Building Modern Apps with the

Secure DevOps Kit for AzureNotes:

If you experience audio issues during the webinar, you can dial in through telephone details provided to you in

your registration confirmation email.

Please feel free to post questions in the questions dialog & we will try to answer as many as we can at the end.

Recording of this session will be shared in next 24-48 hours.

You can also write to us at marketing@winwire.com for any clarifications or information.

Session Speaker

Viplove Sharma

Technical Architect

WinWire Technologies

Agenda

3. Secure DevOps Kit for Azure

4. Toolkit Adoption at Microsoft

2. Security Challenges of DevOps

5. Q & A

1. DevOps and Azure

DevOps

A software development approach that establishes

Communication and collaboration

within development teams

Automation and monitoring of the

processes

Rapid, frequent and more reliable

software development

DevOps in Azure

DevOps Tool

Visual Studio Team

Services (VSTS)

Continuous

Integration

Ensure merged & unit-

tested code at all time

Continuous

Delivery

Create environments/

pipeline, deploy/

release services to

Azure

Monitor

Monitor using VSTS

Dashboard,

Application Insights

Service Fabric Cluster

Deploy

Git RepositoryDev Branch

Code Checked In

Yes

No

Build Success

Trigger Build & Unit Test

Sent for Approval

Notify UsersTrigger Release

Git RepositoryStaging Branch

Merge Code

Trigger Build & Unit Test

No

Build Success

Notify Users

Approved

Application Architecture

YesSent for Approval

Trigger Release

Approved

Development

Service Fabric Cluster

Staging

Service Fabric Cluster

Production East

Service Fabric Cluster

Production West

Git RepositoryProduction Branch

Trigger Build & Unit Test

No

Build Success

Notify Users

YesSent for Approval

Trigger Release

Approved

Deploy

Deploy

Deploy

VSTS Build Definition

VSTS Release Management

Security Challenges of DevOps

2. Traditional security methods are not flexible enough

to adapt to the above changes

• Quicker, more frequent deployments

1. DevOps in Azure has changed the IT ecosystem

• More complex development environments

• Constantly changing applications

• Developers responsible for operational responsibilities

Secure DevOps Kit for AzureA set of automation, extensions, plugins, templates, modules, and other tools that combine to offer a security-

focused development workflow for our DevOps engineering teams working in Azure

Subscription

Security

Security

IntelliSense

Security

Verification

Tests (SVTs)

CI/CD build/

release

extensions

Continuous

Assurance

runbooks

OMS

solution for

alerting &

monitoring

Telemetry

dashboard

1

2

3

4

5

6

Provision security in subscription

Make data-driven

improvements to security

Develop securely, spot check

security via scripts

Deploy securely from VSTS build/

release pipeline

Periodically scan in production to watch for

drift

Single security dashboard

across DevOps stages

1. Subscription Security

Subscription

Security

Security

IntelliSense

Security

Verification

Tests (SVTs)

CI/CD build/

release

extensions

Continuous

assurance

runbooks

OMS

solution for

alerting &

monitoring

Telemetry

dashboard

A package of scripts and programs that help ensure

secure provisioning, configuration, & administration

of an Azure subscription

• Health Check Script – for security issues,

misconfigurations, or obsolete settings

• Provisioning Script – for access control, alerts,

policies, contacts

2. Secure Development

Subscription

Security

Security

IntelliSense

Security

Verification

Tests (SVTs)

CI/CD build/

release

extensions

Continuous

assurance

runbooks

OMS

solution for

alerting &

monitoring

Telemetry

dashboard

Components ensure that security is integrated

into the day-to-day development process, that

include

• Security Verification Tests (SVTs) – built-in

security controls for Azure services

• Security IntelliSense – guidance on secure

coding best practices for developers while they

code

3. Security in CI/CD

Subscription

Security

Security

IntelliSense

Security

Verification

Tests (SVTs)

CI/CD build/

release

extensions

Continuous

assurance

runbooks

OMS

solution for

alerting &

monitoring

Telemetry

dashboard

• AzSDK extension for VSTS – is private, needs to

requested for

• Build/release task for Security Verification Tests

(SVTs) in CI/CD pipeline

4. Continuous Assurance

Subscription

Security

Security

IntelliSense

Security

Verification

Tests (SVTs)

CI/CD build/

release

extensions

Continuous

assurance

runbooks

OMS

solution for

alerting &

monitoring

Telemetry

dashboard

Continuous Assurance (CA):• Prevents security state drift in the wrong

direction

• Helps to stay current with security

improvements

• Encourages adherence to operational best

practices

Tools include:• Azure Automation runbooks

• Azure Resource Manager templates

• PowerShell scripts

5. Alerting and Monitoring

Subscription

Security

Security

IntelliSense

Security

Verification

Tests (SVTs)

CI/CD build/

release

extensions

Continuous

assurance

runbooks

OMS

solution for

alerting &

monitoring

Telemetry

dashboard

Operations Management Suite (OMS) displays the

security state and trends as reported by the

different components of the kit

6. Security Telemetry

Subscription

Security

Security

IntelliSense

Security

Verification

Tests (SVTs)

CI/CD build/

release

extensions

Continuous

assurance

runbooks

OMS

solution for

alerting &

monitoring

Telemetry

dashboard

Security telemetry is routed to Application

Insights, and viewed on a Power BI

dashboard, with three primary views:

• Usage of the DevOps Kit across the

enterprise

• Aggregate cloud-related risks across service

lines

• Common errors/challenges that developers

face while using the kit

Secure DevOps Kit at Microsoft

1

2

3

4

5

Reduction in development time

and costs

Higher awareness of security in

development teams

Easier transition to

DevOps

Simple processes for checking

existing solutions

Easier assurance checks and

problem resolution

Around 50% of Microsoft IT Azure subscriptions use Secure DevOps kit, bringing the

following benefits:

Use the Kit if you are…

1

2

3

4

5

Moving your applications to or

have already moved to Azure

Following agile development

methodologies

Looking at automating your

development processes

Building highly-secure

applications for top clients

Aiming to reduce costs to

ensure security

Q & A Next Webinar• Website: www.winwire.com

• Email: marketing@winwire.com

• Blog: http://www.winwire.com/blog-winsights/

• Twitter: www.twitter.com/winwire

• Topic: Microsoft 365 (Formerly known as

Secure Productive Enterprise)

• When: September 28th at 9 AM PST