A very common question from customers and those who are new to the Cloud platform. Here I am describing Azure cloud Security.
Running applications and systems that are available to users for consumption is an important consideration for architects for any serious application. However, there is another equally important application feature that is one of the top priorities for architects and it is the scalability of applications. Imagine situations in which applications are deployed and obtain great performance and availability with a few users, but both availability and performance suffers as users start increasing. Another situation in which although the application is performant and available with large number of users but there is certain time in a day or week or there are special events during which the number of user's spikes, and you cannot gauge or predict the number of users. In extension to the previous situation, you might have provisioned the hardware and bandwidth for handling users during these occasions and there are spikes; however, most of the time, the additional hardware is not used and does not provide any return on investment. They are provisioned for usage only during few festivals or offers. I hope you are getting the problems architects are trying to solve. All these problems are related to capacity sizing and scalability of an application. The focus of this chapter is to understand scalability as architectural concern and details out features provided by Azure for addressing these concerns. In this chapter, we'll cover the following topics:
Security for Azure
Compliance and certification
Security life cycle
Security is generally regarded as a non-functional requirement for a solution. However, with growing cyber-attacks it is considered as a functional requirement these days. Every organization follows some sort of application life cycle management for their applications. When security is treated as a functional requirement, it should follow the same process of application development. Security should not be an after-thought, rather it should be part of the application from the beginning. Within the overall planning phase for an application, security should also be planned. Based on the nature of the application, different kinds and categories of threats should be identified and based on these identifications, they should be documented in terms of approach and scope to mitigate them. A threat modeling exercise should be undertaken to illustrate the threat each component can be subjected to. This will lead to designing security standards and policies for the application. This is typically the security design phase. The next phase is called the Threat Mitigation or Build phase. In this phase, implementation of security in terms of code and configuration is executed to mitigate the security threats and risks.
Azure provides all its services through data centers in multiple regions. These data centers are interconnected within regions as well as across regions. Azure understands that it hosts mission critical and important applications, services, and data for its customers. It must ensure that security is of the utmost importance for its data centers and regions. Customers deploy applications on the cloud based on this trust that Azure will protect their applications and data from vulnerabilities and breach. Customers will not move to the cloud if this trust is broken and hence Azure implements security at all layers from physical data center perimeter to logical software components. Each layer is protected, and even Azure data center team does not have access to them.