SlideShare una empresa de Scribd logo

Enter The Matrix Securing Azure’s Assets

Descargar como PPTX, PDF
BizTalk360
BizTalk360

This talk is mainly on the security aspects of Azure, in any context. you’ll get an overview on where security is handled, some practices and how to monitor and act accordingly to certain threats and issues. It will focus on IaaS, PaaS and SaaS. As security is an integral part of an environment, the integration aspect is not far away. Focus products include Azure and all related services.

Tecnología
1 de 97
Sponsored & Brought to you by Enter The Matrix: Securing Azure’s Assets Mike Martin http://www.twitter.com/techmike2kx https://be.linkedin.com/in/techmike2kx
Enter the Matrix. Securing Azure’s Assets Mike MARTIN, Architect Crosspoint Solutions
Mike Martin Who Am I View more tips on my blog http://techmike2kx.wordpress.com Crosspoint Solutions (part of Cronos) Where I Work Architect, Windows Azure MVP, MEET, Insider What I Do @Techmike2kx Mike.Martin@csps.be Where To Find Me
Journey to the Cloud DIFFERENTIATION AGILITY COST SaaS Solutions Higher-level services Cloud Infrastructure
AZURE REGIONS Latest launch was in October 2015- India – Central, India – South, India – West GENERALLY AVAILABLE 6 new regions announced: Canada Central, Canada East, Germany Central, Germany North East, United Kingdom (2 – regions TBD)
Platform Services Infrastructure Services Web Apps Mobile Apps API Management API Apps Logic Apps Notification Hubs Content Delivery Network (CDN) Media Services BizTalk Services Hybrid Connections Service Bus Storage Queues Hybrid Operations Backup StorSimple Azure Site Recovery Import/Export SQL Database DocumentDB Redis Cache Azure Search Storage Tables Data Warehouse Azure AD Health Monitoring AD Privileged Identity Management Operational Analytics Cloud Services Batch RemoteApp Service Fabric Visual Studio App Insights Azure SDK VS Online Domain Services HDInsight Machine Learning Stream Analytics Data Factory Event Hubs Mobile Engagement Data Lake IoT Hub Data Catalog Security & Management Azure Active Directory Multi-Factor Authentication Automation Portal Key Vault Store/ Marketplace VM Image Gallery & VM Depot Azure AD B2C Scheduler
The Matrix Physical Defenses Azure Edge Defenses Your defenses Your App / code
Microsoft Azure Shared responsibility REDUCES SECURITY COSTS + MAINTAINS FLEXIBILITY, ACCESS, & CONTROL Customer Microsoft On-Premises IaaS PaaS SaaS
Model Realworld Attacks • Model Emerging Threats, Use Blended Threats • Exfiltrate & Leverage Compromised Data • Escape And Evade / Persistence Identify Gaps In Security Story • Measure Time To Compromise (Mttc) / Pwnage (Mttp) • Highlight Security Monitoring & Recovery Gaps • Improve Incident Response Demonstrable Impact • Prove Need For Assume Breach • Enumerate Business Risks • Justify Resources, Priorities & Investment Needs
Exercises Ability To Detect & Respond • Detect Attack & Penetration (MTTD) • Respond & Recover To Attack & Penetration (MTT) • Practiced Incident Response Enhances Situational Awareness • Produces Actionable Intelligence • Full Visibility Into Actual Conditions Within Environment • Data Analysis & Forensics For Attack & Breach Indicators Measure Readiness & Impact • Accurately Assesses Real- world Attacks • Identifies Gaps & Investment Needs • Focus On Slowing Down Attackers & Speeding Recovery • Hardening That Prevents Future Attacks
Trusted Cloud Principles
Assume Breach
Physical data center security Cameras 24X7 security staff Barriers Fencing Alarms Two-factor access control: Biometric readers & card readers Security operations center Days of backup power Seismic bracing BuildingPerimeter Computer room
Secure Multi-Tenancy Architecture • Centrally manages the platform and helps isolate customer environments using the Fabric Controller • Runs a configuration-hardened version of Windows Server as the Host OS • Uses Hyper-V, a battle tested and enterprise proven hypervisor • Runs Windows Server and Linux on Guest VMs for platform services • Manages their environment through service management interfaces and subscriptions • Chooses from the gallery or brings their own OS for their Virtual Machines Azure Customer SQL Database Fabric Controller Azure Storage Guest VM Guest VM Customer 2 Guest VM Customer 1 Customer Admin Portal SMAPI Host OS Hypervisor Microsoft Azure End Users 25
Data Segregation Storage isolation: • Access is through Storage account keys and Shared Access Signature (SAS) keys • Storage blocks are hashed by the hypervisor to separate accounts SQL isolation: • SQL Database isolates separate databases using SQL accounts Network isolation: • VM switch at the host level blocks inter-tenant communication • Design same principles for multi-tenancy Azure Customer 26 Fabric Controller Customer Admin Guest VM Guest VM Customer 2 Guest VM Customer 1Portal SMAPI End Users Host OS Hypervisor Microsoft Azure Azure Storage SQL Database Access Control
Azure platform services infrastructure protection 1. Azure Protection Layer A: The Network Access Layer Layer B: Azure’s DDoS/DOS/IDS Layer Layer C: Host firewalls protect all the hosts, and the VLANs Layer D: Conformance with security and privacy requirements includes two-factor authentication for operators. 2. Customer protection: Layers 1-2: The distributed firewall isolates customer’s Layer 3: The virtual network can be managed similar to an on-premises private network. i. Inside the VM: Firewalls, IDS, and DoS solutions. ii. Virtual network appliances
