Security + DevOps + Azure = Awesomeness

•

1 like•461 views

Presented on 6th of October 2017 at CloudBurst conference in Stockholm, Sweden. In this session, I will cover the Secure DevOps Toolkit for Azure, a set of security-related tools, PowerShell modules, extensions and automations for Azure. The session is a collection of lessons learned using the Toolkit from real-life projects. After this sessions you will be able to improve the security of your Azure usage from IDE to Operations, regardless of your current state of security and level of cloud adoption. http://cloudburst.azurewebsites.net/

Technology

SECURE DEVOPS KIT FOR
AZURE
CLOUDBURST
6.10.2017

KARL OTS @ KOMPOZURE
• Co-organizer of Finland Azure User Group and
IglooConf
• Working on Azure since 2011
• Patented inventor
• Worked with tens of different customers on full-scale
Azure projects, from startups to Fortune 500
enterprises
Managing Consultant,
Kompozure Ltd
Karl.ots@kompozure.com

WHY AZSDK
• Cloud security is hard.
• Knowledge of Azure security controls is not widespread.
• MS IT wanted to accelerate internal Azure adoption in a
controlled way
• Vision: avoid reinventing the wheel
o Use as much out-of-the-box Azure features as possible
o For example: outsource VM controls to Security Center

SUBSCRIPTION SECURITYSubscription
RBAC
provisioning
Deploy mandatory and scenario/solution specific accounts/groups on a
subscription. Ability to specify and remove deprecated accounts.
Alerts setup Configure insights-based alerts for important activities. Runbooks for
critical alerts to send SMS with key alert body info.
ARM policy
setup
Deploy and enable ARM policy definitions (e.g., audit/deny use of
ASM/v1 resources)
ASC setup Configure Azure Security Center by enabling policies, setting security
POCs, etc.
Resource Locks Ensure that critical enterprise resources have locks deployed on them.
Health Check More than a dozen subscription hygiene security checks, including
proper provisioning

DEVELOP SECURELY
Feature Scenarios/Details
Development
Security
IntelliSense
• Get inline support for secure coding right at the point of code
creation.
• Checks on Azure Best practices, ADAL and common crypto
• VS plug-in for C#.
• Security IntelliSense extension works on Visual Studio 2015
Update 3 or later.

SPOT CHECK SECURITY
Feature Scenarios/Details
Development
Security
IntelliSense
• Get inline support for secure coding right at the point of code
creation.
• Checks on Azure Best practices, ADAL and Crypto
• VS plug-in for C#.
Security
Verification Tests
• Scan cloud solutions during early dev and prototyping stages.
• Provides a variety of options to define scan targets.
• Easy, intuitive reports and detailed logs. Support for 25+ Azure
IaaS and PaaS service types.

DISCUSSION
• AzSDK is not your magic bullet to tick the security box
o AzSDK mostly covers “administrative access” in traditional threat
models, some “application access” as well
o You still have to worry about users, external threats and more
o Threat modeling and Defense in Depth approach are your friends!
• Carefully analyze the results in the scope of your application – are the
recommended controls right for your app?
• New in 2.6.1
o Generate PDF Report
o Generate Fix Script

Role How to use AzSDK
Subscription Owner
• Check the overall security health of your Azure subscription.
• Ensure that AzSDK artifacts are properly provisioned.
Developer Team
• Get inline support with security tips and corrections while writing
code for Azure apps (and also standard web applications in
general).
• Test that Azure resources you are using for your
application/solutions are configured and deployed securely.
• Enable security in CICD by including various security tests in the
build/release pipelines
Deployment Team
• Control deployment workflows according to outcomes of security
checks.
Operations Team
• Observe the security state with subscription health checks and
SVT’s.
• Track security state in a 'continuous' manner
• Provide support and templates for frequently failing operational
security activities such as key rotation, access reviews, public ips, etc.

