Abstract image of a woman sitting on books and studying on a laptop

Security + DevOps + Azure = Awesomeness

Download as PDF, PPTX
Karl Ots, profile picture
Karl Ots

The Secure DevOps Kit for Azure (azsdk) aims to enhance cloud security by utilizing existing Azure features and ensuring controlled adoption of Azure services. It provides tools for security checks, inline support for secure coding, and monitoring of subscription health for various Azure resources. The kit is designed to help teams implement security best practices in their development and operations workflow, facilitating a comprehensive approach to cloud security.

1 of 26
Download as PDF, PPTX
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
SECURE DEVOPS KIT FOR AZURE CLOUDBURST 6.10.2017
A”ZED” SDK CLOUDBURST 6.10.2017
KARL OTS @ KOMPOZURE • Co-organizer of Finland Azure User Group and IglooConf • Working on Azure since 2011 • Patented inventor • Worked with tens of different customers on full-scale Azure projects, from startups to Fortune 500 enterprises Managing Consultant, Kompozure Ltd Karl.ots@kompozure.com
WHY AZSDK • Cloud security is hard. • Knowledge of Azure security controls is not widespread. • MS IT wanted to accelerate internal Azure adoption in a controlled way • Vision: avoid reinventing the wheel o Use as much out-of-the-box Azure features as possible o For example: outsource VM controls to Security Center
AZSDK USAGE FLOW
INSTALLATION
SUBSCRIPTION SECURITYSubscription RBAC provisioning Deploy mandatory and scenario/solution specific accounts/groups on a subscription. Ability to specify and remove deprecated accounts. Alerts setup Configure insights-based alerts for important activities. Runbooks for critical alerts to send SMS with key alert body info. ARM policy setup Deploy and enable ARM policy definitions (e.g., audit/deny use of ASM/v1 resources) ASC setup Configure Azure Security Center by enabling policies, setting security POCs, etc. Resource Locks Ensure that critical enterprise resources have locks deployed on them. Health Check More than a dozen subscription hygiene security checks, including proper provisioning
DEVELOP SECURELY Feature Scenarios/Details Development Security IntelliSense • Get inline support for secure coding right at the point of code creation. • Checks on Azure Best practices, ADAL and common crypto • VS plug-in for C#. • Security IntelliSense extension works on Visual Studio 2015 Update 3 or later.
SPOT CHECK SECURITY Feature Scenarios/Details Development Security IntelliSense • Get inline support for secure coding right at the point of code creation. • Checks on Azure Best practices, ADAL and Crypto • VS plug-in for C#. Security Verification Tests • Scan cloud solutions during early dev and prototyping stages. • Provides a variety of options to define scan targets. • Easy, intuitive reports and detailed logs. Support for 25+ Azure IaaS and PaaS service types.
DEMO TIME!
AZSDK USAGE FLOW
DISCUSSION • AzSDK is not your magic bullet to tick the security box o AzSDK mostly covers “administrative access” in traditional threat models, some “application access” as well o You still have to worry about users, external threats and more o Threat modeling and Defense in Depth approach are your friends! • Carefully analyze the results in the scope of your application – are the recommended controls right for your app? • New in 2.6.1 o Generate PDF Report o Generate Fix Script
Role How to use AzSDK Subscription Owner • Check the overall security health of your Azure subscription. • Ensure that AzSDK artifacts are properly provisioned. Developer Team • Get inline support with security tips and corrections while writing code for Azure apps (and also standard web applications in general). • Test that Azure resources you are using for your application/solutions are configured and deployed securely. • Enable security in CICD by including various security tests in the build/release pipelines Deployment Team • Control deployment workflows according to outcomes of security checks. Operations Team • Observe the security state with subscription health checks and SVT’s. • Track security state in a 'continuous' manner • Provide support and templates for frequently failing operational security activities such as key rotation, access reviews, public ips, etc.
RESOURCES • Try out the Secure DevOps Kit for Azure! • Installation guide, docs: http://aka.ms/azsdkossdocs • Controls coverage: http://aka.ms/azsdkosstcp • IT Showcase: http://aka.ms/azsdk/itshowcase • Support: azsdksupext@microsoft.com
Security + DevOps + Azure = Awesomeness

More Related Content

PDF
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
Karl Ots
 
PDF
Azure security architecture / FAUG JKL 15.2.2018
Karl Ots
 
PDF
DevSecOps Everything You Need To Know
Centextech
 
PDF
FAUG #9: Azure security architecture and stories from the trenches
Karl Ots
 
PDF
TechDays Finland 2020: Azuren tietoturva haltuun!
Karl Ots
 
PDF
Identity Security - Azure Active Directory
Eng Teong Cheah
 
PPTX
Get On Top of Azure Resource Security Using Secure DevOps Kit for Azure
Kasun Kodagoda
 
