Storage credentials • Application uses API to send text messages
SPAMMER ‘INSECURE’
Demo Summary • Security flaws – Storing sensitive data as clear text in DB – Google authentication as clear text – Unencrypted connection string – Unsecured API – Probably more • On the other hand... – Transport security with SSL (Although default Azure cert) – External login
Introducing Azure Key Vault
What is Azure Key Vault? • Storing sensitive data in hardware security modules (HSM) • Giving back control to the customer – Full controll over key lifecycle with audit logs – Management of all keys in one place – Store encryption keys in HSMs • Removes responsibility from developers – Secure storage for passwords, encryption keys & certificates – Protects sensitive data in production
Keys Secrets Azure Key Vault
Secrets • Used to store sequences of bytes • Consumers can read & store secrets • Encrypted before stored in vault • Limited to 10 kB • Versioned • Typically used for connection strings, certificates, etc.
Keys • Stores a RSA 2048 key • Created by Key Vault owner • Can be used to decrypt/sign with • Can’t be read back • Higher latency • For frequent usage of keys, store it as a Secret
Different Key Types • Software Keys – Stored encrypted in HSM – Operations performed on VM in Azure – Typically used for Dev/Test – Cheaper • HSM Keys – Stored encrypted in HSM – Operations performed on HSM directly – Requires Premium Vault – More secure
Basic LOB Scenario Database 3. Connect to DB 1. Deploy application 2. Read from settings Fabricam Customer X Single-tenant app App Settings Developer
(More) Secure LOB Scenario Database Single-tenant app 1. Create vault 2. Authorize apps & users 3. Create CS Secret 4. Deploy Application 6. Negotiate Secret Fabricam Customer X App Settings 5. Retrieve Vault URI Manages key / monitor logs Vault Consumer Developer Vault Owner
Vault Owners vs Consumers • Vault Owners – Has full control over vault – All keys & secrets in one place – Ability to change permissions – Ability to fully revoke consumer – Ability to regenerate keys without breaking apps – Audit logs for monitoring • Vault Consumers – Authenticate with Azure AD – Not able to see encrypted keys – Limited to granted permissions
Access Control • Access control based on Azure AD • Access assigned at the Vault-level – Permissions to keys – Permissions to secrets • Authentication against Azure AD – Application ID & Key – Application ID & Certificate • No isolation between clients, they see everything
Access Control
Sharing credentials with control Codito Subscription Azure Active Directory Web App Azure SQL database Storage (Azure) SaaS Subscription Azure Key Vault 1 2 3 5 6 7 Azure Key Vault 4
SPAMMER ‘MORE SECURE’
Summary • Security flaws – Vault credentials stored as plain-text – Unsecured API • On the other hand... – Message encryption supported based on customer vault – External vault authentication stored in internal vault – Customers data is securely stored in their vault – Encrypted database
PS C:Demo> Start-Demo
But there is more! • Azure Storage Client-Side encryption • VM Encryption (CloudLink) • SQL Server Encryption • Bitlocker Encryption
VM Encryption (CloudLink)
Bring-Your-Own-Key (BYOK)
SQL Server Encryption • SQL Server Extensible Key Management provider available (Preview) – Transparent Data Encryption (TDE) – Column Level Encryption (CLE) – Backup Encryption • Requires SQL Server Enterprise • Available on-prem & in Azure
SQL SERVER TDE DEMO
Vault Isolation • Vault dedicated to one region – Vault, Keys & Secrets stay within same region • Stored in physical HSMs • Reason - Laws & compliances – Each vault has its own URL – Manual synchronisation if required
Replication North Europe Azure Key Vault West Europe Azure Key Vault Manually Sync
Pricing Overview(*) • Vault owner pays for everything Standard Premium Secrets & Software-protected keys $0.0112 / 10,000 operations $0.0112 / 10,000 operations HSM Protected keys N/A $0.0112 / 10,000 operations $0.3724 per key per month (For every version of the key) * = 50% discount during public preview
Public Preview • Currently only available in 6 regions • PowerShell, .NET & REST API • No SLA
What’s coming? • Available in all regions with 99.9+ SLA • Portal Support • GA ‘real soon’ • Audit logs
36
And win a Lumia 635 Feedback form will be sent to you by email Give me feedback
Follow Technet Belgium @technetbelux Subscribe to the TechNet newsletter aka.ms/benews Be the first to know
39 “The question is not if you will be hacked, the real question is when.”
Thank you!
Belgiums’ biggest IT PRO Conference

Recommended

Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key Vault
Tom Kerkhove
 
Azure key vault
Azure key vaultAzure key vault
Azure key vault
Rahul Nath
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultAzure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Tom Kerkhove
 