RESOURCES
• Try out the Secure DevOps Kit for
Azure!
• Installation guide, docs:
http://aka.ms/azsdkossdocs
• Controls coverage:
http://aka.ms/azsdkosstcp
• IT Showcase:
http://aka.ms/azsdk/itshowcase
• Support:
azsdksupext@microsoft.com

As presented at the (ISC)2 EMEA Secure Summit. Karl Ots has assessed the security of over 100 solutions built on the Microsoft Azure cloud. He has found that there are 6 key security pitfalls that are common across all industry verticals and company sizes. In this session, he will share what these security pitfalls are, why do they matter and how to mitigate them. 1. Upon completion, participant will know the most common threat vectors in real-life Microsoft Azure applications across all industries and company sizes.2. Upon completion, participant will be able to effectively articulate the presented risks to both software developers and technical decision makers.3. Upon completion, participant will be able to remediate the presented risks and focus their security investments in the most effective controls

Azure security architecture / FAUG JKL 15.2.2018

Karl Ots

DevSecOps Everything You Need To Know

Centextech

FAUG #9: Azure security architecture and stories from the trenches

Karl Ots

TechDays Finland 2020: Azuren tietoturva haltuun!

Karl Ots

Azure-ratkaisujen suunnittelu, rakentaminen ja operointi tietoturvallisesti ei ole lainkaan suoraviivaista. Sekä käytettävissä olevista tietoturvakontrolleista että ohjeistuksesta on niin laaja ylitarjonta, että alkuun on hankala päästä, parhaiden käytäntöjen käytöstä puhumattakaan. Tätä haastetta ei lainkaan helpota se, että organisaatioiden olemassa oleva tietoturvaosaaminen on harvoin siellä, missä ketterien digitaalisten sovellusten rakentaminen on. Miten voimme saada Azuren palveluista hyödyt irti, jos digisovellusten ja tietoturvavaatimusten maailmat eivät kohtaa? Tässä esityksessä Karl käy käytännönläheisesti läpi työkalut ja prosessit, joilla suojataan Azure-sovellukset ja -infrastruktuuri, suunnittelupöydältä tuotantoon vientiin asti. Esityksen jälkeen kuulija tuntee Azuressa käytössä olevat tietoturvakontrollit sekä niiden vaikutuksen tietoturvaan, sovelluskehitystehokkuuteen ja kustannuksiin. Kuulijalla osaa myös soveltaa oppimaansa päivittääkseen oman organisaationsa tietoturvavaatimukset Azure-aikaan.

Identity Security - Azure Active Directory

Eng Teong Cheah

Get On Top of Azure Resource Security Using Secure DevOps Kit for Azure

Kasun Kodagoda

TechWiseTV Workshop: Cisco CloudCenter (CliQr)

Robb Boyd

Azure PaaS and SaaS platforms usage seem to be easy and straightforward, but it's your responsibility to keep them properly secured. I will talk about steps to secure your subscription, network, applications and storage and how Azure can help you with current challenges. Then we talk about security best practices in general, such as user isolation, encryption at rest, certificate and password management with KeyVault. The final topic will explain the basics of disaster recovery plans and why you actually need them.

DevSecOps in 10 minutes

kieranjacobsen

DevSecOps, or SecDevOps has the ambitious goal of integrating development, security and operations teams together, encouraging faster decision making and reducing issue resolution times. This session will cover the current state of DevOps, how DevSecOps can help, integration pathways between teams and how to reduce fear, uncertainty and doubt. We will look at how to move to security as code, and integrating security into our infrastructure and software deployment processes.

VMware vRealize Operations Management Pack | Nagios

Blue Medora

Azure sentinal

Allied Consultants

Présentation openstackinaction v1.2Regis Allegre

CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...

Cisco DevNet

A session in the DevNet Zone at Cisco Live, Berlin. Cisco Security is committed to an extensible product porfolio that enables integration with many best of breed technology partners. Through the Cisco Security Technical Alliance program (CSTA) customers can leverage more than a dozen APIs and integration points to share data with SIEM, MDM, EDM, IR, Vulnerability Management and many other critical security technologies found in the enterprise. Integration with nearly 100 partner solutions powers automation, provides additional context that speeds the resolution of critical events and increases overall security effectiveness.

aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...

aOS Community

PIACERE - DevSecOps Automated

PIACERE

Azure Penetration Testing

Cheah Eng Soon

Dev week cloud world conf2021

Archana Joshi

Talk to executives in IT divisions of large enterprises about security and invariably the conversation will hover around DevSecOps pipeline. Is DevSecOps the only thing you need to do for security in your IT division or is there more? What impact does bringing in secure culture in an engineering context mean? What handshake is needed between the IT function and the security / risk function for large enterprises? How does this impact roles and responsibilities of a developer? This talk is an attempt to answer questions such as these using a real world examples of transformations seen in Fortune 100 companies.

