SlideShare a Scribd company logo

Securing Red Hat workloads on Azure - Summary Presentation

Principled Technologies
Principled Technologies

Leveraging the strength of cloud-native security As organizations of all sizes continue to adopt the cloud, security remains a serious concern, particularly for industries with stringent compliance requirements. Microsoft Azure, with its extensive service portfolio and integration capabilities, and Red Hat, with its enterprise-grade open-source solutions, combine to offer a robust cloud environment for those prioritizing security. This report has highlighted key security features from both vendors, demonstrating how their collaboration can help organizations protect their data and meet evolving security needs. We encourage organizations deploying Red Hat workloads on Azure to further delve into the publicly available material we have referenced and determine how best to configure their solutions to meet their particular security needs.

Technology
1 of 15
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
PT logo A Principled Technologies presentation: Hands-on testing. Real-world results. PT logo Securing Red Hat workloads on Azure: Leveraging the strength of cloud-native security February 2025
PT logo www.principledtechnologies.com About PT Principled Technologies, Inc. (PT) is the leading provider of third-party competitive marketing services for technology. Our hands-on testing mirrors the way real users work with your product and delivers proof points you and they can count on, while our award-winning competitive marketing contextualizes those claims. Learn more at www.principledtechnologies.com. PT logo About our research To explore how Azure can secure Red Hat® workloads in the cloud, we used publicly available materials and interviews with Microsoft and Red Hat subject matter experts (SMEs). Our goal was to research the security features that each platform offers and how they intersect to provide enhanced protection for Red Hat on Azure customers. We found several areas where the two platforms work together to offer a great deal of value, and in our research report, we provide some detail on key security features and benefits available to customers in the Azure and Red Hat ecosystems. This PowerPoint deck summarizes our report, which you can read at https://facts.pt/G94Mifm. February 2025
PT logo Security principles of Azure Shared responsibility model An organization’s security team maintains some responsibilities for securing applications, data, containers, and workloads in the cloud, while Azure also takes some responsibility. Defense in Depth Azure customers should implement security at many levels to mitigate the risk of any point of failure. Zero Trust Zero Trust security always assumes breach and thus requires systems and users to verify every request as though it originated from an uncontrolled network. Secure Future Initiative (SFI) SFI is a multi-year commitment that advances the way Microsoft designs, builds, tests, and operates technology to ensure that Microsoft solutions meet the highest possible standards for security. February 20, 2025 February 2025
PT logo Types of security we researched February 20, 2025 Infrastructure Azure Boost, Retina, Azure Monitor, and other key tools protect the foundational components of IT environments, including physical and virtual systems, networks, and data centers. Application Microsoft Entra ID, Microsoft Defender for Cloud, Red Hat® Insights, and other tools that safeguard software can prevent unauthorized access, data breaches, and malicious exploitation. Data Azure uses many approaches to encrypt data at rest and data in transit. Encryption approaches for data at rest include server-side and Azure disk encryption. Encryption approaches for data in transit include transit layer security (TLS) encryption and more. Code GitHub Advanced Security for Azure DevOps protects code from vulnerabilities, threats, and malicious attacks to ensure integrity, confidentiality, and availability. February 2025
PT logo Infrastructure security tools • Azure Boost • Azure Monitor • Retina • Azure Bastion • Azure Firewall • Azure Network Security Groups • Azure Policy • Azure Arc Azure Boost, which offloads server virtualization processes onto purpose-built software and hardware, contains several features that could improve the security of Azure Virtual Machines. Azure Monitor collects, analyzes, and responds to monitoring data from Azure and on-premises environments. Retina, the cloud-agnostic, open-source Kubernetes® network observability platform, uses the enhanced Berkeley Packet Filter technology for deep visibility at the kernel level to monitor application and network health and security. Azure Bastion, a fully managed platform-as-a-service solution, can provide secure access to Azure VMs without exposing them to public IP addresses. February 20, 2025 February 2025
PT logo Infrastructure security tools • Azure Boost • Azure Monitor • Retina • Azure Bastion • Azure Firewall • Azure Network Security Groups • Azure Policy • Azure Arc Azure Firewall and Azure Network Security Groups help secure Azure virtual networks by filtering and managing network traffic while offering threat protection. Change management and policy enforcement • Azure Policy (compliance and governance) can enforce organizational standards while ensuring compliance across large environments. • Azure Arc (single-pane management) provides a centralized platform for managing VMs, Kubernetes® clusters, and databases as if they are part of Azure, enabling consistent management, governance, and security across environments. February 20, 2025 February 2025
PT logo Data security tools • Azure Storage SSE • Azure-managed disk encryption options • Data-link layer encryption • TLS encryption in Azure • RDP sessions • Secure access to Linux VMs • Azure VPN encryption • Azure Backup and disaster recovery • Confidential computing February 20, 2025 Azure uses many approaches to encrypt data at rest and data in transit. Data at rest encryption approaches include server-side and Azure disk encryption. Data in transit encryption approaches include TLS encryption and more. Data at rest For most scenarios, Microsoft recommends using server-side encryption (SSE) features for ease of use in protecting your data. • Azure Storage SSE: Azure Storage uses SSE to “automatically encrypt your data when it is persisted to the cloud.” • Azure-managed disk encryption options: Azure offers Azure Disk Storage SSE, Encryption at host, Azure Disk Encryption, and more. Client-side encryption refers to data encryption performed outside of Azure. Customers manage keys, helping prevent cloud service providers (CSPs) from decrypting data. February 2025