Azure key vault - Brisbane User Group
Azure key vault - Brisbane User GroupAzure key vault - Brisbane User Group
Azure key vault - Brisbane User Group
Rahul Nath
 
Global Azure Bootcamp 2017 - Azure Key Vault
Global Azure Bootcamp 2017 - Azure Key VaultGlobal Azure Bootcamp 2017 - Azure Key Vault
Global Azure Bootcamp 2017 - Azure Key Vault
Alberto Diaz Martin
 
Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key VaultTechdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Tom Kerkhove
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
Taswar Bhatti
 
Using Vault for your Nodejs Secrets
Using Vault for your Nodejs SecretsUsing Vault for your Nodejs Secrets
Using Vault for your Nodejs Secrets
Taswar Bhatti
 

Recommended

Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key Vault
Tom Kerkhove
 
Azure key vault
Azure key vaultAzure key vault
Azure key vault
Rahul Nath
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key VaultAzure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
Tom Kerkhove
 
Azure key vault - Brisbane User Group
Azure key vault - Brisbane User GroupAzure key vault - Brisbane User Group
Azure key vault - Brisbane User Group
Rahul Nath
 
Global Azure Bootcamp 2017 - Azure Key Vault
Global Azure Bootcamp 2017 - Azure Key VaultGlobal Azure Bootcamp 2017 - Azure Key Vault
Global Azure Bootcamp 2017 - Azure Key Vault
Alberto Diaz Martin
 
Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key VaultTechdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Tom Kerkhove
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting Started
Taswar Bhatti
 
Using Vault for your Nodejs Secrets
Using Vault for your Nodejs SecretsUsing Vault for your Nodejs Secrets
Using Vault for your Nodejs Secrets
Taswar Bhatti
 
Secret Management Architectures
Secret Management Architectures Secret Management Architectures
Secret Management Architectures
Stenio Ferreira
 
Credential store using HashiCorp Vault
Credential store using HashiCorp VaultCredential store using HashiCorp Vault
Credential store using HashiCorp Vault
Mayank Patel
 
Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on Kubernetes
An Nguyen
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environment
Taswar Bhatti
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
HashiCorp
 
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Bloombase
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets Management
Akeyless
 
The Key to Strong Cloud Security
The Key to Strong Cloud SecurityThe Key to Strong Cloud Security
The Key to Strong Cloud Security
Akeyless
 
Identity Security - Azure Active Directory
Identity Security - Azure Active DirectoryIdentity Security - Azure Active Directory
Identity Security - Azure Active Directory
Eng Teong Cheah
 
Kubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - AkeylessKubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Akeyless
 
CSF18 - Securing the Cloud - Karim El-Melhaoui
CSF18 - Securing the Cloud - Karim El-MelhaouiCSF18 - Securing the Cloud - Karim El-Melhaoui
CSF18 - Securing the Cloud - Karim El-Melhaoui
NCCOMMS
 
Introduction to vault
Introduction to vaultIntroduction to vault
Introduction to vault
Henrik Høegh
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Mary Racter
 
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp VaultCodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime
 
Overview of secret management solutions and architecture
Overview of secret management solutions and architectureOverview of secret management solutions and architecture
Overview of secret management solutions and architecture
Yuechuan (Mike) Chen
 
Compute Security - Container Security
Compute Security - Container SecurityCompute Security - Container Security
Compute Security - Container Security
Eng Teong Cheah
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret Management
Mary Racter
 
Access Security - Hybrid Identity
Access Security - Hybrid IdentityAccess Security - Hybrid Identity
Access Security - Hybrid Identity
Eng Teong Cheah
 
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
DevClub_lv
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s Vault
AWS Germany
 
GAB 2015 - Nouveautes sur le stockage de donnees dans Azure
GAB 2015 - Nouveautes sur le stockage de donnees dans AzureGAB 2015 - Nouveautes sur le stockage de donnees dans Azure
GAB 2015 - Nouveautes sur le stockage de donnees dans Azure
Jean-Luc Boucho
 
Introduccion Backup azure
Introduccion Backup azure Introduccion Backup azure
Introduccion Backup azure
Ivan Martinez
 

More Related Content

What's hot

Secret Management Architectures
Secret Management Architectures Secret Management Architectures
Secret Management Architectures
Stenio Ferreira
 
Credential store using HashiCorp Vault
Credential store using HashiCorp VaultCredential store using HashiCorp Vault
Credential store using HashiCorp Vault
Mayank Patel
 
Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on Kubernetes
An Nguyen
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environment
Taswar Bhatti
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
HashiCorp
 
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Bloombase
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets Management
Akeyless
 