Azure Security and Management

Allen Brokken

Microsoft Azure News - April 2021

Daniel Toomey

Build embedded and IoT solutions with Microsoft Windows IoT Core (BRK30077)

Callon Campbell

Access Security - Enterprise governance

Eng Teong Cheah

Cisco asa5540, best guard for enterpriseIT Tech

CloudBrew 2017 - Security + DevOps + Azure = Awesomeness

Karl Ots

Presentation at the CloudBRew 2017 conference in in 25th of November 2017 in Mechelen, Belgium. In this session, I will cover the Secure DevOps Toolkit for Azure, a set of security-related tools, Powershell modules, extensions and automations for Azure. The session is a collection of lessons learned using the Toolkit from real-life projects. After this sessions you will be able to improve the security of your Azure usage from IDE to Operations, regardless of your current state of security and level of cloud adoption.

Azure Saturday: Security + DevOps + Azure = Awesomeness

Karl Ots

Slides from my presentation at Azure Saturday on 26.5.2018 in Munich. In this session, I will cover the Secure DevOps Toolkit for Azure, a set of security-related tools, Powershell modules, extensions and automations for Azure. The session is a collection of lessons learned using the Toolkit from real-life projects. After this sessions you will be able to improve the security of your Azure usage from IDE to Operations, regardless of your current state of security and level of cloud adoption.

What's hot

Azure security architecture

Karl Ots

Azure Security Fundamentals

Lorenzo Barbieri

Azure DevOps

Surasuk Oakkharaamonphong

Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...

wwwally

Azure Key Vault

Malin De Silva

Azure security basics

Stas Lebedenko

DevSecOps in 10 minutes

kieranjacobsen

VMware vRealize Operations Management Pack | Nagios

Blue Medora

Azure sentinal

Allied Consultants

Présentation openstackinaction v1.2Regis Allegre

CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...

Cisco DevNet

aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...

aOS Community

PIACERE - DevSecOps Automated

PIACERE

Azure Penetration Testing

Cheah Eng Soon

Dev week cloud world conf2021

Archana Joshi

Azure Security and Management

Allen Brokken

Microsoft Azure News - April 2021

Daniel Toomey

Build embedded and IoT solutions with Microsoft Windows IoT Core (BRK30077)

Callon Campbell

Access Security - Enterprise governance

Eng Teong Cheah

Cisco asa5540, best guard for enterpriseIT Tech

What's hot (20)

Azure security architecture

Azure Security Fundamentals

Azure DevOps

Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...

Azure Key Vault

Azure security basics

DevSecOps in 10 minutes

VMware vRealize Operations Management Pack | Nagios

Azure sentinal

Présentation openstackinaction v1.2

CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...

aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...

PIACERE - DevSecOps Automated

Azure Penetration Testing

Dev week cloud world conf2021

Azure Security and Management

Microsoft Azure News - April 2021

Build embedded and IoT solutions with Microsoft Windows IoT Core (BRK30077)

Access Security - Enterprise governance

Cisco asa5540, best guard for enterprise

Similar to Security + DevOps + Azure = Awesomeness

CloudBrew 2017 - Security + DevOps + Azure = Awesomeness

Karl Ots

Azure Saturday: Security + DevOps + Azure = Awesomeness

Karl Ots

Secure Your Code Implement DevSecOps in Azure

kloia

IaaS Cloud Providers: A comparative analysis

Graisy Biswal

What’s New in Cloudera Enterprise 6.0: The Inside Scoop 6.14.18

Cloudera, Inc.

Improving Application Security With Azure

Softchoice Corporation

Application development and deployment in the traditional datacenter has been a challenge for many organizations primarily due to resource constraints. This has historically led to unfortunate compromises between functionality and security for business applications. With public cloud providers, we have seen the limitations to technical capabilities fall away; the attainable to the Fortune 500 has become available to organizations of any size. This yields some exciting new options for the development, deployment and operation of secure applications. Here you will find the presentation deck and recording of webinar.

Mini project on microsoft azure based on time

LawalMuhd2

How to Execute DevOps Using Azure CI CD.pptx

Xavor Corporation - Redefining Health Technology

Transform your organization with cisco cloud

solarisyougood

Accelerate Spring Apps to Cloud at Scale—Discussion with Azure Spring Cloud C...