Azure Customer
DDoS System Protection Overview MSFT Routing Layer Detection Pipeline Profile DB Scrubbing Array SLB Application Attack Traffic Scrubbed Traffic Flow Data Routing Updates Internet • Traffic is re-routed to scrubbers via dynamic routing updates • Traffic is SYN auth. and rate limited MITIGATION PROCESS • Traffic to a given /32 VIP Inbound or Outbound is tracked, recorded, and analyzed in real time to determine attack behavior DETECTION PROCESS • TCP SYN • UDP/ICMP/TCP Flood SUPPORTED DDOS ATTACK PROFILES 30
Threat Protection • Performs big data analysis of logs for intrusion detection & prevention for the platform • Employs denial of service attack prevention measures for the platform • Regularly performs penetration testing • Can add extra layers of protection by deploying additional controls, including DOS, IDS, web application firewalls • Conducts authorized penetration testing of their application Azure Customer Customer Environment Cloud Access & Firewall Virtual network Application tier Logic tier Database tier VPN Corp 1 Internet End Users 443 443 Microsoft Azure THREAT DETECTION: DOS/IDS Capabilities 32
Customer 2 INTERNET Isolated Virtual Networks Customer 1 Isolated Virtual Network Deployment X Deployment X Deployment Y Portal Smart API Customer Admin VNET to VNET Cloud Access Layer Web Endpoint (public access) RDP Endpoint (password access) Client Client VPN Corp 1 Microsoft Azure Portal SMAPI
!
Azure Active Directory 2FA Mandatory Active Directory Microsoft Azure Active Directory • Secure access management requires strong, centralized, identity management. • Active Directory (AD) helps you with that on-premises. • Azure Active Directory (AAD) helps you in Azure…and in Office 365, and in 1200+ apps. • AD and AAD are tightly integrated, to enable single sign- on, a single directory, and centralized management. • AD and AAD help address your compliance requirements. Azure Active Directory (AAD) integration • Two Factor Authentication can be implemented with Phone Factor or with AD on-premises. Use Two Factor Authentication or DevOPs to access your production services 35
Threat Protection • Uses password hashes for synchronization • Offers security reporting that tracks inconsistent traffic patterns, including: • Sign ins from unknown sources • Multiple failed sign ins • Sign ins from multiple geographies in short timeframes • Sign ins from suspicious IP addresses and suspicious devices • Reviews reports and mitigates potential threats • Can enable Multi-Factor Authentication Azure Customer User Non-user
Transparency & independent verification AIDS CUSTOMERS IN MEETING SECURITY & COMPLIANCE OBLIGATIONS Best practices and guidance Third-party verification Cloud Security Alliance Security Intelligence report Compliance packages Trust Center Access to audit reports Security Response Center progress report
Global datacenter footprint 100+ Datacenters in over 40 countries
Azure Customer
and • Public preview now available globally! RMS SDK.NET Crypto SQL TDE Bitlocker Partners EFS Bitlocker StorSimple
Operations Security Assurance HIPAA/ HITECH CJISSOC 1 201220112010 SOC 2 FedRAMP P-ATO FISMA ATO UK G-Cloud OFFICIAL 2013 2014 2015 ISO/IEC 27001:2005 CSA Cloud Controls Matrix PCI DSS Level 1 AU IRAP Accreditation Singapore MCTS ISO/IEC 27018 EU Data Protection Directive CDSA
Data Deletion Data destruction • Wiping is NIST 800-88 compliant • Defective disks are destroyed • Index immediately removed from primary location • Geo-replicated copy of the data (index) removed asynchronously • Customers can only read from disk space they have written to Disk Handling
Data use policies Azure does not share data with its advertiser- supported services Azure does not mine Customer Data for advertising Read the fine print of other cloud service provider’s privacy statements
• Portal access • Uses Live ID (Microsoft Account) • Go to http://manage.windowsazure.com • Role: Service Administrator or Co-Administrator • Uses special REST API without providing certificate • Management certificate • Certificate can be self-signed • Does not check certificate expiration • Used by PowerShell • Used by REST API • Storage access • Uses secret key • Or anonymous share access • RDP VM access • Uses username/password Authentication and Access (4x)
• Portal access • Uses Live ID (Microsoft Account) –> Better have AAD / Org ID + MFA • Implement RBAC  JEA principle • Management certificate • ARE EVIL !!!!! • Only Use them in a management solution when that is the ONLY option! • Storage access • I’v got the key … I’ve got ALL your Secrets • If needed? IMPLEMENT KEY VAULT! • RDP VM access • Harden from the outside , and access through GW / S2S / ER • Better implement SSH / PoSh Remoting over SSL Authentication and Access … BUT…!
• Network Security Groups • Firewalls before the Gateways • ACL’s • inside the guest OS firewall • Network ACLs on public IP addresses • Network ACLs at the corporate firewall • IPsec inside the guest OS • Network Isolation Network Security
Role Based Access in Azure – aka RBAC • Role • Collection of actions • Role Assignment • Access is granted to AAD users and services role assignment on the resources. • Azure AD Security Principals • Roles can be assigned to the following types of Azure AD security principals: • Users • Groups • Service principals