The Key to Strong Cloud Security
The Key to Strong Cloud SecurityThe Key to Strong Cloud Security
The Key to Strong Cloud Security
Akeyless
 
Identity Security - Azure Active Directory
Identity Security - Azure Active DirectoryIdentity Security - Azure Active Directory
Identity Security - Azure Active Directory
Eng Teong Cheah
 
Kubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - AkeylessKubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Akeyless
 
CSF18 - Securing the Cloud - Karim El-Melhaoui
CSF18 - Securing the Cloud - Karim El-MelhaouiCSF18 - Securing the Cloud - Karim El-Melhaoui
CSF18 - Securing the Cloud - Karim El-Melhaoui
NCCOMMS
 
Introduction to vault
Introduction to vaultIntroduction to vault
Introduction to vault
Henrik Høegh
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Mary Racter
 
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp VaultCodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime
 
Overview of secret management solutions and architecture
Overview of secret management solutions and architectureOverview of secret management solutions and architecture
Overview of secret management solutions and architecture
Yuechuan (Mike) Chen
 
Compute Security - Container Security
Compute Security - Container SecurityCompute Security - Container Security
Compute Security - Container Security
Eng Teong Cheah
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret Management
Mary Racter
 
Access Security - Hybrid Identity
Access Security - Hybrid IdentityAccess Security - Hybrid Identity
Access Security - Hybrid Identity
Eng Teong Cheah
 
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
DevClub_lv
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s Vault
AWS Germany
 

What's hot (20)

Secret Management Architectures
Secret Management Architectures Secret Management Architectures
Secret Management Architectures
 
Credential store using HashiCorp Vault
Credential store using HashiCorp VaultCredential store using HashiCorp Vault
Credential store using HashiCorp Vault
 
Secret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on KubernetesSecret Management with Hashicorp Vault and Consul on Kubernetes
Secret Management with Hashicorp Vault and Consul on Kubernetes
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environment
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
 
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets Management
 
The Key to Strong Cloud Security
The Key to Strong Cloud SecurityThe Key to Strong Cloud Security
The Key to Strong Cloud Security
 
Identity Security - Azure Active Directory
Identity Security - Azure Active DirectoryIdentity Security - Azure Active Directory
Identity Security - Azure Active Directory
 
Kubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - AkeylessKubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
Kubernetes Secrets - The Good, The Bad, and The Ugly - Akeyless
 
CSF18 - Securing the Cloud - Karim El-Melhaoui
CSF18 - Securing the Cloud - Karim El-MelhaouiCSF18 - Securing the Cloud - Karim El-Melhaoui
CSF18 - Securing the Cloud - Karim El-Melhaoui
 
Introduction to vault
Introduction to vaultIntroduction to vault
Introduction to vault
 
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
Secure Secret Management on a Budget: Reasoning about Scalable SM with Vault ...
 
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp VaultCodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
CodiLime Tech Talk - Michał Pawluk: Our deployment of HashiCorp Vault
 
Overview of secret management solutions and architecture
Overview of secret management solutions and architectureOverview of secret management solutions and architecture
Overview of secret management solutions and architecture
 
Compute Security - Container Security
Compute Security - Container SecurityCompute Security - Container Security
Compute Security - Container Security
 
Automation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret ManagementAutomation Patterns for Scalable Secret Management
Automation Patterns for Scalable Secret Management
 
Access Security - Hybrid Identity
Access Security - Hybrid IdentityAccess Security - Hybrid Identity
Access Security - Hybrid Identity
 
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
Using Azure Managed Identities for your App Services by Jan de Vries from 4Do...
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s Vault
 

Viewers also liked

GAB 2015 - Nouveautes sur le stockage de donnees dans Azure
GAB 2015 - Nouveautes sur le stockage de donnees dans AzureGAB 2015 - Nouveautes sur le stockage de donnees dans Azure
GAB 2015 - Nouveautes sur le stockage de donnees dans Azure
Jean-Luc Boucho
 
Introduccion Backup azure
Introduccion Backup azure Introduccion Backup azure
Introduccion Backup azure
Ivan Martinez
 
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service FabricTokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup
 
Azure Stream Analytics
Azure Stream AnalyticsAzure Stream Analytics
Azure Stream Analytics
Marco Parenzan
 
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature MappingMicrosoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
Ilyas F ☁☁☁
 
Azure Cloud PPT
Azure Cloud PPTAzure Cloud PPT
Azure Cloud PPT
Aniket Kanitkar
 

Viewers also liked (6)

GAB 2015 - Nouveautes sur le stockage de donnees dans Azure
GAB 2015 - Nouveautes sur le stockage de donnees dans AzureGAB 2015 - Nouveautes sur le stockage de donnees dans Azure
GAB 2015 - Nouveautes sur le stockage de donnees dans Azure
 
