What To Secure?
The initial step is the definition of "Area of Interests".
Before we can talk about tools and services to be utilized, it's crucial to know, which resources we are talking about. There are two reasons for this step:
• Different set of tools for each area, and
• Multiple teams / departments are involved
There are 5 Area of Interest
It's all about Identity and its verification. Microsoft Azure offers natively several tools and services to protect the user accounts, to ensure user identity, safeguard credentials, and detect any malicious login attempts. It is important to make sure, that the Right Person, has the Right Access, to Right Resources for the Right Time Duration.
Identity Governance gives you the ability to manage these configuration, and it contains 3 LifeCycles:
Similar to Users-, Groups-, or Application-Identity, Device-Identity object encompasses a specific set of attributes. These can be utilized for making access or configuration decisions. There are three common scenario for creating and managing a Device-Identity:
Network security is about the operation of protecting resources from unauthorized access, as well as utilization of services to allow solely legitimate network traffic.
There are a wide array of security tools and capabilities available on Azure and I'd like to give an overview about some of those topics to be considered.