VMware Tanzu

Accelerate Spring Apps to Cloud at Scale

Asir Selvasingh

Learn how enterprise leaders are using Azure Spring Cloud to transform their IT operations and deliver value. This moderated panel discussion will feature customers sharing real-world stories about: • Running Spring apps in the cloud at enterprise scale • Embracing hybrid as the new normal • Transforming their technology stacks • Implementing zero-trust security and network requirements • Empowering their developers to rapidly dev and deploy • Delivering value faster to their end customers

Scania's DevSecOps approach - Gamifying Security - auto:CODE

Anders Lundsgård

Microsoft Tech Series 2019 - Azure DevOps

Tomasz Wisniewski

Introducing the Oracle Cloud Infrastructure (OCI) Best Practices Framework

Revelation Technologies

As AWS became a viable cloud service provider with wide adoption, Amazon introduced back in 2015 the "AWS Well-Architected Framework" which provides architectural best practices across five pillars. Similarly, Oracle Cloud Infrastructure (OCI) introduced their own "OCI Best Practices Framework." This framework covers best practices for four "business goals" that include: security and compliance, reliability and resiliency, performance and cost optimization, and operational efficiency. Learning about and adopting these recommended best practices help you design and operate cloud topologies that deliver maximum business value. These best practices are the result of years of experience with thousands of cloud customers creating architectures that are meant to be secure, highly performant, resilient, and efficient. While not overly complex this framework can be intimidating for those newly embarking on their cloud journey; this presentation introduces the framework, walks through the business goals, and highlights some of the elements and strategies to give you a stronger idea of how this framework can benefit you.

Leveraging Azure DevOps across the Enterprise

Andrew Kelleher

Power of the cloud - Introduction to azure security

Bruno Capuano

Slides used during the session Introduction to Microsoft Azure Security Azure provides you with a wide array of configurable security options and the ability to control them so that you can customize security to meet the unique requirements of your organization’s deployments. This presentation helps you understand how Azure security capabilities can help you fulfill these requirements using options such as Azure AD, Azure Security Center, Azure Advisor, and Azure Monitor.

9 - Making Sense of Containers in the Microsoft Cloud

Kangaroot

Everyone is talking about Containers, but what is this really about what are the benefits of Containers for your customers? You probably think you know, but there is more! And did you know you can run and manage Containers in the Microsoft Cloud? This session will go in to the benefits of Containers for your customers and what Microsoft is offering to facilitate in all your needs. We will touch on technologies like Kubernetes, Docker and we will elaborate on the strong partnerships Microsoft has built with true Open Source companies like Red Hat.

Lecture 29

Skillspire LLC

DevSecOps: Security With DevOps

Knoldus Inc.

Introducing Cloud Development with Project Shipped and Mantl: a deep dive

Cisco DevNet

A session in the DevNet Zone at Cisco Live, Berlin. Developers are driving the market for cloud consumption and leading each industry into the new era of software defined disruption. There are no longer questions about whether elastic and flexible agile development are the way to innovate and reduce time to market for businesses. In addition, businesses are moving to application development architectures leveraging microservices, which are becoming increasingly important to their business strategy. When making the decision to build and operate an application on a physical or cloud platform, microservices are becoming central to architecture and strategy. This session will clearly define what a microservices infrastructure is and how it enables elastic, flexible, and portable application workload deployment. The Mantl platform will be introduced, with each component described and demonstrated. Project Shipped will be used to build, deploy and run an application.

Similar to Security + DevOps + Azure = Awesomeness (20)

CloudBrew 2017 - Security + DevOps + Azure = Awesomeness

Azure Saturday: Security + DevOps + Azure = Awesomeness

Secure Your Code Implement DevSecOps in Azure

IaaS Cloud Providers: A comparative analysis

What’s New in Cloudera Enterprise 6.0: The Inside Scoop 6.14.18

Improving Application Security With Azure

Mini project on microsoft azure based on time

How to Execute DevOps Using Azure CI CD.pptx

Transform your organization with cisco cloud

Accelerate Spring Apps to Cloud at Scale—Discussion with Azure Spring Cloud C...

