Azure Security Solutions
*** Please note: An updated version of this course is available here. ***
Security is a critical concern for anyone who uses the cloud. Microsoft takes this seriously and built and operates the Azure Platform with security as a key principle. Microsoft secures data centers, and management applications; and provides pay-as-you-go security services. Learn how to take advantage of these security features and services to enable strong security practices in your organization and to protect and secure your own cloud applications.
This course is for security engineers, chief security officers, solution architects, information technologists or anyone wanting to understand security options within the Azure platform.
Viewers should have a basic understanding of cyber security, authentication and authorization best practices, and encryption. Some familiarity with the Azure platform will also be helpful but is not required.
- Understand the shared responsibility model
- Learn how to secure Azure resources such as virtual machines and storage accounts
- Learn how to secure your Azure-based applications
- Learn how to monitor your Azure resources with Azure Security Center
Welcome and Introduction: A brief introduction to the course and an overview of what Bill and Maura will be covering.
Shared Responsibility: In this lesson we'll cover Cyber Security, using CIA Principle: Confidentiality – Integrity. Availability; what security professionals do to ensure the parts of CIA: Prevent – Detect – Respond.
Microsoft’s responsibilities and their own security/compliance processes. What a customer is responsible for. And finally the tools that Azure provides, including AAD, Encryption, secure networking
Protecting Accounts: In this lesson we'll cover Azure Active Directory, and Mult-Factor Authorization.
Securing the Azure Portal: In this lesson we'll cover role-based access control.
Indentity Management for Apps: In this lesson we'll cover AAD protection and integration for business Apps.
Network Security: In this lesson we'll cover Virtual Private Networks and firewalls.
Data Security: In this lesson we'll cover Encryption and Masking.
Secrets Management: In this lesson we'll cover Key Vault and Shared Access Signatures.
Monitoring and Audting: In this lesson we'll discuss the Azure Security Center.
Course Conclusion: Course Wrap-Up
In this class, we've covered a lot of the features and services that Azure provides to help you secure your applications. Let's review some of what we've covered.
We talked about the Shared Responsibility Model and described the responsibilities of Microsoft Azure and the responsibilities for you, the Azure customer. We've seen how Microsoft provides role-based access control for Azure resources. We've seen how you can use Azure Active Directory to enforce authentication to your own applications. We've also seen how you can use Azure Active Directory B2C to provide identity and access management using social logins. We've covered various options for securing your data at-rest and in-transit. We looked at securing networks and virtual machines by a network security groups and firewalls. We've looked at Azure Key Vault, a service for key and secret management as well as the Azure shared access signature technology.
And we've looked at Azure Security Center, a monitoring tool for your Azure resources, and we've mentioned how OMS and Azure Monitoring fit in. Remember, when we move infrastructure and applications to the Cloud, we don't give up our responsibility for security. We have just as much responsibility in the Cloud, as we had outside the Cloud in many areas. We need to probably encrypt and transfer data. We need to appropriately authorize users. We need to ensure that we continually monitor our infrastructure and keep our security defenses up to date at all times. With Azure, Microsoft has created, and continues to create, great security features and services to help us with this effort. Thank you for joining us and our exploration of Azure Security Solutions.
We'll leave you with this list of resource links providing more information on Azure and Cloud security that you may want to check out as next steps. And finally, thanks Josh Lane for technical review and Elizabeth O'Connor for artwork and video editing.
Bill Wilder is a hands-on architect currently focused on building cloud-native solutions on the Microsoft Azure cloud platform. Bill is CTO at Finomial which provides SaaS solutions to the global hedge fund industry from the cloud, co-founded Development Partners Software in 1999, and has broad industry experience with companies of all sizes – from modest startups to giant enterprises. Bill has been leading the Boston Azure group since founding it in 2009, has been recognized as a Microsoft MVP for Azure since 2010, and is author of Cloud Architecture Patterns (O’Reilly Media, 2012). He speaks frequently at community events, and occasionally at conferences, usually on topics relating to cloud, cybersecurity, and software architecture.