PPTX
TechWiseTV Workshop: Cisco CloudCenter (CliQr)
Robb Boyd
 
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
Karl Ots
 
Azure security architecture / FAUG JKL 15.2.2018
Karl Ots
 
DevSecOps Everything You Need To Know
Centextech
 
FAUG #9: Azure security architecture and stories from the trenches
Karl Ots
 
TechDays Finland 2020: Azuren tietoturva haltuun!
Karl Ots
 
Identity Security - Azure Active Directory
Eng Teong Cheah
 
Get On Top of Azure Resource Security Using Secure DevOps Kit for Azure
Kasun Kodagoda
 
TechWiseTV Workshop: Cisco CloudCenter (CliQr)
Robb Boyd
 

What's hot(20)

PDF
Azure security architecture
Karl Ots
 
PPTX
Azure Security Fundamentals
Lorenzo Barbieri
 
PDF
Azure DevOps
Surasuk Oakkharaamonphong
 
PDF
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
wwwally
 
PPTX
Azure Key Vault
Malin De Silva
 
PPTX
Azure security basics
Stas Lebedenko
 
PPTX
DevSecOps in 10 minutes
kieranjacobsen
 
PPTX
VMware vRealize Operations Management Pack | Nagios
Blue Medora
 
PPTX
Azure sentinal
Allied Consultants
 
PPT
Présentation openstackinaction v1.2
Regis Allegre
 
PDF
CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...
Cisco DevNet
 
PDF
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Community
 
PDF
PIACERE - DevSecOps Automated
PIACERE
 
PDF
Azure Penetration Testing
Cheah Eng Soon
 
PDF
Dev week cloud world conf2021
Archana Joshi
 
PPTX
Azure Security and Management
Allen Brokken
 
PPTX
Microsoft Azure News - April 2021
Daniel Toomey
 
PDF
Build embedded and IoT solutions with Microsoft Windows IoT Core (BRK30077)
Callon Campbell
 
PDF
Access Security - Enterprise governance
Eng Teong Cheah
 
DOCX
Cisco asa5540, best guard for enterprise
IT Tech
 
Azure security architecture
Karl Ots
 
Azure Security Fundamentals
Lorenzo Barbieri
 
Azure DevOps
Surasuk Oakkharaamonphong
 
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
wwwally
 
Azure Key Vault
Malin De Silva
 
Azure security basics
Stas Lebedenko
 
DevSecOps in 10 minutes
kieranjacobsen
 
VMware vRealize Operations Management Pack | Nagios
Blue Medora
 
Azure sentinal
Allied Consultants
 
Présentation openstackinaction v1.2
Regis Allegre
 
CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...
Cisco DevNet
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Community
 
PIACERE - DevSecOps Automated
PIACERE
 
Azure Penetration Testing
Cheah Eng Soon
 
Dev week cloud world conf2021
Archana Joshi
 
Azure Security and Management
Allen Brokken
 
Microsoft Azure News - April 2021
Daniel Toomey
 
Build embedded and IoT solutions with Microsoft Windows IoT Core (BRK30077)
Callon Campbell
 
Access Security - Enterprise governance
Eng Teong Cheah
 
Cisco asa5540, best guard for enterprise
IT Tech
 

Similar to Security + DevOps + Azure = Awesomeness(20)

PDF
CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
Karl Ots
 
PDF
Azure Saturday: Security + DevOps + Azure = Awesomeness
Karl Ots
 
PDF
Secure Your Code Implement DevSecOps in Azure
kloia
 
PDF
IaaS Cloud Providers: A comparative analysis
Graisy Biswal
 
PPTX
What’s New in Cloudera Enterprise 6.0: The Inside Scoop 6.14.18
Cloudera, Inc.
 