PT logo Data security tools • Azure Storage SSE • Azure-managed disk encryption options • Data-link layer encryption • TLS encryption in Azure • RDP sessions • Secure access to Linux VMs • Azure VPN encryption • Azure Backup and disaster recovery • Confidential computing February 20, 2025 Data in transit • Data-link layer encryption: Azure encrypts hardware in its data centers to help secure data moving between them. • TLS encryption in Azure: Azure customers can use TLS protocol to protect data in transit between the customer and Azure. • Remote Desktop Protocol (RDP) sessions: Users with Windows or Linux VMs on Azure can sign-in to their systems securely via RDP. • Secure access to Linux® VMs with SSH: Customers can use Secure Shell (SSH), an encrypted connection protocol, to connect to Linux VMs running on Azure. • Azure VPN encryption: Users can create a secure tunnel that protects the privacy of data being sent across the network. February 2025
PT logo Data security tools • Azure Storage SSE • Azure-managed disk encryption options • Data-link layer encryption • TLS encryption in Azure • RDP sessions • Secure access to Linux VMs • Azure VPN encryption • Azure Backup and disaster recovery • Confidential computing February 20, 2025 Azure Backup and disaster recovery Azure offers Azure Backup and Azure Site Recovery to help customers running Red Hat workloads on Azure with disaster recovery. Azure Backup backs up and restores data on Azure while Azure Site Recovery facilitates seamless disaster recovery for applications, helping organizations maintain business continuity during outages. Confidential computing Confidential computing refers to the prevention of unauthorized access to data in use and in memory, rather than at rest or in transit (both of which Azure already encrypts). February 2025
PT logo Application security tools • WAF • Microsoft Entra ID • Confidential containers • Microsoft Defender for Cloud • Microsoft Defender for Endpoint on Linux • Microsoft Defender for Storage • Microsoft Sentinel • Red Hat Insights February 20, 2025 Web Application Firewall (WAF) provides security without modifying backend code, which enables organizations to protect their applications seamlessly. Microsoft Entra ID is a cloud-based identity and access management service allowing users to access both external and internal resources, such as Azure and Microsoft 365 (external) or apps developed within a user’s own organization (internal). Confidential containers, like confidential VMs, provide enhanced data security, privacy, and integrity for workloads in them. February 2025
PT logo Application security tools • WAF • Microsoft Entra ID • Confidential containers • Microsoft Defender for Cloud • Microsoft Defender for Endpoint on Linux • Microsoft Defender for Storage • Microsoft Sentinel • Red Hat Insights February 20, 2025 Vulnerability management tools Microsoft Defender for Cloud, a cloud-native application protection platform (CNAPP), performs continuous security assessments of connected resources and provides security recommendations for any detected vulnerabilities. Microsoft Defender for Endpoint on Linux provides threat and vulnerability detection and mitigation features. Microsoft Defender for Storage addresses malicious file uploads, sensitive data accessibility, and data corruption. Microsoft Sentinel is a cloud-native security information and event management solution for security orchestration, automation, and response. Red Hat Insights helps organizations better manage and optimize hybrid- cloud environments. February 2025
PT logo Code security tools GitHub Advanced Security for Azure DevOps • Secret scanning push protection • Repository secret scanning • Alert system for secrets • Credential pair detection • Dependency scanning • Code scanning February 20, 2025 GitHub Advanced Security for Azure DevOps, a CNAPP, enables developer, security, and operations (DevSecOps) teams to protect code with the following: • Secret scanning push protection actively monitors code pushes. • Repository secret scanning analyzes repositories for accidentally committed secrets, generates a single alert per unique credential across branches and commit history, and provides detailed remediation guidance • Alert system for secrets notifies users of detected secrets in repositories from many service providers. • Credential pair detection scans for paired credentials, such as API keys and secrets, to ensure both parts are present. • Dependency scanning detects direct and transitive open-source dependencies, flags associated vulnerabilities, and generates detailed alerts with severity, affected components, and Common Vulnerabilities and Exposures (CVE) information in the build log. • Code scanning uses the CodeQL static analysis engine to identify code-level vulnerabilities and automates security checks with detailed alerts for proactive remediation. February 2025
PT logo Azure and Red Hat integration points and compatibilities February 20, 2025 Red Hat Enterprise Linux® compatibility with Azure confidential VM provides hardware-based isolation, OS disk encryption, and more. Integrating Microsoft Entra and Red Hat Identity Management enables IT teams to provide and centralize administrative functionality and user maintenance. See more examples in the report. Users can leverage Microsoft Defender for Cloud for system auditing, security management, and threat protection. Users can also connect Red Hat on Azure VMs to the Red Hat Insights automatically for monitoring. February 2025
PT logo How customers win from the Microsoft and Red Hat partnership February 20, 2025 Red Hat and Microsoft share an integrated, co-located support team that serves as a unified contact point for Red Hat ecosystems running on Azure. This team provides expertise, knowledge, and joint support models. Get integrated support for Red Hat workloads on Azure Microsoft and Red Hat engineering teams work closely to build standard images within the Azure Marketplace. Follow compliance regulations with Azure Marketplace for Red Hat images Microsoft and Red Hat have partnered to create a ready-made starting point called Landing Zone for Red Hat Enterprise on Linux. Receive partner architecture guidance February 2025
PT logo Read the report at https://facts.pt/G94Mifm Read the report at https://facts.pt/G94Mifm u  February 20, 2025 February 2025