Accelerate Spring Apps to Cloud at Scale

Scania's DevSecOps approach - Gamifying Security - auto:CODE

Microsoft Tech Series 2019 - Azure DevOps

Introducing the Oracle Cloud Infrastructure (OCI) Best Practices Framework

Leveraging Azure DevOps across the Enterprise

Power of the cloud - Introduction to azure security

9 - Making Sense of Containers in the Microsoft Cloud

Lecture 29

DevSecOps: Security With DevOps

Introducing Cloud Development with Project Shipped and Mantl: a deep dive

More from Karl Ots

TechDays Finland 2020: Best practices of securing web applications running on...

Karl Ots

The multitude of security controls and guidelines for both Kubernetes and Azure can be overwhelming. Based on real-life experiences from securing web applications running on Azure Kubernetes Service, Karl has compiled a list of best practices that bring them together. In this session, you will learn how to build, operate and develop secure web applications on top of Azure Kubernetes Service. After this session, you will know which security controls are available, how effective they are and what will be the cost of implementing them.

IglooConf 2020: Best practices of securing web applications running on Azure ...

Karl Ots

Building an Enterprise-Grade Azure Governance Model

Karl Ots

As presented at the CloudBrew 2019 conference in 13.12.2019. When proper governance model is followed, your Azure application development teams are operating in a secure and compliant Azure environment during design, development and operations. In this "lessons learned" type of session, Karl will will share practical tips on how to build a comprehensive Azure governance model, based on real-life experiences from working with multi-billion dollar corporations. After this session, you should have a better understanding of Azure governance best practices and in-house team roles & responsibilities. You will also have an overview of the technical fundamentals of a comprehensive Azure Governance.

CloudBurst Malmö: Best practices of securing web applications running on Azur...

Karl Ots

The multitude of security controls and guidelines for both Kubernetes and Azure can be overwhelming. Based on real-life experiences from securing web applications running on Azure Kubernetes Service, Karl has compiled a list of best practices that bring these worlds together. In this session, you will learn how to build, operate and develop secure web applications on top of Azure Kubernetes Service. After this session, you will know which security controls are available, how effective they are and what will be the cost of implementing them.

IT Camp 19: Top Azure security fails and how to avoid them

Karl Ots

FAUG Jyväskylä 28.5.2019 - Azure Monitoring

Karl Ots

DevSum - Top Azure security fails and how to avoid them

Karl Ots

Techorama Belgium 2019 - Building an Azure Governance model for the Enterprise

Karl Ots

In this session Karl will walk you through the fundamentals of building a comprehensive Azure Governance model, based on real-life experiences with working on multi-vendor hybrid IaaS / PaaS projects in the enterprise. When proper governance model is followed, you can ensure your teams are operating in a secure and compliant Azure environment during design, development and operations. After this session, you should have a better understanding of Azure governance best practices and in-house team roles & responsibilities. You should also have an overview of the technical implementation of governance controls. As presented in Antwerpen, Belgium at 22nd of May 2019.

Techorama Belgium 2019: top Azure security fails and how to avoid them

Karl Ots

Azure Low Lands 2018: Monitoring real life Azure applications when to use wha...

Karl Ots

Modern applications leverage a variety of services, and often span across on premises, IaaS, PaaS and SaaS. Monitoring these environments is different from traditional systems. We have more and more data available from the platform with the likes of ARM Activity Logs, Azure Monitor, Log Analytics and Application Insights. With a massive amount of signal and noise being generated in all these systems, how do we get our arms around what is happening? Is my application impacted in an ongoing Azure outage? Are my integrations intact? Which services from Azure should I use to monitor my application end-to-end? Come and hear how to answer these questions. After the session, you’ll have deeper understanding of end-to-end monitoring techniques in Azure solutions and know which services to choose for which scenario. As presented in Rotterdam at Azure Low Lands 2019.

IglooConf 2019 Secure your Azure applications like a pro

Karl Ots

UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...

Karl Ots

As presented on 22th of November 2018 in Prague. Modern applications leverage a variety of services, and often span across on premises, IaaS, PaaS and SaaS. Monitoring these environments is different from traditional systems. We have more and more data available from the platform with the likes of ARM Activity Logs, Azure Monitor, Log Analytics and Application Insights. With a massive amount of signal and noise being generated in all these systems, how do we get our arms around what is happening? Is my application impacted in an ongoing Azure outage? Are my integrations intact? Which services from Azure should I use to monitor my application end-to-end? Come and hear how to answer these questions. After the session, you’ll have deeper understanding of end-to-end monitoring techniques in Azure solutions and know which services to choose for which scenario.