Introduccion Backup azure
Introduccion Backup azure Introduccion Backup azure
Introduccion Backup azure
 
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service FabricTokyo Azure Meetup #5 - Microservices and Azure Service Fabric
Tokyo Azure Meetup #5 - Microservices and Azure Service Fabric
 
Azure Stream Analytics
Azure Stream AnalyticsAzure Stream Analytics
Azure Stream Analytics
 
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature MappingMicrosoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
 
Azure Cloud PPT
Azure Cloud PPTAzure Cloud PPT
Azure Cloud PPT
 

Similar to ITProceed 2015 - Securing Sensitive Data with Azure Key Vault

Security Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudSecurity Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloud
Neelkamal Gaharwar
 
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
Tom Kerkhove
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Amazon Web Services
 
Cloud computing & windows azure intro
Cloud computing & windows azure introCloud computing & windows azure intro
Cloud computing & windows azure intro
Haddy El-Haggan
 
AWS Summit Berlin 2013 - Keynote Steve Schmidt
AWS Summit Berlin 2013 - Keynote Steve SchmidtAWS Summit Berlin 2013 - Keynote Steve Schmidt
AWS Summit Berlin 2013 - Keynote Steve Schmidt
AWS Germany
 
AWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security KeynoteAWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security KeynoteAmazon Web Services
 
Deep Dive: AWS CloudHSM (Classic)
Deep Dive: AWS CloudHSM (Classic)Deep Dive: AWS CloudHSM (Classic)
Deep Dive: AWS CloudHSM (Classic)
Amazon Web Services
 
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Stenio Ferreira
 
Toronto MuleSoft Meetup: Virtual Meetup #3
Toronto MuleSoft Meetup: Virtual Meetup #3Toronto MuleSoft Meetup: Virtual Meetup #3
Toronto MuleSoft Meetup: Virtual Meetup #3
Alexandra N. Martinez
 
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
Amazon Web Services
 
AWS Summit Nordics - Security Keynote
AWS Summit Nordics - Security KeynoteAWS Summit Nordics - Security Keynote
AWS Summit Nordics - Security KeynoteAmazon Web Services
 
AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)
Julien SIMON
 
Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017
Amazon Web Services
 
Security on Windows Azure
Security on Windows AzureSecurity on Windows Azure
Security on Windows Azure
Haddy El-Haggan
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
Amazon Web Services
 
AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security
Amazon Web Services
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
Akash Mahajan
 
Mike Allen's AWS + OWASP talk "AWS secret manager for protecting and rotating...
Mike Allen's AWS + OWASP talk "AWS secret manager for protecting and rotating...Mike Allen's AWS + OWASP talk "AWS secret manager for protecting and rotating...
Mike Allen's AWS + OWASP talk "AWS secret manager for protecting and rotating...
AWS Chicago
 
Putting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud ScalePutting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud Scale
Amazon Web Services
 
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
Amazon Web Services
 

Similar to ITProceed 2015 - Securing Sensitive Data with Azure Key Vault (20)

Security Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudSecurity Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloud
 
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
 
Cloud computing & windows azure intro
Cloud computing & windows azure introCloud computing & windows azure intro
Cloud computing & windows azure intro
 
AWS Summit Berlin 2013 - Keynote Steve Schmidt
AWS Summit Berlin 2013 - Keynote Steve SchmidtAWS Summit Berlin 2013 - Keynote Steve Schmidt
AWS Summit Berlin 2013 - Keynote Steve Schmidt
 
AWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security KeynoteAWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security Keynote
 
Deep Dive: AWS CloudHSM (Classic)
Deep Dive: AWS CloudHSM (Classic)Deep Dive: AWS CloudHSM (Classic)
Deep Dive: AWS CloudHSM (Classic)
 
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
 
Toronto MuleSoft Meetup: Virtual Meetup #3
Toronto MuleSoft Meetup: Virtual Meetup #3Toronto MuleSoft Meetup: Virtual Meetup #3
Toronto MuleSoft Meetup: Virtual Meetup #3
 
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
 
AWS Summit Nordics - Security Keynote
AWS Summit Nordics - Security KeynoteAWS Summit Nordics - Security Keynote
AWS Summit Nordics - Security Keynote
 
AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)
 
Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017Security best practices on AWS - Pop-up Loft TLV 2017
Security best practices on AWS - Pop-up Loft TLV 2017
 
Security on Windows Azure
Security on Windows AzureSecurity on Windows Azure
Security on Windows Azure
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
Mike Allen's AWS + OWASP talk "AWS secret manager for protecting and rotating...
Mike Allen's AWS + OWASP talk "AWS secret manager for protecting and rotating...Mike Allen's AWS + OWASP talk "AWS secret manager for protecting and rotating...
Mike Allen's AWS + OWASP talk "AWS secret manager for protecting and rotating...
 