RBAC in Azure •Portal Management •Powershell foreach ($roledef in Get-AzureRMRoleDefinition) { Write-Host 'Role: '$roledef.Name Write-Host 'Actions' (Get-AzureRMRoleDefinition -Name $roledef.Name).Actions Write-Host 'NoActions' (Get-AzureRoleRMDefinition -Name $roledef.Name).NoActions Write-Host ([Environment]::NewLine) }
Microsoft Azure IaaS SaaSPaaS Microsoft Azure Key Vault Import keys HSM KeyVault Safeguard cryptographic keys and other secrets used by cloud apps and services • Increase security and control over keys and passwords • Create and import encryption keys in minutes • Applications have no direct access to keys • Use FIPS 140-2 Level 2 certified HSMs • Reduce latency with cloud scale and global redundancy
SQL Server Scenario
Applying to Azure - Infrastructure • Port scanning: the only open ports are those defined by us! • Denial of service: • External: depends on our settings, but the Fabric Controller tries to identify the attacks • Internal: all DOS attacks initiated from internal VMs will result in removing those VMs from the network • Spoofing: compromised machines cannot impersonate VMs from the Fabric Controller (broadcast and multicast are blocked, https between VMs and FC) • Sniffing: the Hyper-V switch prevents sniffing from a VM to another VM on the same host; racks switches block it to other VMs • VMs are untrusted by the Root OS Hypervisor
•Endpoints •Antimalwae extensions •Storage access •Bitlocker Support on Disks VM Security
Configuring Virtual Machine Security • Firewall rules • Leveraging public/private/domain profiles • Access control lists (ACL) • Controls port access through at subnet level • IP address blacklisting • VM endpoint rules (up to 50 per endpoint) • Rule ordering • Encryption • DPAPI not supported for cloud service • Secure key data with encryption keys • CloudLink
Endpoint ACL’s Using Network ACLs, you can do the following: • Selectively permit or deny incoming traffic based on remote subnet IPv4 address range to a virtual machine input endpoint. • Blacklist IP addresses • Create multiple rules per virtual machine endpoint • Specify up to 50 ACL rules per virtual machine endpoint • Use rule ordering to ensure the correct set of rules are applied on a given virtual machine endpoint (lowest to highest) • Specify an ACL for a specific remote subnet IPv4 address.
Network Security Groups (NSG) • Enables network segmentation & DMZ scenarios • Access Control List • Filter conditions with allow/deny • Individual addresses, address prefixes, wildcards • Associate with VMs or subnets • ACLs can be updated independent of VMs Virtual Network Backend 10.3/16 Mid-tier 10.2/16 Frontend 10.1/16 VPN GW Internet On Premises 10.0/16 S2S VPNs Internet
DMZ in a Virtual Network Web Proxy App Servers Database DMZ DNS Servers NSG NSG NSG NSG
Security considerations when using NSG •Endpoint ACLs and Network Security Groups don’t work together •Multi-NIC : for now the Network Security Group rules apply only to the traffic in primary NIC •For RDP endpoints for VM’s and Network Security Group : NSG does not allow access to any port from Internet, you have to create a specific rule to allow RDP traffic.
Azure Application Gateway  Azure-managed, first party virtual appliances  HTTP routing based on app-level policies  Cookies affinity  URL hash  SSL termination and caching
ARM/PS cmdlets HOST 1. Customer opt into enabling disk encryption 2. Customer provide identity and other encryption configuration to Azure Portal/API to provision encryption key material* in their key vault 3. Azure service management updates service model with encryption and key vault configuration and Azure platform push the encryption extension on the VM 4. Encryption extension initiate encryption on the VM 5. VM is encrypted * Key Material – BitLocker Encryption Keys [Windows], Passphrase [Linux] Azure Active Directory Azure Storage Customer Key Vault Virtual Machine Service Management Encryption Extension Encrypted Disks Encryption Configuration
Applying to Azure - applications • Use custom domains instead of myapp.cloudapp.net and scope cookies to your custom domain; scripting! • Access to Azure Storage using Shared Access Signatures; attention to REST query injection • SQL Database: pay attention to SQL Injection; no TDE • Auditing -> Azure Tables • Authentication using Azure’s ACS, Azure AD, Windows Identity Foundation -> rely on existing patterns and user stores!
Your identity goes with you 3rd party clouds/hosting Azure AD You
Self-service Single sign on ••••••••••• Username Identity as the control plane Simple connection Cloud SaaS Azure Office 365Public cloud Other Directories Windows Server Active Directory On-premises Microsoft Azure Active Directory
Microsoft Azure Active Directory Cloud App Discovery 10x Source: Help Net Security 2014 as many Cloud apps are in use than IT estimates • SaaS app category • Number of users • Utilization volume Comprehensive reporting Discover all SaaS apps in use within your organization
Azure Active Directory Connect* Microsoft Azure Active Directory Other Directories PowerShell LDAP v3 SQL (ODBC) Web Services ( SOAP, JAVA, REST) *
IT professional
alerts.
B2B: cross-organization collaboration “I need to let my partners access my company’s apps using their own credentials.” Share without complex configuration or duplicate users. A user at a large partner may log into my company’s apps with their Active Directory usernames and passwords. A user at a smaller partner may log into my company’s apps with their Office 365 usernames and passwords. Admin configures sharing for cloud apps. “I can’t email my 25 MB file and need to share it with a partner using Box.com.” Seamlessly provide Azure Active Directory to customers & partners For example, a user at a partner can set up everyone in their company. Users can bring their own email-based or social identities.
