SECRUE APPLICATION ARCHITECTURE IN AZURE

Intro: Your Presenter

Tadd AxonMicrosoft Services Practice

Lead

• MS Practice Lead

• Background in IT Operations, system architecture,

• Information security, security & compliance audit

Agenda

• Public cloud has changed the (development) world

• Tools to support secure application architecture

• Cloud Provider Capabilities to support security

• Technologies to accelerate secure application development

• The Learning Curve

• Demo

• Q&A – Post an IM anytime

Impact of Public Cloud

• Tools, capabilities, and technologies once only available to large enterprise are now accessible and affordable

• The burden of maintaining the supporting infrastructure for these is greatly reduced

• Responsibility for delivery of security is split o Cloud provider has contractual obligation to provide secure foundation and

it serves their best interest to do so, and provide transparencyo Cloud provider shoulders the burden for attracting and retaining security talento Cloud consumer focusses on the security of the application versus application

and entire supporting infrastructure

Supporting Tools for Secure Applications

TOOL CAPABILITY

Azure Security Center Alerts, Analysis, Recommendations

Azure AD Identity Protection Alerts, Analysis, Guidance, Policy and Enforcement

Application Insights Performance metrics, code level issues

Operations Management Suite Log analytics, assessment, recommended actions

Azure Security Center

270%

Azure Identity Protection

Azure Application Insights

Azure Operations Management Suite

Q&A

Supporting Capabilities for Secure Applications

CAPABILITY BENEFITS

AZURE RESOURCE MANAGER

• Template based deployment• Manage application infrastructure as source code• Idempotency• Resource Policy• Resource Locks

AZURE STORAGE ENCRYPTION

• Encryption for Data at Rest• Client side libraries for encryption in transit

Supporting Technologies for Secure Applications

• API Managemento Publish APIs rapidly, even from “legacy” serviceso Secure access and protect from overuse

• Azure KeyVaulto HSM based storage for secrets (passwords, cryptographic keys)o Auditable

• Azure SQLo Azure AD integration for role based access control at the DB levelo Least-privilege design for access to DB services

• Virtual Machine Scale Setso Idempotent deployment at scaleo Disposable, ephemeral worker nodes

Q&A

DEMO

The Learning Curve

• The learning curve for this can appear steep

• There are a multitude of resourceso Sample code and templates to provision resourceso Architecture Guidanceo Development Guidanceo Strong community of MS Partners

Q&A