Putting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud ScalePutting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud Scale
 
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
透過Amazon CloudFront 和AWS WAF來執行安全的內容傳輸
 

More from Tom Kerkhove

Techorama 2022 - Adventures of building Promitor, an open-source product
Techorama 2022 - Adventures of building Promitor, an open-source productTechorama 2022 - Adventures of building Promitor, an open-source product
Techorama 2022 - Adventures of building Promitor, an open-source product
Tom Kerkhove
 
Microsoft Partners - Application Autoscaling Made Easy With Kubernetes Event-...
Microsoft Partners - Application Autoscaling Made Easy With Kubernetes Event-...Microsoft Partners - Application Autoscaling Made Easy With Kubernetes Event-...
Microsoft Partners - Application Autoscaling Made Easy With Kubernetes Event-...
Tom Kerkhove
 
Introduction to Promitor
Introduction to PromitorIntroduction to Promitor
Introduction to Promitor
Tom Kerkhove
 
Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...
Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...
Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...
Tom Kerkhove
 
NDC London 2021 - Application Autoscaling Made Easy With Kubernetes Event-Dri...
NDC London 2021 - Application Autoscaling Made Easy With Kubernetes Event-Dri...NDC London 2021 - Application Autoscaling Made Easy With Kubernetes Event-Dri...
NDC London 2021 - Application Autoscaling Made Easy With Kubernetes Event-Dri...
Tom Kerkhove
 
Global Azure Virtual - Application Autoscaling with KEDA
Global Azure Virtual - Application Autoscaling with KEDAGlobal Azure Virtual - Application Autoscaling with KEDA
Global Azure Virtual - Application Autoscaling with KEDA
Tom Kerkhove
 
Building Bruges 2020 - Adventures of building a multi-tenant PaaS on Microsof...
Building Bruges 2020 - Adventures of building a multi-tenant PaaS on Microsof...Building Bruges 2020 - Adventures of building a multi-tenant PaaS on Microsof...
Building Bruges 2020 - Adventures of building a multi-tenant PaaS on Microsof...
Tom Kerkhove
 
AZUG Lightning Talk - Application autoscaling on Kubernetes with Kubernetes E...
AZUG Lightning Talk - Application autoscaling on Kubernetes with Kubernetes E...AZUG Lightning Talk - Application autoscaling on Kubernetes with Kubernetes E...
AZUG Lightning Talk - Application autoscaling on Kubernetes with Kubernetes E...
Tom Kerkhove
 
IglooConf 2020 - API management for microservices in a hybrid and multi-cloud...
IglooConf 2020 - API management for microservices in a hybrid and multi-cloud...IglooConf 2020 - API management for microservices in a hybrid and multi-cloud...
IglooConf 2020 - API management for microservices in a hybrid and multi-cloud...
Tom Kerkhove
 
IglooConf 2020 - Adventures of building a multi-tenant PaaS on Microsoft Azure
IglooConf 2020 - Adventures of building a multi-tenant PaaS on Microsoft AzureIglooConf 2020 - Adventures of building a multi-tenant PaaS on Microsoft Azure
IglooConf 2020 - Adventures of building a multi-tenant PaaS on Microsoft Azure
Tom Kerkhove
 
Microsoft Ignite 2019 - API management for microservices in a hybrid and mult...
Microsoft Ignite 2019 - API management for microservices in a hybrid and mult...Microsoft Ignite 2019 - API management for microservices in a hybrid and mult...
Microsoft Ignite 2019 - API management for microservices in a hybrid and mult...
Tom Kerkhove
 
Integrate UK 2019 - Adventures of building a (multi-tenant) PaaS on Microsoft...
Integrate UK 2019 - Adventures of building a (multi-tenant) PaaS on Microsoft...Integrate UK 2019 - Adventures of building a (multi-tenant) PaaS on Microsoft...
Integrate UK 2019 - Adventures of building a (multi-tenant) PaaS on Microsoft...
Tom Kerkhove
 
Techdays Finland 2019 - Adventures of building a (multi-tenant) PaaS on Micro...
Techdays Finland 2019 - Adventures of building a (multi-tenant) PaaS on Micro...Techdays Finland 2019 - Adventures of building a (multi-tenant) PaaS on Micro...
Techdays Finland 2019 - Adventures of building a (multi-tenant) PaaS on Micro...
Tom Kerkhove
 