Azure Active Directory B2C offering is tailored for enterprises who serve large populations (100’s of thousands to millions) of individual customers, and whose business success depends upon consumer adoption of web applications for improving customer satisfaction and reducing operational costs. Azure Active Directory B2C(Business-to-Consumer ) AzureActiveDirectoryB2Cwill include: Self-Service User registration Login with Social IdP or create your own credentials Optional MFA Bulk user import tools SSO to multiple web sites User interface customization
Cloud Domain Join makes it possible to connect work-owned Windows devices to your company’s Azure Active Directory tenancy in the cloud. Users can sign-in to Windows with their cloud-hosted work credentials and enjoy modern Windows experiences. Cloud Domain Joined Devices EnterprisecompliantServices RoamingSettings,Windowsbackup/Restore,Storeaccess… DatastoredinenterprisecompliantbackendservicesonAzure. NoneedtoaddapersonalMicrosoftaccount. SSOfromthedesktoptoorg resources SSOfromdesktoptoOffice365and1,000’sofenterpriseapps,websites andresources. Accessenterprise-curatedStoreandinstallappsusingaworkaccount. Management AutomaticMDMenrollmentduringfirst-runexperience. Supportfor hybrid environments TraditionalDomainJoinedPCsalsobenefitfromCloudDomainJoin functionalitywhentheon-premActiveDirectoryisconnectedwithan AzureActiveDirectoryinthecloud. Cloud Domain Join
Azure AD : Identity driven security SSO + MFA Conditional access Cloud App Discovery Advanced security reporting Privileged Identity Management
Log Management – Collect, correlate and visualize all your machine data OMS Log Analytics Machine data from on-premises and Cloud Insights OperationalInsights AZURE BLOB SEARCH SERVICE PORTAL DATA PROCESSING ENGINE Troubleshooting  Correlate & Search data from multiple sources  Collect custom data types  Build dashboards powered by search queries Operation Insights  Forecast future capacity needs and pinpoint performance bottlenecks  Check your update and malware protection status Security Intelligence  Identify security breaches  Meet compliance requirements for auditing  Analyze security data REAL TIME DASHBOARDS & REPORTING SCALABLESEARCH READY MADE INTELLIGENCE Key Benefits: Event Logs | IIS Logs | Security Logs Performance Counters | Syslog | & many more Machine Data Windows & Linux Server Servers forwarding data through SCOM Windows & Linux Server Servers directly forwarding data Cloud VMs
• • • • • •
OMS Agent For Linux What sorts of data can I collect? •Syslog: Collect your choice of syslog events from rsyslog and syslog-ng •Performance Metrics: We can collect 70+ performance metrics at a 30 second granularity using our new. Get metrics from the following objects: System, Processor, Memory & Swap space, Process, Logical Disk (File System) and Physical Disk. Full list of Performance Counters. •Docker container logs, metrics & inventory: We show information about where your containers and container hosts are, which containers are running or failed, and Docker dameon and container logs sent to stdout and stderr. We also show performance metrics such as CPU, memory, network and storage for the container and hosts to help you troubleshoot and find noisy neighbor containers. We support Docker version 1.8+. •Alerts from Nagios + Zabbix: The agent can collect alerts from your most popular monitoring tools. This allows you to view all your alerts from all your tools in a single pain of glass! Combine this with our existing support for collection of alerts from Operations Manager. We currently support Nagios 3+ and Zabbix 2.x. •Apache & MySQL performance metrics: Collect performance metrics about your MySQL/MariaDB server performance and databases and Apache HTTP Servers and Virtual Hosts.
How Data Flows to OMS Microsoft Operations Management Suite Your Environment Portal ‘multiple’ mgmt groups https://preview.systemcenteradvisor.com/Content/AdvisorCore/Resources/Security.pdf
Introducing
Unified view of all security related information, relevant threats and recommendations Central management of security policies, network configuration, virtual machine baselines, etc. Integrated security event logging and monitoring, including events from partner solutions
Define policies for your Azure subscriptions according to your company security needs Security recommendations guide resource owners through the process of implementing required controls Rapidly deploy security services and appliances from Microsoft and partners, like firewalls and endpoint protection
Constantly collects, analyzes, and fuses security events from your Azure resources, the network, and integrated partner solutions Leverages global threat intelligence from Microsoft products and services, Digital Crime and Incident Response Centers, and third party feeds Creates prioritized security alerts with insight into the attack and recommendations on how to remediate
Staying connected http://azure.microsoft.com/en-us/support/trust-center/ http://blogs.msdn.com/b/azuresecurity/ https://azure.microsoft.com/en-us/blog/microsoft-azure-network-security- whitepaper-version-3-is-now-available/