More Related Content

Similar to Securing Red Hat workloads on Azure - Summary Presentation (20)

PPTX
[PU&D] - Securing IT Against Modern Threats with Microsoft Cloud Security Tools
Tomasz Poszytek
 
PPTX
Azure Fundamentals Part 3
CCG
 
PPTX
Enter The Matrix Securing Azure’s Assets
BizTalk360
 
PDF
Microsoft Azure Security Infographic
Microsoft Azure
 
PPTX
Azure for Auditors
2nd Sight Lab
 
PDF
CSS17: Houston - Azure Shared Security Model Overview
Alert Logic
 
PDF
Azure Security Overview
David J Rosenthal
 
PDF
Tour to Azure Security Center
Lalit Rawat
 
PPTX
AzureSecurity - Day3 - Storage And Key Vault
2nd Sight Lab
 
PPTX
Power of the cloud - Introduction to azure security
Bruno Capuano
 
PDF
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
MSAdvAnalytics
 
PPTX
Microsoft on open source and security
David Voyles
 
PDF
do you want to know about what is Microsoft Sentinel.pdf
amilsaifi5
 
PPTX
Azure security and Compliance
Karina Matos
 
PPTX
Microsoft Azure Offerings and New Services
Mohamed Tawfik
 
PDF
Microsoft Azure Cloud Services
David J Rosenthal
 
PPTX
Azure Security Overview
Allen Brokken
 
PDF
azure-security-overview-slideshare-180419183626.pdf
BenAissaTaher1
 
PPTX
Azure Community Tour 2019 - AZUGDK
Peter Selch Dahl
 
PPTX
Azure Day 1.pptx
masbulosoke
 
[PU&D] - Securing IT Against Modern Threats with Microsoft Cloud Security Tools
Tomasz Poszytek
 