Next Generation Data Integration with Azure Data Factory
Next Generation Data Integration with Azure Data FactoryNext Generation Data Integration with Azure Data Factory
Next Generation Data Integration with Azure Data Factory
Tom Kerkhove
 
Intelligent Cloud Conference 2018 - Automatically scaling Kubernetes pods bas...
Intelligent Cloud Conference 2018 - Automatically scaling Kubernetes pods bas...Intelligent Cloud Conference 2018 - Automatically scaling Kubernetes pods bas...
Intelligent Cloud Conference 2018 - Automatically scaling Kubernetes pods bas...
Tom Kerkhove
 
Intelligent Cloud Conference 2018 - Next Generation of Data Integration with ...
Intelligent Cloud Conference 2018 - Next Generation of Data Integration with ...Intelligent Cloud Conference 2018 - Next Generation of Data Integration with ...
Intelligent Cloud Conference 2018 - Next Generation of Data Integration with ...
Tom Kerkhove
 
NDC Minnesota - Analyzing StackExchange data with Azure Data Lake
NDC Minnesota - Analyzing StackExchange data with Azure Data LakeNDC Minnesota - Analyzing StackExchange data with Azure Data Lake
NDC Minnesota - Analyzing StackExchange data with Azure Data Lake
Tom Kerkhove
 
NDC Sydney - Analyzing StackExchange with Azure Data Lake
NDC Sydney - Analyzing StackExchange with Azure Data LakeNDC Sydney - Analyzing StackExchange with Azure Data Lake
NDC Sydney - Analyzing StackExchange with Azure Data Lake
Tom Kerkhove
 
TechDays NL 2016 - Building your scalable secure IoT Solution on Azure
TechDays NL 2016 - Building your scalable secure IoT Solution on AzureTechDays NL 2016 - Building your scalable secure IoT Solution on Azure
TechDays NL 2016 - Building your scalable secure IoT Solution on Azure
Tom Kerkhove
 
Integration Monday - Analysing StackExchange data with Azure Data Lake
Integration Monday - Analysing StackExchange data with Azure Data LakeIntegration Monday - Analysing StackExchange data with Azure Data Lake
Integration Monday - Analysing StackExchange data with Azure Data Lake
Tom Kerkhove
 

More from Tom Kerkhove (20)

Techorama 2022 - Adventures of building Promitor, an open-source product
Techorama 2022 - Adventures of building Promitor, an open-source productTechorama 2022 - Adventures of building Promitor, an open-source product
Techorama 2022 - Adventures of building Promitor, an open-source product
 
Microsoft Partners - Application Autoscaling Made Easy With Kubernetes Event-...
Microsoft Partners - Application Autoscaling Made Easy With Kubernetes Event-...Microsoft Partners - Application Autoscaling Made Easy With Kubernetes Event-...
Microsoft Partners - Application Autoscaling Made Easy With Kubernetes Event-...
 
Introduction to Promitor
Introduction to PromitorIntroduction to Promitor
Introduction to Promitor
 
Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...
Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...
Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...
 
NDC London 2021 - Application Autoscaling Made Easy With Kubernetes Event-Dri...
NDC London 2021 - Application Autoscaling Made Easy With Kubernetes Event-Dri...NDC London 2021 - Application Autoscaling Made Easy With Kubernetes Event-Dri...
NDC London 2021 - Application Autoscaling Made Easy With Kubernetes Event-Dri...
 
Global Azure Virtual - Application Autoscaling with KEDA
Global Azure Virtual - Application Autoscaling with KEDAGlobal Azure Virtual - Application Autoscaling with KEDA
Global Azure Virtual - Application Autoscaling with KEDA
 
Building Bruges 2020 - Adventures of building a multi-tenant PaaS on Microsof...
Building Bruges 2020 - Adventures of building a multi-tenant PaaS on Microsof...Building Bruges 2020 - Adventures of building a multi-tenant PaaS on Microsof...
Building Bruges 2020 - Adventures of building a multi-tenant PaaS on Microsof...
 
AZUG Lightning Talk - Application autoscaling on Kubernetes with Kubernetes E...
AZUG Lightning Talk - Application autoscaling on Kubernetes with Kubernetes E...AZUG Lightning Talk - Application autoscaling on Kubernetes with Kubernetes E...
AZUG Lightning Talk - Application autoscaling on Kubernetes with Kubernetes E...
 
IglooConf 2020 - API management for microservices in a hybrid and multi-cloud...
IglooConf 2020 - API management for microservices in a hybrid and multi-cloud...IglooConf 2020 - API management for microservices in a hybrid and multi-cloud...
IglooConf 2020 - API management for microservices in a hybrid and multi-cloud...
 