UpdateConf 2018: Top 18 Azure security fails and how to avoid them

Karl Ots

Top Azure security fails and how to avoid them

Karl Ots

Top 18 azure security fails and how to avoid them

Karl Ots

Monitoring real-life Azure applications: When to use what and why

Karl Ots

Slides from my presentation at Intelligent Cloud Conf on 29.5.2018 in Copenhagen Modern applications leverage a variety of services, and often span across on premises, IaaS, PaaS and SaaS. Monitoring these environments is different from traditional systems. We have more and more data available from the platform with the likes of ARM Activity Logs, Azure Monitor, Log Analytics and Application Insights. With a massive amount of signal and noise being generated in all these systems, how do we get our arms around what is happening? Is my application impacted in an ongoing Azure outage? Are my integrations intact? Which services from Azure should I use to monitor my application end-to-end? Come and hear how to answer these questions. After the session, you’ll have deeper understanding of end-to-end monitoring techniques in Azure solutions and know which services to choose for which scenario. .

Navigating in the sea of containers in azure when to choose which service and...

Karl Ots

As presented on 21st of March 2018 at TechDays Finland. There’s a plethora of Container-related services available in Azure. Azure Container Instance, Azure Container Registry, and Azure Container Service to name a few. It can be hard to get your head around all of them, especially if you come from Microsoft background as I did. I will cover each of these services in this talk, explain their differencies and help you figure out which scenarios they fit best. If you’re new to Containers, you should feel more comfortable around them after this session.

Kubernetes in Azure

Karl Ots

There’s a plethora of Container-related services available in Azure: Azure Container Instance, Azure Container Service, managed Kubernetes and managed container registry to name a few. I will cover the most useful container and container orchestration related services in this talk, explain their differences and help you figure out which scenarios they fit best. As presented by Karl Ots, Azure MVP at CNCF & Kubernetes Finland meetup. on February 22, 2018.

Securing Azure Infrastructure

Karl Ots

Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200

Karl Ots

Presented at TechDays Sweden on 25.10.2017. Modern applications leverage a variety of services, and often span across onpremises, public cloud, IaaS and PaaS. Monitoring these environments is different from traditional systems. We have more and more data available from the platfrom with the likes of ARM Activity Logs, Azure Monitor, MOMS and Application Insights. With a massive amount of signal and noise being generated in all these systems, how do we get our arms around what is happening? How will I know if my application uptime is impacted? Are my servers handling the load? Are my integrations still running as they should? How many users are impacted by the incident and what is the root cause? Come and hear how to answer these questions as I walk through what actionable monitoring means in Azure applications. We will cover recent updates to the platform and tooling. After the session, you’ll have deeper understanding of end-to-end monitoring techniques in Azure solutions. http://tdswe.se/

More from Karl Ots (20)

TechDays Finland 2020: Best practices of securing web applications running on...

IglooConf 2020: Best practices of securing web applications running on Azure ...

Building an Enterprise-Grade Azure Governance Model

CloudBurst Malmö: Best practices of securing web applications running on Azur...

IT Camp 19: Top Azure security fails and how to avoid them

FAUG Jyväskylä 28.5.2019 - Azure Monitoring

DevSum - Top Azure security fails and how to avoid them

Techorama Belgium 2019 - Building an Azure Governance model for the Enterprise

Techorama Belgium 2019: top Azure security fails and how to avoid them

Azure Low Lands 2018: Monitoring real life Azure applications when to use wha...

IglooConf 2019 Secure your Azure applications like a pro

UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...

UpdateConf 2018: Top 18 Azure security fails and how to avoid them

Top Azure security fails and how to avoid them

Top 18 azure security fails and how to avoid them

Monitoring real-life Azure applications: When to use what and why

Navigating in the sea of containers in azure when to choose which service and...

Kubernetes in Azure

Securing Azure Infrastructure

Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Product School

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

The Future of Platform Engineering

Jemma Hussein Allen

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

Knowledge engineering: from people to machines and back

Elena Simperl

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

DevOps and Testing slides at DASA Connect

Kari Kakkonen

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 3

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Elevating Tactical DDD Patterns Through Object Calisthenics

Securing your Kubernetes cluster_ a step-by-step guide to success !