Recomendados

Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure PlatformDavid Chou
 
Azure Networking - The First Technical Challenge
Azure Networking - The First Technical ChallengeAzure Networking - The First Technical Challenge
Azure Networking - The First Technical ChallengeAidan Finn
 
Introduction to Microsoft Azure 101
Introduction to Microsoft Azure 101Introduction to Microsoft Azure 101
Introduction to Microsoft Azure 101R M Shahidul Islam Shahed
 
BizTalk Server 2013 in Windows Azure IaaS
BizTalk Server 2013 in Windows Azure IaaSBizTalk Server 2013 in Windows Azure IaaS
BizTalk Server 2013 in Windows Azure IaaSBizTalk360
 
Azure WAF
Azure WAFAzure WAF
Azure WAFCheah Eng Soon
 
Introduction to Azure IaaS
Introduction to Azure IaaSIntroduction to Azure IaaS
Introduction to Azure IaaSRobert Crane
 
Creation of cloud application using microsoft azure by vaishali sahare [katkar]
Creation of cloud application using microsoft azure by vaishali sahare [katkar]Creation of cloud application using microsoft azure by vaishali sahare [katkar]
Creation of cloud application using microsoft azure by vaishali sahare [katkar]vaishalisahare123
 
Azure hands on lab
Azure hands on labAzure hands on lab
Azure hands on labAtanas Gergiminov
 

Recomendados

Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure PlatformDavid Chou
 
Azure Networking - The First Technical Challenge
Azure Networking - The First Technical ChallengeAzure Networking - The First Technical Challenge
Azure Networking - The First Technical ChallengeAidan Finn
 
Introduction to Microsoft Azure 101
Introduction to Microsoft Azure 101Introduction to Microsoft Azure 101
Introduction to Microsoft Azure 101R M Shahidul Islam Shahed
 
BizTalk Server 2013 in Windows Azure IaaS
BizTalk Server 2013 in Windows Azure IaaSBizTalk Server 2013 in Windows Azure IaaS
BizTalk Server 2013 in Windows Azure IaaSBizTalk360
 
Azure WAF
Azure WAFAzure WAF
Azure WAFCheah Eng Soon
 
Introduction to Azure IaaS
Introduction to Azure IaaSIntroduction to Azure IaaS
Introduction to Azure IaaSRobert Crane
 
Creation of cloud application using microsoft azure by vaishali sahare [katkar]
Creation of cloud application using microsoft azure by vaishali sahare [katkar]Creation of cloud application using microsoft azure by vaishali sahare [katkar]
Creation of cloud application using microsoft azure by vaishali sahare [katkar]vaishalisahare123
 
Azure hands on lab
Azure hands on labAzure hands on lab
Azure hands on labAtanas Gergiminov
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
The Basics of Getting Started With Microsoft Azure
The Basics of Getting Started With Microsoft AzureThe Basics of Getting Started With Microsoft Azure
The Basics of Getting Started With Microsoft AzureMicrosoft Azure
 
Azure deployments and ARM templates
Azure deployments and ARM templatesAzure deployments and ARM templates
Azure deployments and ARM templatesgjuljo
 
Azure in Developer Perspective
Azure in Developer PerspectiveAzure in Developer Perspective
Azure in Developer Perspectiverizaon
 
2 Speed IT powered by Microsoft Azure and Minecraft
2 Speed IT powered by Microsoft Azure and Minecraft2 Speed IT powered by Microsoft Azure and Minecraft
2 Speed IT powered by Microsoft Azure and MinecraftSriram Hariharan
 
AppSphere 15 - Microsoft Azure for Developers & DevOps
AppSphere 15 - Microsoft Azure for Developers & DevOpsAppSphere 15 - Microsoft Azure for Developers & DevOps
AppSphere 15 - Microsoft Azure for Developers & DevOpsAppDynamics
 
Migrating Existing ASP.NET Web Applications to Microsoft Azure
Migrating Existing ASP.NET Web Applications to Microsoft AzureMigrating Existing ASP.NET Web Applications to Microsoft Azure
Migrating Existing ASP.NET Web Applications to Microsoft AzureIlyas F ☁☁☁
 
Get your site microsoft edge ready
Get your site microsoft edge readyGet your site microsoft edge ready
Get your site microsoft edge readyMostafa
 
Azure privatelink
Azure privatelinkAzure privatelink
Azure privatelinkUdaiappa Ramachandran
 
Building & managing wa app wely
Building & managing wa app welyBuilding & managing wa app wely
Building & managing wa app welySpiffy
 
Deep dive into azure virtual machines
Deep dive into azure virtual machinesDeep dive into azure virtual machines
Deep dive into azure virtual machinesJasjit Chopra
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureDavid J Rosenthal
 
Understanding the Windows Azure platform - june
Understanding the Windows Azure platform - juneUnderstanding the Windows Azure platform - june
Understanding the Windows Azure platform - juneDavidGristwood
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overviewgjuljo
 
Windows Azure Essentials V3
Windows Azure Essentials V3Windows Azure Essentials V3
Windows Azure Essentials V3Michele Leroux Bustamante
 
Azure News Slides for October2017 - Azure Nights User Group
Azure News Slides for October2017 - Azure Nights User GroupAzure News Slides for October2017 - Azure Nights User Group
Azure News Slides for October2017 - Azure Nights User GroupMichael Frank
 
Cloud computing and the Windows Azure Services Platform (KU Leuven)
Cloud computing and the Windows Azure Services Platform (KU Leuven)Cloud computing and the Windows Azure Services Platform (KU Leuven)
Cloud computing and the Windows Azure Services Platform (KU Leuven)Maarten Balliauw
 
Digitally Transform (And Keep) Your On-Premises File Servers
Digitally Transform (And Keep) Your On-Premises File ServersDigitally Transform (And Keep) Your On-Premises File Servers
Digitally Transform (And Keep) Your On-Premises File ServersAidan Finn
 
Microsoft Azure Overview Infographic
Microsoft Azure Overview InfographicMicrosoft Azure Overview Infographic
Microsoft Azure Overview InfographicMicrosoft Azure
 
Global Azure Bootcamp 2018 - Oh no my organization went Azure
Global Azure Bootcamp 2018 - Oh no my organization went AzureGlobal Azure Bootcamp 2018 - Oh no my organization went Azure
Global Azure Bootcamp 2018 - Oh no my organization went AzureKarim Vaes
 
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureK.Mohamed Faizal
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersTobias Koprowski
 

Más contenido relacionado

La actualidad más candente

[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
The Basics of Getting Started With Microsoft Azure
The Basics of Getting Started With Microsoft AzureThe Basics of Getting Started With Microsoft Azure
The Basics of Getting Started With Microsoft AzureMicrosoft Azure
 
