Security Solutions in Azure

Size: px

Start display at page:

Download "Security Solutions in Azure"

Ross Fleming
5 years ago
Views:

2 Security Solutions in Azure Dylan de Jong Cloud solution architect

3 Welk jaar was dit? ADD A FOOTER

4 Welk jaar werd het Microsoft Azure? 4 ADD A FOOTER

5 10 Jaar + Geleden ADD A FOOTER

6 Security 10 +Jaar Geleden 2

7 You own your data and identities and the responsibility for protecting them. You own the security of on-premises resources Your DATACENTER Your RESPONSIBILITY

8 Microsoft cloud services are built on a foundation of trust and security. Microsoft provides you security controls and capabilities to help you protect your data and applications. You own your data and identities and the responsibility for protecting them. You own the security cloud components you control (varies by service type)

9 TRADITIONAL SECURITY

10 TRADITIONAL SECURITY CLOUD SECURITY

11 TRADITIONAL SECURITY CLOUD SECURITY IaaS Containers PaaS Serverkess SaaS

assets Virtual machines and networks Datacenter

12 Cloud security is a shared responsibility Secure foundation Microsoft provides built-in controls Physical assets Virtual machines and networks Datacenter operations Apps and workloads Cloud infrastructure Data Microsoft Corporation

13 Must have platform capabilities to keep your solutions secure and well-managed Governance Security Resiliency Monitoring Automate Proactively apply policies and optimize assets Industry leading Security with Advanced Threat Protection High availability and protection for VMs, apps and data Deep operational insights with rich intelligence Powerful scripting, configuration and update management

14 Platform Services Portal Azure Active Directory Azure AD B2C Multi-Factor Authentication Media Services API Management Logic Apps Media Analytics BizTalk Services Service Bus Content Delivery Network Web Apps API Apps Service Fabric Mobile Apps Cloud Services Notification Hubs Functions SQL Database SQL Server Stretch Database SQL Data Warehouse Redis Cache Storage Tables DocumentDB Cognitive Services Bot Framework Cortana Azure Search Azure AD Health Monitoring AD Privileged Identity Management Domain Services Backup Automation Operational Analytics Scheduler Key Vault Store/ Marketplace VM Image Gallery & VM Depot Container Service Batch VM Scale Sets RemoteApp Visual Studio VS Team Services Application Insights Mobile Engagement Xamarin HockeyApp Infrastructure Services HDInsight IoT Hub Data Catalog Event Hubs Machine Learning Data Lake Analytics Service Data Factory Stream Analytics Data Lake Store Power BI Embedded Import/Export Azure Site Recovery StorSimple

16 "policyrule": { "if": { "not": { "field": "location", "in": "[parameters('listofallowedlocation s')]" } }, "then": { "effect": "Deny" } } Resources Policies RBAC Policy Enforce or audit rules to ensure compliance. Blueprints Quickly create multiple subscriptions with resources, policies and users already setup. Management groups Map your organizational structure into Azure to enable governance in multitenant and cross-regional scenarios Azure Resource Manager + Azure Resource Graph

18 Policy Definitions Role-based Access ARM Templates providing control over the cloud environment, without sacrificing developer agility 1. Environment Factory: Deploy and update cloud environments in a repeatable manner using composable artifacts Management Groups Subscriptions CRUD Query Azure Resource Manager (ARM) 2. Policy-based Control: Real-time enforcement, compliance assessment and remediation at scale 3. Resource Visibility: Query, explore & analyze cloud resources at scale

19 Governance Security Resiliency Monitoring Automate IaaS Containers PaaS Serverless On-prem & other Clouds No

21 RUIN ATTACKER S ECONOMIC MODEL BREAK THE KNOWN ATTACK PLAYBOOK RAPID DETECTION, RESPONSE, RECOVERY ELIMINATE OTHER ATTACK VECTORS

Netflow, SQL DB and Storage Logs, Threat Detections, Prescriptive Recommendations Security Dashboards Security Dashboards Deliver Deliver Rapid Insights into Rapid Insights into Security Security

22 Netflow, SQL DB and Storage Logs, Threat Detections, Prescriptive Recommendations Security Dashboards Security Dashboards Deliver Deliver Rapid Insights into Rapid Insights into Security Security State Across All State Across All Workloads Workloads Windows Events, Syslog, CEF, Configurations IP Geotagging, Actionable Security Recommendations Curated, Prioritized Security Alerts Investigation Tools and Log Search Export to Excel and Power BI REST APIs Automation Notifications

24 Governance Security Resiliency Monitoring Automate IaaS IaaS Containers Containers PaaS PaaS Serverless Serverless On-prem & other Clouds No On-prem & other Clouds

26 Governance Security Resiliency Monitoring Automate IaaS Containers PaaS Serverless On-prem & other Clouds No IaaS Containers PaaS Serverless On-prem & other Clouds IaaS Availability sets Zones Azure Backup ASR Infra as code Containers Availability sets Zones Azure Backup ASR Infra as code PaaS Infra as Code Serverless Infra as code On-prem & other Clouds..

28 Azure Platform Monitoring Application Insights Log Analytics (OMS) Azure Notifications ( , webhook, SMS) Azure Platform Monitoring Available by default, out-of-the-box for all Azure services Application Insights Integrated platform + application monitoring experiences for Azure compute and web Log Analytics (OMS) Rich Solutions & search on monitoring data across platform & apps in Azure, on-prem and hybrid cloud workloads Azure Notifications Notify customer via their preferred communication method, including and SMS, and webhook for automation

29 Azure Monitor Insights Application Container VM Monitoring Solutions Application Metrics Visualize Dashboards Views Power BI Workbooks Infrastructure Network Logs Analyze Metrics Explorer Log Analytics Custom Stores Respond Alerts Autoscale Integrate Event Hubs Logic Apps Ingest & Export APIs Microsoft Corporation

31 Governance Security Resiliency Monitoring Automate IaaS Containers PaaS Serverless On-prem & other Clouds No IaaS Containers PaaS Serverless On-prem & other Clouds IaaS Availability sets Zones Azure Backup ASR Infra as code Containers Availability sets Zones Azure Backup ASR Infra as code PaaS Infra as Code Serverless Infra as code On-prem & other Clouds.. IaaS Azure Monitor App Insights Containers Azure Monitor App Insights PaaS Azure Monitor App Insights Serverless App Insights On-prem & other Clouds Azure Monitor App Insights

33 Governance Security Resiliency Monitoring Automate IaaS Containers PaaS Serverless On-prem & other Clouds no IaaS Containers PaaS Serverless On-prem & other Clouds IaaS Availability sets Zones Azure Backup ASR Infra as code Containers Availability sets Zones Azure Backup ASR Infra as code PaaS Infra as Code Serverless Infra as code On-prem & other Clouds.. IaaS Azure Monitor App Insights Containers Azure Monitor App Insights PaaS Azure Monitor App Insights Serverless App Insights On-prem & other Clouds Azure Monitor App Insights IaaS Azure Automation Azure Devops 3 d party Containers Azure Automation Azure Devops 3 d party PaaS Azure Automation Azure Devops Functions Serverless Azure Automation Azure Devops Functions

34 TRADITIONAL SECURITY CLOUD SECURITY Governance Security Resiliency Monitoring Automate

35 The end