IglooConf 2020 - Adventures of building a multi-tenant PaaS on Microsoft Azure
IglooConf 2020 - Adventures of building a multi-tenant PaaS on Microsoft AzureIglooConf 2020 - Adventures of building a multi-tenant PaaS on Microsoft Azure
IglooConf 2020 - Adventures of building a multi-tenant PaaS on Microsoft Azure
 
Microsoft Ignite 2019 - API management for microservices in a hybrid and mult...
Microsoft Ignite 2019 - API management for microservices in a hybrid and mult...Microsoft Ignite 2019 - API management for microservices in a hybrid and mult...
Microsoft Ignite 2019 - API management for microservices in a hybrid and mult...
 
Integrate UK 2019 - Adventures of building a (multi-tenant) PaaS on Microsoft...
Integrate UK 2019 - Adventures of building a (multi-tenant) PaaS on Microsoft...Integrate UK 2019 - Adventures of building a (multi-tenant) PaaS on Microsoft...
Integrate UK 2019 - Adventures of building a (multi-tenant) PaaS on Microsoft...
 
Techdays Finland 2019 - Adventures of building a (multi-tenant) PaaS on Micro...
Techdays Finland 2019 - Adventures of building a (multi-tenant) PaaS on Micro...Techdays Finland 2019 - Adventures of building a (multi-tenant) PaaS on Micro...
Techdays Finland 2019 - Adventures of building a (multi-tenant) PaaS on Micro...
 
Next Generation Data Integration with Azure Data Factory
Next Generation Data Integration with Azure Data FactoryNext Generation Data Integration with Azure Data Factory
Next Generation Data Integration with Azure Data Factory
 
Intelligent Cloud Conference 2018 - Automatically scaling Kubernetes pods bas...
Intelligent Cloud Conference 2018 - Automatically scaling Kubernetes pods bas...Intelligent Cloud Conference 2018 - Automatically scaling Kubernetes pods bas...
Intelligent Cloud Conference 2018 - Automatically scaling Kubernetes pods bas...
 
Intelligent Cloud Conference 2018 - Next Generation of Data Integration with ...
Intelligent Cloud Conference 2018 - Next Generation of Data Integration with ...Intelligent Cloud Conference 2018 - Next Generation of Data Integration with ...
Intelligent Cloud Conference 2018 - Next Generation of Data Integration with ...
 
NDC Minnesota - Analyzing StackExchange data with Azure Data Lake
NDC Minnesota - Analyzing StackExchange data with Azure Data LakeNDC Minnesota - Analyzing StackExchange data with Azure Data Lake
NDC Minnesota - Analyzing StackExchange data with Azure Data Lake
 
NDC Sydney - Analyzing StackExchange with Azure Data Lake
NDC Sydney - Analyzing StackExchange with Azure Data LakeNDC Sydney - Analyzing StackExchange with Azure Data Lake
NDC Sydney - Analyzing StackExchange with Azure Data Lake
 
TechDays NL 2016 - Building your scalable secure IoT Solution on Azure
TechDays NL 2016 - Building your scalable secure IoT Solution on AzureTechDays NL 2016 - Building your scalable secure IoT Solution on Azure
TechDays NL 2016 - Building your scalable secure IoT Solution on Azure
 
Integration Monday - Analysing StackExchange data with Azure Data Lake
Integration Monday - Analysing StackExchange data with Azure Data LakeIntegration Monday - Analysing StackExchange data with Azure Data Lake
Integration Monday - Analysing StackExchange data with Azure Data Lake
 

Recently uploaded

top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
vrstrong314
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Anthony Dahanne
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
Cyanic lab
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
Visitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.appVisitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.app
NaapbooksPrivateLimi
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
Tendenci - The Open Source AMS (Association Management Software)
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 
Advanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowAdvanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should Know
Peter Caitens
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
KrzysztofKkol1
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
takuyayamamoto1800
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
wottaspaceseo
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
kalichargn70th171
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
Globus
 
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
XfilesPro
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Natan Silnitsky
 

Recently uploaded (20)

top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
Visitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.appVisitor Management System in India- Vizman.app
Visitor Management System in India- Vizman.app
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
Advanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowAdvanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should Know
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
 
