Post on 15-Apr-2017
SECRUE APPLICATION ARCHITECTURE IN AZURE
Intro: Your Presenter
Tadd AxonMicrosoft Services Practice
Lead
• MS Practice Lead
• Background in IT Operations, system architecture,
• Information security, security & compliance audit
Agenda
• Public cloud has changed the (development) world
• Tools to support secure application architecture
• Cloud Provider Capabilities to support security
• Technologies to accelerate secure application development
• The Learning Curve
• Demo
• Q&A – Post an IM anytime
Impact of Public Cloud
• Tools, capabilities, and technologies once only available to large enterprise are now accessible and affordable
• The burden of maintaining the supporting infrastructure for these is greatly reduced
• Responsibility for delivery of security is split o Cloud provider has contractual obligation to provide secure foundation and
it serves their best interest to do so, and provide transparencyo Cloud provider shoulders the burden for attracting and retaining security talento Cloud consumer focusses on the security of the application versus application
and entire supporting infrastructure
Supporting Tools for Secure Applications
TOOL CAPABILITY
Azure Security Center Alerts, Analysis, Recommendations
Azure AD Identity Protection Alerts, Analysis, Guidance, Policy and Enforcement
Application Insights Performance metrics, code level issues
Operations Management Suite Log analytics, assessment, recommended actions
Azure Security Center
270%
Azure Identity Protection
Azure Application Insights
Azure Operations Management Suite
Q&A
Supporting Capabilities for Secure Applications
CAPABILITY BENEFITS
AZURE RESOURCE MANAGER
• Template based deployment• Manage application infrastructure as source code• Idempotency• Resource Policy• Resource Locks
AZURE STORAGE ENCRYPTION
• Encryption for Data at Rest• Client side libraries for encryption in transit
Supporting Technologies for Secure Applications
• API Managemento Publish APIs rapidly, even from “legacy” serviceso Secure access and protect from overuse
• Azure KeyVaulto HSM based storage for secrets (passwords, cryptographic keys)o Auditable
• Azure SQLo Azure AD integration for role based access control at the DB levelo Least-privilege design for access to DB services
• Virtual Machine Scale Setso Idempotent deployment at scaleo Disposable, ephemeral worker nodes
Q&A
DEMO
The Learning Curve
• The learning curve for this can appear steep
• There are a multitude of resourceso Sample code and templates to provision resourceso Architecture Guidanceo Development Guidanceo Strong community of MS Partners
Q&A