Azure Fundamentals Part 3
CCG
 
Enter The Matrix Securing Azure’s Assets
BizTalk360
 
Microsoft Azure Security Infographic
Microsoft Azure
 
Azure for Auditors
2nd Sight Lab
 
CSS17: Houston - Azure Shared Security Model Overview
Alert Logic
 
Azure Security Overview
David J Rosenthal
 
Tour to Azure Security Center
Lalit Rawat
 
AzureSecurity - Day3 - Storage And Key Vault
2nd Sight Lab
 
Power of the cloud - Introduction to azure security
Bruno Capuano
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
MSAdvAnalytics
 
Microsoft on open source and security
David Voyles
 
do you want to know about what is Microsoft Sentinel.pdf
amilsaifi5
 
Azure security and Compliance
Karina Matos
 
Microsoft Azure Offerings and New Services
Mohamed Tawfik
 
Microsoft Azure Cloud Services
David J Rosenthal
 
Azure Security Overview
Allen Brokken
 
azure-security-overview-slideshare-180419183626.pdf
BenAissaTaher1
 
Azure Community Tour 2019 - AZUGDK
Peter Selch Dahl
 
Azure Day 1.pptx
masbulosoke
 

More from Principled Technologies (20)

PDF
Unlock faster insights with Azure Databricks
Principled Technologies
 
PDF
Speed up your transactions and save with new Dell PowerEdge R7725 servers pow...
Principled Technologies
 
PDF
The case for on-premises AI
Principled Technologies
 
PDF
Dell PowerEdge server cooling: Choose the cooling options that match the need...
Principled Technologies
 
PDF
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
PDF
Speed up your transactions and save with new Dell PowerEdge R7725 servers pow...
Principled Technologies
 
PDF
Propel your business into the future by refreshing with new one-socket Dell P...
Principled Technologies
 
PDF
Propel your business into the future by refreshing with new one-socket Dell P...
Principled Technologies
 
PDF
Unlock flexibility, security, and scalability by migrating MySQL databases to...
Principled Technologies
 
PDF
Migrate your PostgreSQL databases to Microsoft Azure for plug‑and‑play simpli...
Principled Technologies
 
PDF
On-premises AI approaches: The advantages of a turnkey solution, HPE Private ...
Principled Technologies
 
PDF
A Dell PowerStore shared storage solution is more cost-effective than an HCI ...
Principled Technologies
 
PDF
Gain the flexibility that diverse modern workloads demand with Dell PowerStore
Principled Technologies
 
PDF
Save up to $2.8M per new server over five years by consolidating with new Sup...
Principled Technologies
 
PDF
Streamline heterogeneous database environment management with Toad Data Studio
Principled Technologies
 
PDF
Run your in-house AI chatbot on an AMD EPYC 9534 processor-powered Dell Power...
Principled Technologies
 
PDF
Boost productivity with an HP ZBook Power G11 A Mobile Workstation PC
Principled Technologies
 
PDF
Get more done with an HP ZBook Firefly G11 A Mobile Workstation PC
Principled Technologies
 
PDF
Dell PowerEdge R7615 servers with Broadcom BCM57508 NICs can accelerate your ...
Principled Technologies
 
PDF
Dell PowerEdge R7615 servers with Broadcom BCM57508 NICs can accelerate your ...
Principled Technologies
 
Unlock faster insights with Azure Databricks
Principled Technologies
 
Speed up your transactions and save with new Dell PowerEdge R7725 servers pow...
Principled Technologies
 
The case for on-premises AI
Principled Technologies
 
Dell PowerEdge server cooling: Choose the cooling options that match the need...
Principled Technologies
 
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
Speed up your transactions and save with new Dell PowerEdge R7725 servers pow...
Principled Technologies
 
Propel your business into the future by refreshing with new one-socket Dell P...
Principled Technologies
 
Propel your business into the future by refreshing with new one-socket Dell P...
Principled Technologies
 
Unlock flexibility, security, and scalability by migrating MySQL databases to...
Principled Technologies
 
Migrate your PostgreSQL databases to Microsoft Azure for plug‑and‑play simpli...
Principled Technologies
 
On-premises AI approaches: The advantages of a turnkey solution, HPE Private ...
Principled Technologies
 
A Dell PowerStore shared storage solution is more cost-effective than an HCI ...
Principled Technologies
 
Gain the flexibility that diverse modern workloads demand with Dell PowerStore
Principled Technologies
 