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Accelerate your Kubernetes clusters with Varnish Caching

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

The Future of Platform Engineering

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Knowledge engineering: from people to machines and back

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Essentials of Automations: Optimizing FME Workflows with Parameters

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

Assuring Contact Center Experiences for Your Customers With ThousandEyes

GraphRAG is All You need? LLM & Knowledge Graph

DevOps and Testing slides at DASA Connect

How world-class product teams are winning in the AI era by CEO and Founder, P...

Security + DevOps + Azure = Awesomeness

1. SECURE DEVOPS KIT FOR AZURE CLOUDBURST 6.10.2017

2. A”ZED” SDK CLOUDBURST 6.10.2017

3. KARL OTS @ KOMPOZURE • Co-organizer of Finland Azure User Group and IglooConf • Working on Azure since 2011 • Patented inventor • Worked with tens of different customers on full-scale Azure projects, from startups to Fortune 500 enterprises Managing Consultant, Kompozure Ltd Karl.ots@kompozure.com

6. WHY AZSDK • Cloud security is hard. • Knowledge of Azure security controls is not widespread. • MS IT wanted to accelerate internal Azure adoption in a controlled way • Vision: avoid reinventing the wheel o Use as much out-of-the-box Azure features as possible o For example: outsource VM controls to Security Center

8. AZSDK USAGE FLOW

9. INSTALLATION

10. SUBSCRIPTION SECURITYSubscription RBAC provisioning Deploy mandatory and scenario/solution specific accounts/groups on a subscription. Ability to specify and remove deprecated accounts. Alerts setup Configure insights-based alerts for important activities. Runbooks for critical alerts to send SMS with key alert body info. ARM policy setup Deploy and enable ARM policy definitions (e.g., audit/deny use of ASM/v1 resources) ASC setup Configure Azure Security Center by enabling policies, setting security POCs, etc. Resource Locks Ensure that critical enterprise resources have locks deployed on them. Health Check More than a dozen subscription hygiene security checks, including proper provisioning

11.

12. DEVELOP SECURELY Feature Scenarios/Details Development Security IntelliSense • Get inline support for secure coding right at the point of code creation. • Checks on Azure Best practices, ADAL and common crypto • VS plug-in for C#. • Security IntelliSense extension works on Visual Studio 2015 Update 3 or later.

13.

14. SPOT CHECK SECURITY Feature Scenarios/Details Development Security IntelliSense • Get inline support for secure coding right at the point of code creation. • Checks on Azure Best practices, ADAL and Crypto • VS plug-in for C#. Security Verification Tests • Scan cloud solutions during early dev and prototyping stages. • Provides a variety of options to define scan targets. • Easy, intuitive reports and detailed logs. Support for 25+ Azure IaaS and PaaS service types.

15.

16.

17. DEMO TIME!

18. AZSDK USAGE FLOW

19.

20.

21.

22.

23. DISCUSSION • AzSDK is not your magic bullet to tick the security box o AzSDK mostly covers “administrative access” in traditional threat models, some “application access” as well o You still have to worry about users, external threats and more o Threat modeling and Defense in Depth approach are your friends! • Carefully analyze the results in the scope of your application – are the recommended controls right for your app? • New in 2.6.1 o Generate PDF Report o Generate Fix Script

24. Role How to use AzSDK Subscription Owner • Check the overall security health of your Azure subscription. • Ensure that AzSDK artifacts are properly provisioned. Developer Team • Get inline support with security tips and corrections while writing code for Azure apps (and also standard web applications in general). • Test that Azure resources you are using for your application/solutions are configured and deployed securely. • Enable security in CICD by including various security tests in the build/release pipelines Deployment Team • Control deployment workflows according to outcomes of security checks. Operations Team • Observe the security state with subscription health checks and SVT’s. • Track security state in a 'continuous' manner • Provide support and templates for frequently failing operational security activities such as key rotation, access reviews, public ips, etc.

25. RESOURCES • Try out the Secure DevOps Kit for Azure! • Installation guide, docs: http://aka.ms/azsdkossdocs • Controls coverage: http://aka.ms/azsdkosstcp • IT Showcase: http://aka.ms/azsdk/itshowcase • Support: azsdksupext@microsoft.com

Security + DevOps + Azure = Awesomeness

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Security + DevOps + Azure = Awesomeness

Similar to Security + DevOps + Azure = Awesomeness (20)

More from Karl Ots

More from Karl Ots (20)

Recently uploaded

Recently uploaded (20)

Security + DevOps + Azure = Awesomeness