Azure deployments and ARM templates
Azure deployments and ARM templatesAzure deployments and ARM templates
Azure deployments and ARM templatesgjuljo
 
Azure in Developer Perspective
Azure in Developer PerspectiveAzure in Developer Perspective
Azure in Developer Perspectiverizaon
 
2 Speed IT powered by Microsoft Azure and Minecraft
2 Speed IT powered by Microsoft Azure and Minecraft2 Speed IT powered by Microsoft Azure and Minecraft
2 Speed IT powered by Microsoft Azure and MinecraftSriram Hariharan
 
AppSphere 15 - Microsoft Azure for Developers & DevOps
AppSphere 15 - Microsoft Azure for Developers & DevOpsAppSphere 15 - Microsoft Azure for Developers & DevOps
AppSphere 15 - Microsoft Azure for Developers & DevOpsAppDynamics
 
Migrating Existing ASP.NET Web Applications to Microsoft Azure
Migrating Existing ASP.NET Web Applications to Microsoft AzureMigrating Existing ASP.NET Web Applications to Microsoft Azure
Migrating Existing ASP.NET Web Applications to Microsoft AzureIlyas F ☁☁☁
 
Get your site microsoft edge ready
Get your site microsoft edge readyGet your site microsoft edge ready
Get your site microsoft edge readyMostafa
 
Building & managing wa app wely
Building & managing wa app welyBuilding & managing wa app wely
Building & managing wa app welySpiffy
 
Deep dive into azure virtual machines
Deep dive into azure virtual machinesDeep dive into azure virtual machines
Deep dive into azure virtual machinesJasjit Chopra
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureDavid J Rosenthal
 
Understanding the Windows Azure platform - june
Understanding the Windows Azure platform - juneUnderstanding the Windows Azure platform - june
Understanding the Windows Azure platform - juneDavidGristwood
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overviewgjuljo
 
Azure News Slides for October2017 - Azure Nights User Group
Azure News Slides for October2017 - Azure Nights User GroupAzure News Slides for October2017 - Azure Nights User Group
Azure News Slides for October2017 - Azure Nights User GroupMichael Frank
 
Cloud computing and the Windows Azure Services Platform (KU Leuven)
Cloud computing and the Windows Azure Services Platform (KU Leuven)Cloud computing and the Windows Azure Services Platform (KU Leuven)
Cloud computing and the Windows Azure Services Platform (KU Leuven)Maarten Balliauw
 
Digitally Transform (And Keep) Your On-Premises File Servers
Digitally Transform (And Keep) Your On-Premises File ServersDigitally Transform (And Keep) Your On-Premises File Servers
Digitally Transform (And Keep) Your On-Premises File ServersAidan Finn
 
Microsoft Azure Overview Infographic
Microsoft Azure Overview InfographicMicrosoft Azure Overview Infographic
Microsoft Azure Overview InfographicMicrosoft Azure
 
Global Azure Bootcamp 2018 - Oh no my organization went Azure
Global Azure Bootcamp 2018 - Oh no my organization went AzureGlobal Azure Bootcamp 2018 - Oh no my organization went Azure
Global Azure Bootcamp 2018 - Oh no my organization went AzureKarim Vaes
 

La actualidad más candente (20)

[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
 
The Basics of Getting Started With Microsoft Azure
The Basics of Getting Started With Microsoft AzureThe Basics of Getting Started With Microsoft Azure
The Basics of Getting Started With Microsoft Azure
 
Azure deployments and ARM templates
Azure deployments and ARM templatesAzure deployments and ARM templates
Azure deployments and ARM templates
 
Azure in Developer Perspective
Azure in Developer PerspectiveAzure in Developer Perspective
Azure in Developer Perspective
 
2 Speed IT powered by Microsoft Azure and Minecraft
2 Speed IT powered by Microsoft Azure and Minecraft2 Speed IT powered by Microsoft Azure and Minecraft
2 Speed IT powered by Microsoft Azure and Minecraft
 
AppSphere 15 - Microsoft Azure for Developers & DevOps
AppSphere 15 - Microsoft Azure for Developers & DevOpsAppSphere 15 - Microsoft Azure for Developers & DevOps
AppSphere 15 - Microsoft Azure for Developers & DevOps
 
Migrating Existing ASP.NET Web Applications to Microsoft Azure
Migrating Existing ASP.NET Web Applications to Microsoft AzureMigrating Existing ASP.NET Web Applications to Microsoft Azure
Migrating Existing ASP.NET Web Applications to Microsoft Azure
 
Get your site microsoft edge ready
Get your site microsoft edge readyGet your site microsoft edge ready
Get your site microsoft edge ready
 
Azure privatelink
Azure privatelinkAzure privatelink
Azure privatelink
 
Building & managing wa app wely
Building & managing wa app welyBuilding & managing wa app wely
Building & managing wa app wely
 
Deep dive into azure virtual machines
Deep dive into azure virtual machinesDeep dive into azure virtual machines
Deep dive into azure virtual machines
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft Azure
 
Understanding the Windows Azure platform - june
Understanding the Windows Azure platform - juneUnderstanding the Windows Azure platform - june
Understanding the Windows Azure platform - june
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overview
 
Windows Azure Essentials V3
Windows Azure Essentials V3Windows Azure Essentials V3
Windows Azure Essentials V3
 
Azure News Slides for October2017 - Azure Nights User Group
Azure News Slides for October2017 - Azure Nights User GroupAzure News Slides for October2017 - Azure Nights User Group
Azure News Slides for October2017 - Azure Nights User Group
 