Save up to $2.8M per new server over five years by consolidating with new Sup...
Principled Technologies
 
Streamline heterogeneous database environment management with Toad Data Studio
Principled Technologies
 
Run your in-house AI chatbot on an AMD EPYC 9534 processor-powered Dell Power...
Principled Technologies
 
Boost productivity with an HP ZBook Power G11 A Mobile Workstation PC
Principled Technologies
 
Get more done with an HP ZBook Firefly G11 A Mobile Workstation PC
Principled Technologies
 
Dell PowerEdge R7615 servers with Broadcom BCM57508 NICs can accelerate your ...
Principled Technologies
 
Dell PowerEdge R7615 servers with Broadcom BCM57508 NICs can accelerate your ...
Principled Technologies
 
Ad

Recently uploaded (20)

PDF
Predicting the unpredictable: re-engineering recommendation algorithms for fr...
Speck&Tech
 
PDF
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
PPT
Interview paper part 3, It is based on Interview Prep
SoumyadeepGhosh39
 
PDF
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
PDF
Impact of IEEE Computer Society in Advancing Emerging Technologies including ...
Hironori Washizaki
 
PDF
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
PDF
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
PPTX
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
PDF
July Patch Tuesday
Ivanti
 
PDF
Why Orbit Edge Tech is a Top Next JS Development Company in 2025
mahendraalaska08
 
PDF
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
PDF
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
PDF
Human-centred design in online workplace learning and relationship to engagem...
Tracy Tang
 
PPTX
Top iOS App Development Company in the USA for Innovative Apps
SynapseIndia
 
PDF
SFWelly Summer 25 Release Highlights July 2025
Anna Loughnan Colquhoun
 
PDF
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
PDF
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
PDF
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
PDF
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
PDF
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
Predicting the unpredictable: re-engineering recommendation algorithms for fr...
Speck&Tech
 
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
Interview paper part 3, It is based on Interview Prep
SoumyadeepGhosh39
 
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
Impact of IEEE Computer Society in Advancing Emerging Technologies including ...
Hironori Washizaki
 
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
July Patch Tuesday
Ivanti
 
Why Orbit Edge Tech is a Top Next JS Development Company in 2025
mahendraalaska08
 
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
Human-centred design in online workplace learning and relationship to engagem...
Tracy Tang
 