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 

ITProceed 2015 - Securing Sensitive Data with Azure Key Vault

  • 1. Securing sensitive data with Azure Key Vault Tom Kerkhove Tweet and win an Ignite 2016 ticket #itproceed
  • 2. Who am I? Tom Kerkhove • Integration Professional at Codit • IoT Competency Lead at Codit • Kinect for Windows MVP • Microsoft Azure Advisor
  • 3. How can Codit help? Integration services • Advice • Projects • Implementation • SOA Governance • Managed Services • Integration as a Service • Integration Cloud • API Management • Internet of Things
  • 4.
  • 5. Demo Scenario • Customer applies to the SaaS – Gives Twilio & Azure Storage credentials • Application uses API to send text messages
  • 7. Demo Summary • Security flaws – Storing sensitive data as clear text in DB – Google authentication as clear text – Unencrypted connection string – Unsecured API – Probably more • On the other hand... – Transport security with SSL (Although default Azure cert) – External login
  • 8.
  • 9.
  • 11. What is Azure Key Vault? • Storing sensitive data in hardware security modules (HSM) • Giving back control to the customer – Full controll over key lifecycle with audit logs – Management of all keys in one place – Store encryption keys in HSMs • Removes responsibility from developers – Secure storage for passwords, encryption keys & certificates – Protects sensitive data in production
  • 13. Secrets • Used to store sequences of bytes • Consumers can read & store secrets • Encrypted before stored in vault • Limited to 10 kB • Versioned • Typically used for connection strings, certificates, etc.
  • 14. Keys • Stores a RSA 2048 key • Created by Key Vault owner • Can be used to decrypt/sign with • Can’t be read back • Higher latency • For frequent usage of keys, store it as a Secret
  • 15. Different Key Types • Software Keys – Stored encrypted in HSM – Operations performed on VM in Azure – Typically used for Dev/Test – Cheaper • HSM Keys – Stored encrypted in HSM – Operations performed on HSM directly – Requires Premium Vault – More secure
  • 16. Basic LOB Scenario Database 3. Connect to DB 1. Deploy application 2. Read from settings Fabricam Customer X Single-tenant app App Settings Developer
  • 17. (More) Secure LOB Scenario Database Single-tenant app 1. Create vault 2. Authorize apps & users 3. Create CS Secret 4. Deploy Application 6. Negotiate Secret Fabricam Customer X App Settings 5. Retrieve Vault URI Manages key / monitor logs Vault Consumer Developer Vault Owner
  • 18. Vault Owners vs Consumers • Vault Owners – Has full control over vault – All keys & secrets in one place – Ability to change permissions – Ability to fully revoke consumer – Ability to regenerate keys without breaking apps – Audit logs for monitoring • Vault Consumers – Authenticate with Azure AD – Not able to see encrypted keys – Limited to granted permissions
  • 19. Access Control • Access control based on Azure AD • Access assigned at the Vault-level – Permissions to keys – Permissions to secrets • Authentication against Azure AD – Application ID & Key – Application ID & Certificate • No isolation between clients, they see everything
  • 21. Sharing credentials with control Codito Subscription Azure Active Directory Web App Azure SQL database Storage (Azure) SaaS Subscription Azure Key Vault 1 2 3 5 6 7 Azure Key Vault 4
  • 23. Summary • Security flaws – Vault credentials stored as plain-text – Unsecured API • On the other hand... – Message encryption supported based on customer vault – External vault authentication stored in internal vault – Customers data is securely stored in their vault – Encrypted database
  • 25. But there is more! • Azure Storage Client-Side encryption • VM Encryption (CloudLink) • SQL Server Encryption • Bitlocker Encryption
  • 28. SQL Server Encryption • SQL Server Extensible Key Management provider available (Preview) – Transparent Data Encryption (TDE) – Column Level Encryption (CLE) – Backup Encryption • Requires SQL Server Enterprise • Available on-prem & in Azure
  • 29.
  • 31. Vault Isolation • Vault dedicated to one region – Vault, Keys & Secrets stay within same region • Stored in physical HSMs • Reason - Laws & compliances – Each vault has its own URL – Manual synchronisation if required
  • 32. Replication North Europe Azure Key Vault West Europe Azure Key Vault Manually Sync
  • 33. Pricing Overview(*) • Vault owner pays for everything Standard Premium Secrets & Software-protected keys $0.0112 / 10,000 operations $0.0112 / 10,000 operations HSM Protected keys N/A $0.0112 / 10,000 operations $0.3724 per key per month (For every version of the key) * = 50% discount during public preview
  • 34. Public Preview • Currently only available in 6 regions • PowerShell, .NET & REST API • No SLA
  • 35. What’s coming? • Available in all regions with 99.9+ SLA • Portal Support • GA ‘real soon’ • Audit logs
  • 36. 36
  • 37. And win a Lumia 635 Feedback form will be sent to you by email Give me feedback
  • 38. Follow Technet Belgium @technetbelux Subscribe to the TechNet newsletter aka.ms/benews Be the first to know
  • 39. 39 “The question is not if you will be hacked, the real question is when.”
  • 41. Belgiums’ biggest IT PRO Conference

Editor's Notes

  1. - Key stored in config file encrypted/unencrypted