Cloud computing and the Windows Azure Services Platform (KU Leuven)
Cloud computing and the Windows Azure Services Platform (KU Leuven)Cloud computing and the Windows Azure Services Platform (KU Leuven)
Cloud computing and the Windows Azure Services Platform (KU Leuven)
 
Digitally Transform (And Keep) Your On-Premises File Servers
Digitally Transform (And Keep) Your On-Premises File ServersDigitally Transform (And Keep) Your On-Premises File Servers
Digitally Transform (And Keep) Your On-Premises File Servers
 
Microsoft Azure Overview Infographic
Microsoft Azure Overview InfographicMicrosoft Azure Overview Infographic
Microsoft Azure Overview Infographic
 
Global Azure Bootcamp 2018 - Oh no my organization went Azure
Global Azure Bootcamp 2018 - Oh no my organization went AzureGlobal Azure Bootcamp 2018 - Oh no my organization went Azure
Global Azure Bootcamp 2018 - Oh no my organization went Azure
 

Similar a Enter The Matrix Securing Azure’s Assets

Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureK.Mohamed Faizal
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersTobias Koprowski
 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-securityober64
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanO365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanNCCOMMS
 
Microsoft Azure : Hey ITPRo's Meet Azure .. .again!
Microsoft Azure : Hey ITPRo's Meet Azure .. .again!Microsoft Azure : Hey ITPRo's Meet Azure .. .again!
Microsoft Azure : Hey ITPRo's Meet Azure .. .again!Mike Martin
 
azure track -03- it pros meet azure - again
azure track -03- it pros meet azure - againazure track -03- it pros meet azure - again
azure track -03- it pros meet azure - againITProceed
 
Building Azure RemoteApp - Microsoft Campus Days 2014
Building Azure RemoteApp - Microsoft Campus Days 2014Building Azure RemoteApp - Microsoft Campus Days 2014
Building Azure RemoteApp - Microsoft Campus Days 2014Morgan Simonsen
 
KoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginnersKoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginnersTobias Koprowski
 
azure-security-overview-slideshare-180419183626.pdf
azure-security-overview-slideshare-180419183626.pdfazure-security-overview-slideshare-180419183626.pdf
azure-security-overview-slideshare-180419183626.pdfBenAissaTaher1
 
70 533 - Module 01 - Introduction to Azure
70 533 - Module 01 - Introduction to Azure70 533 - Module 01 - Introduction to Azure
70 533 - Module 01 - Introduction to AzureGeorges-Emmanuel TOPE
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADuberbaum
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewAllen Brokken
 
KoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginnersKoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginnersTobias Koprowski
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKPeter Selch Dahl
 
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?Tobias Koprowski
 
NIC - Windows Azure Pack - Level 300
NIC - Windows Azure Pack - Level 300NIC - Windows Azure Pack - Level 300
NIC - Windows Azure Pack - Level 300Kristian Nese
 
Cloudtechnologyassociatepart 1
Cloudtechnologyassociatepart 1Cloudtechnologyassociatepart 1
Cloudtechnologyassociatepart 1Anne Starr
 
Active Directory 2019 v2.pptx
Active Directory 2019 v2.pptxActive Directory 2019 v2.pptx
Active Directory 2019 v2.pptxPradeep Kapkoti
 
Introductorytocomputing
IntroductorytocomputingIntroductorytocomputing
IntroductorytocomputingAnne Starr
 

Similar a Enter The Matrix Securing Azure’s Assets (20)

Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft AzureConnect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft Azure
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginners
 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-security
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanO365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
 
Microsoft Azure : Hey ITPRo's Meet Azure .. .again!
Microsoft Azure : Hey ITPRo's Meet Azure .. .again!Microsoft Azure : Hey ITPRo's Meet Azure .. .again!
Microsoft Azure : Hey ITPRo's Meet Azure .. .again!
 
azure track -03- it pros meet azure - again
azure track -03- it pros meet azure - againazure track -03- it pros meet azure - again
azure track -03- it pros meet azure - again
 
Building Azure RemoteApp - Microsoft Campus Days 2014
Building Azure RemoteApp - Microsoft Campus Days 2014Building Azure RemoteApp - Microsoft Campus Days 2014
Building Azure RemoteApp - Microsoft Campus Days 2014
 
KoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginnersKoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginners
 
azure-security-overview-slideshare-180419183626.pdf
azure-security-overview-slideshare-180419183626.pdfazure-security-overview-slideshare-180419183626.pdf
azure-security-overview-slideshare-180419183626.pdf
 
70 533 - Module 01 - Introduction to Azure
70 533 - Module 01 - Introduction to Azure70 533 - Module 01 - Introduction to Azure
70 533 - Module 01 - Introduction to Azure
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
KoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginnersKoprowskiT_SQLSat419_WADBforBeginners
KoprowskiT_SQLSat419_WADBforBeginners
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
 
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
InfoTRAMS - Czy platforma Microsoft Azure jest biznoseow bezpieczna?
 