PPTX
Improving Application Security With Azure
Softchoice Corporation
 
PPTX
Mini project on microsoft azure based on time
LawalMuhd2
 
PPTX
How to Execute DevOps Using Azure CI CD.pptx
Xavor Corporation - Redefining Health Technology
 
PPTX
Fundamentals of Microsoft Azure: AZ-900
ArmanKukreti
 
PPTX
Transform your organization with cisco cloud
solarisyougood
 
PDF
Accelerate Spring Apps to Cloud at Scale
Asir Selvasingh
 
PDF
Accelerate Spring Apps to Cloud at Scale—Discussion with Azure Spring Cloud C...
VMware Tanzu
 
PPTX
Scania's DevSecOps approach - Gamifying Security - auto:CODE
Anders Lundsgård
 
PPTX
Microsoft Tech Series 2019 - Azure DevOps
Tomasz Wisniewski
 
PDF
Introducing the Oracle Cloud Infrastructure (OCI) Best Practices Framework
Revelation Technologies
 
PPTX
Leveraging Azure DevOps across the Enterprise
Andrew Kelleher
 
DOCX
Navigating Microsoft Azure A Practical Guide to Cloud Computing and Developme...
Elysium Academy
 
PPTX
Power of the cloud - Introduction to azure security
Bruno Capuano
 
PDF
9 - Making Sense of Containers in the Microsoft Cloud
Kangaroot
 
PPTX
Copy of Azure Fundamentals AZ 900THeBest.pptx
ASRPANDEY
 
CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
Karl Ots
 
Azure Saturday: Security + DevOps + Azure = Awesomeness
Karl Ots
 
Secure Your Code Implement DevSecOps in Azure
kloia
 
IaaS Cloud Providers: A comparative analysis
Graisy Biswal
 
What’s New in Cloudera Enterprise 6.0: The Inside Scoop 6.14.18
Cloudera, Inc.
 
Improving Application Security With Azure
Softchoice Corporation
 
Mini project on microsoft azure based on time
LawalMuhd2
 
How to Execute DevOps Using Azure CI CD.pptx
Xavor Corporation - Redefining Health Technology
 
Fundamentals of Microsoft Azure: AZ-900
ArmanKukreti
 
Transform your organization with cisco cloud
solarisyougood
 
Accelerate Spring Apps to Cloud at Scale
Asir Selvasingh
 
Accelerate Spring Apps to Cloud at Scale—Discussion with Azure Spring Cloud C...
VMware Tanzu
 
Scania's DevSecOps approach - Gamifying Security - auto:CODE
Anders Lundsgård
 
Microsoft Tech Series 2019 - Azure DevOps
Tomasz Wisniewski
 
Introducing the Oracle Cloud Infrastructure (OCI) Best Practices Framework
Revelation Technologies
 
Leveraging Azure DevOps across the Enterprise
Andrew Kelleher
 
Navigating Microsoft Azure A Practical Guide to Cloud Computing and Developme...
Elysium Academy
 
Power of the cloud - Introduction to azure security
Bruno Capuano
 
9 - Making Sense of Containers in the Microsoft Cloud
Kangaroot
 
Copy of Azure Fundamentals AZ 900THeBest.pptx
ASRPANDEY
 

More from Karl Ots(20)

PDF
TechDays Finland 2020: Best practices of securing web applications running on...
Karl Ots
 
PDF
IglooConf 2020: Best practices of securing web applications running on Azure ...
Karl Ots
 
PDF
Building an Enterprise-Grade Azure Governance Model
Karl Ots
 
PDF
CloudBurst Malmö: Best practices of securing web applications running on Azur...
Karl Ots
 
PDF
IT Camp 19: Top Azure security fails and how to avoid them
Karl Ots
 
PDF
FAUG Jyväskylä 28.5.2019 - Azure Monitoring
Karl Ots
 
PDF
DevSum - Top Azure security fails and how to avoid them
Karl Ots
 
PDF
Techorama Belgium 2019 - Building an Azure Governance model for the Enterprise
Karl Ots
 
PDF
Techorama Belgium 2019: top Azure security fails and how to avoid them
Karl Ots
 
PDF
Azure Low Lands 2018: Monitoring real life Azure applications when to use wha...
Karl Ots
 
PDF
IglooConf 2019 Secure your Azure applications like a pro
Karl Ots
 
PDF
UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...
Karl Ots
 
PDF
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
Karl Ots
 
PDF
Top Azure security fails and how to avoid them
Karl Ots
 
PDF
Top 18 azure security fails and how to avoid them
Karl Ots
 
PDF
Monitoring real-life Azure applications: When to use what and why
Karl Ots
 
PDF
Navigating in the sea of containers in azure when to choose which service and...
Karl Ots
 
PDF
Kubernetes in Azure
Karl Ots
 
PDF
Securing Azure Infrastructure
Karl Ots
 
PDF
Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
Karl Ots
 
TechDays Finland 2020: Best practices of securing web applications running on...
Karl Ots
 
IglooConf 2020: Best practices of securing web applications running on Azure ...
Karl Ots
 
Building an Enterprise-Grade Azure Governance Model
Karl Ots
 
CloudBurst Malmö: Best practices of securing web applications running on Azur...
Karl Ots
 
