Cloud Security Basic understanding

%3CLINGO-SUB%20id%3D%22lingo-sub-1815805%22%20slang%3D%22en-US%22%3ECloud%20Security%20Basic%20understanding%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1815805%22%20slang%3D%22en-US%22%3E%3CP%20class%3D%22graf%20graf--p%22%3EA%20very%20common%20question%20from%20customers%20and%20those%20who%20are%20new%20to%20the%20Cloud%20platform.%20Here%20I%20am%20describing%20Azure%20cloud%20Security.%3C%2FP%3E%3CP%3ERunning%20applications%20and%20systems%20that%20are%20available%20to%20users%20for%20consumption%20is%20an%3CBR%20%2F%3Eimportant%20consideration%20for%20architects%20for%20any%20serious%20application.%20However%2C%20there%20is%3CBR%20%2F%3Eanother%20equally%20important%20application%20feature%20that%20is%20one%20of%20the%20top%20priorities%20for%20architects%3CBR%20%2F%3Eand%20it%20is%20the%20scalability%20of%20applications.%20Imagine%20situations%20in%20which%20applications%20are%3CBR%20%2F%3Edeployed%20and%20obtain%20great%20performance%20and%20availability%20with%20a%20few%20users%2C%20but%20both%3CBR%20%2F%3Eavailability%20and%20performance%20suffers%20as%20users%20start%20increasing.%20Another%20situation%20in%20which%3CBR%20%2F%3Ealthough%20the%20application%20is%20performant%20and%20available%20with%20large%20number%20of%20users%20but%20there%20is%3CBR%20%2F%3Ecertain%20time%20in%20a%20day%20or%20week%20or%20there%20are%20special%20events%20during%20which%20the%20number%20of%20user's%3CBR%20%2F%3Espikes%2C%20and%20you%20cannot%20gauge%20or%20predict%20the%20number%20of%20users.%20In%20extension%20to%20the%20previous%3CBR%20%2F%3Esituation%2C%20you%20might%20have%20provisioned%20the%20hardware%20and%20bandwidth%20for%20handling%20users%3CBR%20%2F%3Eduring%20these%20occasions%20and%20there%20are%20spikes%3B%20however%2C%20most%20of%20the%20time%2C%20the%20additional%3CBR%20%2F%3Ehardware%20is%20not%20used%20and%20does%20not%20provide%20any%20return%20on%20investment.%20They%20are%20provisioned%3CBR%20%2F%3Efor%20usage%20only%20during%20few%20festivals%20or%20offers.%20I%20hope%20you%20are%20getting%20the%20problems%20architects%3CBR%20%2F%3Eare%20trying%20to%20solve.%20All%20these%20problems%20are%20related%20to%20capacity%20sizing%20and%20scalability%20of%20an%3CBR%20%2F%3Eapplication.%20The%20focus%20of%20this%20chapter%20is%20to%20understand%20scalability%20as%20architectural%20concern%3CBR%20%2F%3Eand%20details%20out%20features%20provided%20by%20Azure%20for%20addressing%20these%20concerns.%3CBR%20%2F%3EIn%20this%20chapter%2C%20we'll%20cover%20the%20following%20topics%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3ESecurity%20principles%3C%2FLI%3E%3CLI%3ESecurity%20for%20Azure%3C%2FLI%3E%3CLI%3ECompliance%20and%20certification%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%3CSTRONG%3ESecurity%20life%20cycle%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESecurity%20is%20generally%20regarded%20as%20a%20non-functional%20requirement%20for%20a%20solution.%20However%2C%3CBR%20%2F%3Ewith%20growing%20cyber-attacks%20it%20is%20considered%20as%20a%20functional%20requirement%20these%20days.%3CBR%20%2F%3EEvery%20organization%20follows%20some%20sort%20of%20application%20life%20cycle%20management%20for%20their%3CBR%20%2F%3Eapplications.%20When%20security%20is%20treated%20as%20a%20functional%20requirement%2C%20it%20should%20follow%20the%20same%3CBR%20%2F%3Eprocess%20of%20application%20development.%20Security%20should%20not%20be%20an%20after-thought%2C%20rather%20it%3CBR%20%2F%3Eshould%20be%20part%20of%20the%20application%20from%20the%20beginning.%20Within%20the%20overall%20planning%20phase%20for%3CBR%20%2F%3Ean%20application%2C%20security%20should%20also%20be%20planned.%20Based%20on%20the%20nature%20of%20the%20application%2C%3CBR%20%2F%3Edifferent%20kinds%20and%20categories%20of%20threats%20should%20be%20identified%20and%20based%20on%20these%3CBR%20%2F%3Eidentifications%2C%20they%20should%20be%20documented%20in%20terms%20of%20approach%20and%20scope%20to%20mitigate%3CBR%20%2F%3Ethem.%20A%20threat%20modeling%20exercise%20should%20be%20undertaken%20to%20illustrate%20the%20threat%20each%3CBR%20%2F%3Ecomponent%20can%20be%20subjected%20to.%20This%20will%20lead%20to%20designing%20security%20standards%20and%20policies%3CBR%20%2F%3Efor%20the%20application.%20This%20is%20typically%20the%20security%20design%20phase.%20The%20next%20phase%20is%20called%20the%3CBR%20%2F%3EThreat%20Mitigation%20or%20Build%20phase.%20In%20this%20phase%2C%20implementation%20of%20security%20in%20terms%20of%3CBR%20%2F%3Ecode%20and%20configuration%20is%20executed%20to%20mitigate%20the%20security%20threats%20and%20risks.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Screenshot%202020-10-25%20170329.png%22%20style%3D%22width%3A%20427px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F229086i1EB04EE4DFAD7A20%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Screenshot%202020-10-25%20170329.png%22%20alt%3D%22Screenshot%202020-10-25%20170329.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EAzure%20security%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAzure%20provides%20all%20its%20services%20through%20data%20centers%20in%20multiple%20regions.%20These%20data%20centers%3CBR%20%2F%3Eare%20interconnected%20within%20regions%20as%20well%20as%20across%20regions.%20Azure%20understands%20that%20it%20hosts%3CBR%20%2F%3Emission%20critical%20and%20important%20applications%2C%20services%2C%20and%20data%20for%20its%20customers.%20It%20must%3CBR%20%2F%3Eensure%20that%20security%20is%20of%20the%20utmost%20importance%20for%20its%20data%20centers%20and%20regions.%20Customers%3CBR%20%2F%3Edeploy%20applications%20on%20the%20cloud%20based%20on%20this%20trust%20that%20Azure%20will%20protect%20their%3CBR%20%2F%3Eapplications%20and%20data%20from%20vulnerabilities%20and%20breach.%20Customers%20will%20not%20move%20to%20the%3CBR%20%2F%3Ecloud%20if%20this%20trust%20is%20broken%20and%20hence%20Azure%20implements%20security%20at%20all%20layers%20from%20physical%3CBR%20%2F%3Edata%20center%20perimeter%20to%20logical%20software%20components.%20Each%20layer%20is%20protected%2C%20and%20even%3CBR%20%2F%3EAzure%20data%20center%20team%20does%20not%20have%20access%20to%20them.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Screenshot%202020-10-25%20170210.png%22%20style%3D%22width%3A%20690px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F229087i0D7F40850FB51873%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Screenshot%202020-10-25%20170210.png%22%20alt%3D%22Screenshot%202020-10-25%20170210.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ENetwork%20Security%20Groups%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Screenshot%202020-10-25%20170551.png%22%20style%3D%22width%3A%20826px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F229088iBE450AC84728C5CE%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Screenshot%202020-10-25%20170551.png%22%20alt%3D%22Screenshot%202020-10-25%20170551.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1815805%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Contributor