Top iOS App Development Company in the USA for Innovative Apps
SynapseIndia
 
SFWelly Summer 25 Release Highlights July 2025
Anna Loughnan Colquhoun
 
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
Ad

Securing Red Hat workloads on Azure - Summary Presentation

  • 1. PT logo A Principled Technologies presentation: Hands-on testing. Real-world results. PT logo Securing Red Hat workloads on Azure: Leveraging the strength of cloud-native security February 2025
  • 2. PT logo www.principledtechnologies.com About PT Principled Technologies, Inc. (PT) is the leading provider of third-party competitive marketing services for technology. Our hands-on testing mirrors the way real users work with your product and delivers proof points you and they can count on, while our award-winning competitive marketing contextualizes those claims. Learn more at www.principledtechnologies.com. PT logo About our research To explore how Azure can secure Red Hat® workloads in the cloud, we used publicly available materials and interviews with Microsoft and Red Hat subject matter experts (SMEs). Our goal was to research the security features that each platform offers and how they intersect to provide enhanced protection for Red Hat on Azure customers. We found several areas where the two platforms work together to offer a great deal of value, and in our research report, we provide some detail on key security features and benefits available to customers in the Azure and Red Hat ecosystems. This PowerPoint deck summarizes our report, which you can read at https://facts.pt/G94Mifm. February 2025
  • 3. PT logo Security principles of Azure Shared responsibility model An organization’s security team maintains some responsibilities for securing applications, data, containers, and workloads in the cloud, while Azure also takes some responsibility. Defense in Depth Azure customers should implement security at many levels to mitigate the risk of any point of failure. Zero Trust Zero Trust security always assumes breach and thus requires systems and users to verify every request as though it originated from an uncontrolled network. Secure Future Initiative (SFI) SFI is a multi-year commitment that advances the way Microsoft designs, builds, tests, and operates technology to ensure that Microsoft solutions meet the highest possible standards for security. February 20, 2025 February 2025
  • 4. PT logo Types of security we researched February 20, 2025 Infrastructure Azure Boost, Retina, Azure Monitor, and other key tools protect the foundational components of IT environments, including physical and virtual systems, networks, and data centers. Application Microsoft Entra ID, Microsoft Defender for Cloud, Red Hat® Insights, and other tools that safeguard software can prevent unauthorized access, data breaches, and malicious exploitation. Data Azure uses many approaches to encrypt data at rest and data in transit. Encryption approaches for data at rest include server-side and Azure disk encryption. Encryption approaches for data in transit include transit layer security (TLS) encryption and more. Code GitHub Advanced Security for Azure DevOps protects code from vulnerabilities, threats, and malicious attacks to ensure integrity, confidentiality, and availability. February 2025
  • 5. PT logo Infrastructure security tools • Azure Boost • Azure Monitor • Retina • Azure Bastion • Azure Firewall • Azure Network Security Groups • Azure Policy • Azure Arc Azure Boost, which offloads server virtualization processes onto purpose-built software and hardware, contains several features that could improve the security of Azure Virtual Machines. Azure Monitor collects, analyzes, and responds to monitoring data from Azure and on-premises environments. Retina, the cloud-agnostic, open-source Kubernetes® network observability platform, uses the enhanced Berkeley Packet Filter technology for deep visibility at the kernel level to monitor application and network health and security. Azure Bastion, a fully managed platform-as-a-service solution, can provide secure access to Azure VMs without exposing them to public IP addresses. February 20, 2025 February 2025
  • 6. PT logo Infrastructure security tools • Azure Boost • Azure Monitor • Retina • Azure Bastion • Azure Firewall • Azure Network Security Groups • Azure Policy • Azure Arc Azure Firewall and Azure Network Security Groups help secure Azure virtual networks by filtering and managing network traffic while offering threat protection. Change management and policy enforcement • Azure Policy (compliance and governance) can enforce organizational standards while ensuring compliance across large environments. • Azure Arc (single-pane management) provides a centralized platform for managing VMs, Kubernetes® clusters, and databases as if they are part of Azure, enabling consistent management, governance, and security across environments. February 20, 2025 February 2025
  • 7. PT logo Data security tools • Azure Storage SSE • Azure-managed disk encryption options • Data-link layer encryption • TLS encryption in Azure • RDP sessions • Secure access to Linux VMs • Azure VPN encryption • Azure Backup and disaster recovery • Confidential computing February 20, 2025 Azure uses many approaches to encrypt data at rest and data in transit. Data at rest encryption approaches include server-side and Azure disk encryption. Data in transit encryption approaches include TLS encryption and more. Data at rest For most scenarios, Microsoft recommends using server-side encryption (SSE) features for ease of use in protecting your data. • Azure Storage SSE: Azure Storage uses SSE to “automatically encrypt your data when it is persisted to the cloud.” • Azure-managed disk encryption options: Azure offers Azure Disk Storage SSE, Encryption at host, Azure Disk Encryption, and more. Client-side encryption refers to data encryption performed outside of Azure. Customers manage keys, helping prevent cloud service providers (CSPs) from decrypting data. February 2025