IT Camp 19: Top Azure security fails and how to avoid them
Karl Ots
 
FAUG Jyväskylä 28.5.2019 - Azure Monitoring
Karl Ots
 
DevSum - Top Azure security fails and how to avoid them
Karl Ots
 
Techorama Belgium 2019 - Building an Azure Governance model for the Enterprise
Karl Ots
 
Techorama Belgium 2019: top Azure security fails and how to avoid them
Karl Ots
 
Azure Low Lands 2018: Monitoring real life Azure applications when to use wha...
Karl Ots
 
IglooConf 2019 Secure your Azure applications like a pro
Karl Ots
 
UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...
Karl Ots
 
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
Karl Ots
 
Top Azure security fails and how to avoid them
Karl Ots
 
Top 18 azure security fails and how to avoid them
Karl Ots
 
Monitoring real-life Azure applications: When to use what and why
Karl Ots
 
Navigating in the sea of containers in azure when to choose which service and...
Karl Ots
 
Kubernetes in Azure
Karl Ots
 
Securing Azure Infrastructure
Karl Ots
 
Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
Karl Ots
 

Recently uploaded(20)

PDF
Advancements in abstractive text summarization: a deep learning approach
IAESIJAI
 
PPTX
CRM(Customer Relationship Managmnet) Presentation
udaykiranuk1822
 
PDF
The Digital Engine Room: Unlocking APAC’s Economic and Digital Potential thro...
flintglobalapac
 
PDF
Optimizing bioinformatics applications: a novel approach with human protein d...
IAESIJAI
 
PPTX
Strategic Picks — Prioritising the Right Agentic Use Cases [2/6]
suhanisingh58689
 
PPTX
Generative AI at Oracle- The next frontier of enterprise innovation.pptx
Geovanni Vega Velásquez
 
PDF
IT+&+Cyber+Security+Risk+Management-3-Risk+assessment+&+measurement.pdf
Mohammed_Nagieb
 
PDF
Slides World Game (s) Great Redesign Eco Economic Epochs.pdf
Steven McGee
 
PPTX
File-07 Intellectual Property Right (IPR) Issues in Cyber Security- ICT-5418 ...
Ratul53
 
PDF
ELLIE29.pdfWETWETAWTAWETAETAETERTRTERTER
ArlietsAmores
 
PDF
Domain-specific knowledge and context in large language models: challenges, c...
IAESIJAI
 
PDF
Secure Java Applications against Quantum Threats
Ana-Maria Mihalceanu
 
PDF
FASHION-DRIVEN TEXTILES AS A CRYSTAL OF A NEW STREAM FOR STAKEHOLDER CAPITALI...
IJMIT JOURNAL
 
PPTX
Introduction-to-Artificial-Intelligence (1).pptx
MohammadkhalidshFaq
 
PDF
Intravenous drug administration application for pediatric patients via augmen...
IAESIJAI
 
PDF
The Basics of Artificial Intelligence - Understanding the Key Concepts and Te...
FODUU
 
PDF
NewMind AI Journal Monthly Chronicles - August 2025
NewMind AI
 
PPTX
Rise of the Digital Control Grid Zeee Media and Hope and Tivon FTWProject.com
hopegirl587
 
PDF
13 Powerful n8n Alternatives That Will Transform Your Workflow Automation Gam...
SOFTTECHHUB
 
PDF
EGCB_Solar_Project_Presentation_and Finalcial Analysis.pdf
TaukirIslam
 
Advancements in abstractive text summarization: a deep learning approach
IAESIJAI
 
CRM(Customer Relationship Managmnet) Presentation
udaykiranuk1822
 
The Digital Engine Room: Unlocking APAC’s Economic and Digital Potential thro...
flintglobalapac
 
Optimizing bioinformatics applications: a novel approach with human protein d...
IAESIJAI
 
Strategic Picks — Prioritising the Right Agentic Use Cases [2/6]
suhanisingh58689
 
Generative AI at Oracle- The next frontier of enterprise innovation.pptx
Geovanni Vega Velásquez
 
IT+&+Cyber+Security+Risk+Management-3-Risk+assessment+&+measurement.pdf
Mohammed_Nagieb
 
Slides World Game (s) Great Redesign Eco Economic Epochs.pdf
Steven McGee
 
File-07 Intellectual Property Right (IPR) Issues in Cyber Security- ICT-5418 ...
Ratul53
 
ELLIE29.pdfWETWETAWTAWETAETAETERTRTERTER
ArlietsAmores
 
Domain-specific knowledge and context in large language models: challenges, c...
IAESIJAI
 