A very common question from customers and those who are new to the Cloud platform. Here I am describing Azure cloud Security.

Running applications and systems that are available to users for consumption is an
important consideration for architects for any serious application. However, there is
another equally important application feature that is one of the top priorities for architects
and it is the scalability of applications. Imagine situations in which applications are
deployed and obtain great performance and availability with a few users, but both
availability and performance suffers as users start increasing. Another situation in which
although the application is performant and available with large number of users but there is
certain time in a day or week or there are special events during which the number of user's
spikes, and you cannot gauge or predict the number of users. In extension to the previous
situation, you might have provisioned the hardware and bandwidth for handling users
during these occasions and there are spikes; however, most of the time, the additional
hardware is not used and does not provide any return on investment. They are provisioned
for usage only during few festivals or offers. I hope you are getting the problems architects
are trying to solve. All these problems are related to capacity sizing and scalability of an
application. The focus of this chapter is to understand scalability as architectural concern
and details out features provided by Azure for addressing these concerns.
In this chapter, we'll cover the following topics:

 

  • Security principles
  • Security for Azure
  • Compliance and certification

Security life cycle

 

Security is generally regarded as a non-functional requirement for a solution. However,
with growing cyber-attacks it is considered as a functional requirement these days.
Every organization follows some sort of application life cycle management for their
applications. When security is treated as a functional requirement, it should follow the same
process of application development. Security should not be an after-thought, rather it
should be part of the application from the beginning. Within the overall planning phase for
an application, security should also be planned. Based on the nature of the application,
different kinds and categories of threats should be identified and based on these
identifications, they should be documented in terms of approach and scope to mitigate
them. A threat modeling exercise should be undertaken to illustrate the threat each
component can be subjected to. This will lead to designing security standards and policies
for the application. This is typically the security design phase. The next phase is called the
Threat Mitigation or Build phase. In this phase, implementation of security in terms of
code and configuration is executed to mitigate the security threats and risks.

Screenshot 2020-10-25 170329.png

 

Azure security

 

Azure provides all its services through data centers in multiple regions. These data centers
are interconnected within regions as well as across regions. Azure understands that it hosts
mission critical and important applications, services, and data for its customers. It must
ensure that security is of the utmost importance for its data centers and regions. Customers
deploy applications on the cloud based on this trust that Azure will protect their
applications and data from vulnerabilities and breach. Customers will not move to the
cloud if this trust is broken and hence Azure implements security at all layers from physical
data center perimeter to logical software components. Each layer is protected, and even
Azure data center team does not have access to them.

 

Screenshot 2020-10-25 170210.png

 

Network Security Groups

Screenshot 2020-10-25 170551.png

 

 

0 Replies