  • 8. PT logo Data security tools • Azure Storage SSE • Azure-managed disk encryption options • Data-link layer encryption • TLS encryption in Azure • RDP sessions • Secure access to Linux VMs • Azure VPN encryption • Azure Backup and disaster recovery • Confidential computing February 20, 2025 Data in transit • Data-link layer encryption: Azure encrypts hardware in its data centers to help secure data moving between them. • TLS encryption in Azure: Azure customers can use TLS protocol to protect data in transit between the customer and Azure. • Remote Desktop Protocol (RDP) sessions: Users with Windows or Linux VMs on Azure can sign-in to their systems securely via RDP. • Secure access to Linux® VMs with SSH: Customers can use Secure Shell (SSH), an encrypted connection protocol, to connect to Linux VMs running on Azure. • Azure VPN encryption: Users can create a secure tunnel that protects the privacy of data being sent across the network. February 2025
  • 9. PT logo Data security tools • Azure Storage SSE • Azure-managed disk encryption options • Data-link layer encryption • TLS encryption in Azure • RDP sessions • Secure access to Linux VMs • Azure VPN encryption • Azure Backup and disaster recovery • Confidential computing February 20, 2025 Azure Backup and disaster recovery Azure offers Azure Backup and Azure Site Recovery to help customers running Red Hat workloads on Azure with disaster recovery. Azure Backup backs up and restores data on Azure while Azure Site Recovery facilitates seamless disaster recovery for applications, helping organizations maintain business continuity during outages. Confidential computing Confidential computing refers to the prevention of unauthorized access to data in use and in memory, rather than at rest or in transit (both of which Azure already encrypts). February 2025
  • 10. PT logo Application security tools • WAF • Microsoft Entra ID • Confidential containers • Microsoft Defender for Cloud • Microsoft Defender for Endpoint on Linux • Microsoft Defender for Storage • Microsoft Sentinel • Red Hat Insights February 20, 2025 Web Application Firewall (WAF) provides security without modifying backend code, which enables organizations to protect their applications seamlessly. Microsoft Entra ID is a cloud-based identity and access management service allowing users to access both external and internal resources, such as Azure and Microsoft 365 (external) or apps developed within a user’s own organization (internal). Confidential containers, like confidential VMs, provide enhanced data security, privacy, and integrity for workloads in them. February 2025
  • 11. PT logo Application security tools • WAF • Microsoft Entra ID • Confidential containers • Microsoft Defender for Cloud • Microsoft Defender for Endpoint on Linux • Microsoft Defender for Storage • Microsoft Sentinel • Red Hat Insights February 20, 2025 Vulnerability management tools Microsoft Defender for Cloud, a cloud-native application protection platform (CNAPP), performs continuous security assessments of connected resources and provides security recommendations for any detected vulnerabilities. Microsoft Defender for Endpoint on Linux provides threat and vulnerability detection and mitigation features. Microsoft Defender for Storage addresses malicious file uploads, sensitive data accessibility, and data corruption. Microsoft Sentinel is a cloud-native security information and event management solution for security orchestration, automation, and response. Red Hat Insights helps organizations better manage and optimize hybrid- cloud environments. February 2025
  • 12. PT logo Code security tools GitHub Advanced Security for Azure DevOps • Secret scanning push protection • Repository secret scanning • Alert system for secrets • Credential pair detection • Dependency scanning • Code scanning February 20, 2025 GitHub Advanced Security for Azure DevOps, a CNAPP, enables developer, security, and operations (DevSecOps) teams to protect code with the following: • Secret scanning push protection actively monitors code pushes. • Repository secret scanning analyzes repositories for accidentally committed secrets, generates a single alert per unique credential across branches and commit history, and provides detailed remediation guidance • Alert system for secrets notifies users of detected secrets in repositories from many service providers. • Credential pair detection scans for paired credentials, such as API keys and secrets, to ensure both parts are present. • Dependency scanning detects direct and transitive open-source dependencies, flags associated vulnerabilities, and generates detailed alerts with severity, affected components, and Common Vulnerabilities and Exposures (CVE) information in the build log. • Code scanning uses the CodeQL static analysis engine to identify code-level vulnerabilities and automates security checks with detailed alerts for proactive remediation. February 2025
  • 13. PT logo Azure and Red Hat integration points and compatibilities February 20, 2025 Red Hat Enterprise Linux® compatibility with Azure confidential VM provides hardware-based isolation, OS disk encryption, and more. Integrating Microsoft Entra and Red Hat Identity Management enables IT teams to provide and centralize administrative functionality and user maintenance. See more examples in the report. Users can leverage Microsoft Defender for Cloud for system auditing, security management, and threat protection. Users can also connect Red Hat on Azure VMs to the Red Hat Insights automatically for monitoring. February 2025
  • 14. PT logo How customers win from the Microsoft and Red Hat partnership February 20, 2025 Red Hat and Microsoft share an integrated, co-located support team that serves as a unified contact point for Red Hat ecosystems running on Azure. This team provides expertise, knowledge, and joint support models. Get integrated support for Red Hat workloads on Azure Microsoft and Red Hat engineering teams work closely to build standard images within the Azure Marketplace. Follow compliance regulations with Azure Marketplace for Red Hat images Microsoft and Red Hat have partnered to create a ready-made starting point called Landing Zone for Red Hat Enterprise on Linux. Receive partner architecture guidance February 2025
  • 15. PT logo Read the report at https://facts.pt/G94Mifm Read the report at https://facts.pt/G94Mifm u  February 20, 2025 February 2025