Secure Java Applications against Quantum Threats
Ana-Maria Mihalceanu
 
FASHION-DRIVEN TEXTILES AS A CRYSTAL OF A NEW STREAM FOR STAKEHOLDER CAPITALI...
IJMIT JOURNAL
 
Introduction-to-Artificial-Intelligence (1).pptx
MohammadkhalidshFaq
 
Intravenous drug administration application for pediatric patients via augmen...
IAESIJAI
 
The Basics of Artificial Intelligence - Understanding the Key Concepts and Te...
FODUU
 
NewMind AI Journal Monthly Chronicles - August 2025
NewMind AI
 
Rise of the Digital Control Grid Zeee Media and Hope and Tivon FTWProject.com
hopegirl587
 
13 Powerful n8n Alternatives That Will Transform Your Workflow Automation Gam...
SOFTTECHHUB
 
EGCB_Solar_Project_Presentation_and Finalcial Analysis.pdf
TaukirIslam
 

Security + DevOps + Azure = Awesomeness

  • 1.
    SECURE DEVOPS KITFOR AZURE CLOUDBURST 6.10.2017
  • 2.
  • 3.
    KARL OTS @KOMPOZURE • Co-organizer of Finland Azure User Group and IglooConf • Working on Azure since 2011 • Patented inventor • Worked with tens of different customers on full-scale Azure projects, from startups to Fortune 500 enterprises Managing Consultant, Kompozure Ltd [email protected]
  • 6.
    WHY AZSDK • Cloudsecurity is hard. • Knowledge of Azure security controls is not widespread. • MS IT wanted to accelerate internal Azure adoption in a controlled way • Vision: avoid reinventing the wheel o Use as much out-of-the-box Azure features as possible o For example: outsource VM controls to Security Center
  • 8.
  • 9.
  • 10.
    SUBSCRIPTION SECURITYSubscription RBAC provisioning Deploy mandatoryand scenario/solution specific accounts/groups on a subscription. Ability to specify and remove deprecated accounts. Alerts setup Configure insights-based alerts for important activities. Runbooks for critical alerts to send SMS with key alert body info. ARM policy setup Deploy and enable ARM policy definitions (e.g., audit/deny use of ASM/v1 resources) ASC setup Configure Azure Security Center by enabling policies, setting security POCs, etc. Resource Locks Ensure that critical enterprise resources have locks deployed on them. Health Check More than a dozen subscription hygiene security checks, including proper provisioning
  • 12.
    DEVELOP SECURELY Feature Scenarios/Details Development Security IntelliSense •Get inline support for secure coding right at the point of code creation. • Checks on Azure Best practices, ADAL and common crypto • VS plug-in for C#. • Security IntelliSense extension works on Visual Studio 2015 Update 3 or later.
  • 14.
    SPOT CHECK SECURITY FeatureScenarios/Details Development Security IntelliSense • Get inline support for secure coding right at the point of code creation. • Checks on Azure Best practices, ADAL and Crypto • VS plug-in for C#. Security Verification Tests • Scan cloud solutions during early dev and prototyping stages. • Provides a variety of options to define scan targets. • Easy, intuitive reports and detailed logs. Support for 25+ Azure IaaS and PaaS service types.
  • 17.
  • 18.
  • 23.
    DISCUSSION • AzSDK isnot your magic bullet to tick the security box o AzSDK mostly covers “administrative access” in traditional threat models, some “application access” as well o You still have to worry about users, external threats and more o Threat modeling and Defense in Depth approach are your friends! • Carefully analyze the results in the scope of your application – are the recommended controls right for your app? • New in 2.6.1 o Generate PDF Report o Generate Fix Script
  • 24.
    Role How touse AzSDK Subscription Owner • Check the overall security health of your Azure subscription. • Ensure that AzSDK artifacts are properly provisioned. Developer Team • Get inline support with security tips and corrections while writing code for Azure apps (and also standard web applications in general). • Test that Azure resources you are using for your application/solutions are configured and deployed securely. • Enable security in CICD by including various security tests in the build/release pipelines Deployment Team • Control deployment workflows according to outcomes of security checks. Operations Team • Observe the security state with subscription health checks and SVT’s. • Track security state in a 'continuous' manner • Provide support and templates for frequently failing operational security activities such as key rotation, access reviews, public ips, etc.
  • 25.
    RESOURCES • Try outthe Secure DevOps Kit for Azure! • Installation guide, docs: http://aka.ms/azsdkossdocs • Controls coverage: http://aka.ms/azsdkosstcp • IT Showcase: http://aka.ms/azsdk/itshowcase • Support: [email protected]