NIC - Windows Azure Pack - Level 300
NIC - Windows Azure Pack - Level 300NIC - Windows Azure Pack - Level 300
NIC - Windows Azure Pack - Level 300
 
Cloudtechnologyassociatepart 1
Cloudtechnologyassociatepart 1Cloudtechnologyassociatepart 1
Cloudtechnologyassociatepart 1
 
Active Directory 2019 v2.pptx
Active Directory 2019 v2.pptxActive Directory 2019 v2.pptx
Active Directory 2019 v2.pptx
 
Introductorytocomputing
IntroductorytocomputingIntroductorytocomputing
Introductorytocomputing
 

Más de BizTalk360

Optimise Business Activity Tracking – Insights from Smurfit Kappa
Optimise Business Activity Tracking – Insights from Smurfit KappaOptimise Business Activity Tracking – Insights from Smurfit Kappa
Optimise Business Activity Tracking – Insights from Smurfit KappaBizTalk360
 
Optimise Business Activity Tracking – Insights from Smurfit Kappa
Optimise Business Activity Tracking – Insights from Smurfit KappaOptimise Business Activity Tracking – Insights from Smurfit Kappa
Optimise Business Activity Tracking – Insights from Smurfit KappaBizTalk360
 
What's inside "migrating to biz talk server 2020" Book (BizTalk360 Webinar)
What's inside "migrating to biz talk server 2020" Book (BizTalk360 Webinar)What's inside "migrating to biz talk server 2020" Book (BizTalk360 Webinar)
What's inside "migrating to biz talk server 2020" Book (BizTalk360 Webinar)BizTalk360
 
Integration Monday - Logic Apps: Development Experiences
Integration Monday - Logic Apps: Development ExperiencesIntegration Monday - Logic Apps: Development Experiences
Integration Monday - Logic Apps: Development ExperiencesBizTalk360
 
Integration Monday - BizTalk Migrator Deep Dive
Integration Monday - BizTalk Migrator Deep DiveIntegration Monday - BizTalk Migrator Deep Dive
Integration Monday - BizTalk Migrator Deep DiveBizTalk360
 
Testing for Logic App Solutions | Integration Monday
Testing for Logic App Solutions | Integration MondayTesting for Logic App Solutions | Integration Monday
Testing for Logic App Solutions | Integration MondayBizTalk360
 
System Integration using Reactive Programming | Integration Monday
System Integration using Reactive Programming | Integration MondaySystem Integration using Reactive Programming | Integration Monday
System Integration using Reactive Programming | Integration MondayBizTalk360
 
Building workflow solution with Microsoft Azure and Cloud | Integration Monday
Building workflow solution with Microsoft Azure and Cloud | Integration MondayBuilding workflow solution with Microsoft Azure and Cloud | Integration Monday
Building workflow solution with Microsoft Azure and Cloud | Integration MondayBizTalk360
 
Serverless Minimalism: How to architect your apps to save 98% on your Azure b...
Serverless Minimalism: How to architect your apps to save 98% on your Azure b...Serverless Minimalism: How to architect your apps to save 98% on your Azure b...
Serverless Minimalism: How to architect your apps to save 98% on your Azure b...BizTalk360
 
Migrating BizTalk Solutions to Azure: Mapping Messages | Integration Monday
Migrating BizTalk Solutions to Azure: Mapping Messages | Integration MondayMigrating BizTalk Solutions to Azure: Mapping Messages | Integration Monday
Migrating BizTalk Solutions to Azure: Mapping Messages | Integration MondayBizTalk360
 
Integration-Monday-Infrastructure-As-Code-With-Terraform
Integration-Monday-Infrastructure-As-Code-With-TerraformIntegration-Monday-Infrastructure-As-Code-With-Terraform
Integration-Monday-Infrastructure-As-Code-With-TerraformBizTalk360
 
Integration-Monday-Stateful-Programming-Models-Serverless-Functions
Integration-Monday-Stateful-Programming-Models-Serverless-FunctionsIntegration-Monday-Stateful-Programming-Models-Serverless-Functions
Integration-Monday-Stateful-Programming-Models-Serverless-FunctionsBizTalk360
 
Integration-Monday-Serverless-Slackbots-with-Azure-Durable-Functions
Integration-Monday-Serverless-Slackbots-with-Azure-Durable-FunctionsIntegration-Monday-Serverless-Slackbots-with-Azure-Durable-Functions
Integration-Monday-Serverless-Slackbots-with-Azure-Durable-FunctionsBizTalk360
 
Integration-Monday-Building-Stateful-Workloads-Kubernetes
Integration-Monday-Building-Stateful-Workloads-KubernetesIntegration-Monday-Building-Stateful-Workloads-Kubernetes
Integration-Monday-Building-Stateful-Workloads-KubernetesBizTalk360
 
Integration-Monday-Logic-Apps-Tips-Tricks
Integration-Monday-Logic-Apps-Tips-TricksIntegration-Monday-Logic-Apps-Tips-Tricks
Integration-Monday-Logic-Apps-Tips-TricksBizTalk360
 
Integration-Monday-Terraform-Serverless
Integration-Monday-Terraform-ServerlessIntegration-Monday-Terraform-Serverless
Integration-Monday-Terraform-ServerlessBizTalk360
 
Integration-Monday-Microsoft-Power-Platform
Integration-Monday-Microsoft-Power-PlatformIntegration-Monday-Microsoft-Power-Platform
Integration-Monday-Microsoft-Power-PlatformBizTalk360
 
One name unify them all
One name unify them allOne name unify them all
One name unify them allBizTalk360
 
Securely Publishing Azure Services
Securely Publishing Azure ServicesSecurely Publishing Azure Services
Securely Publishing Azure ServicesBizTalk360
 

Más de BizTalk360 (20)

Optimise Business Activity Tracking – Insights from Smurfit Kappa
Optimise Business Activity Tracking – Insights from Smurfit KappaOptimise Business Activity Tracking – Insights from Smurfit Kappa
Optimise Business Activity Tracking – Insights from Smurfit Kappa
 
Optimise Business Activity Tracking – Insights from Smurfit Kappa
Optimise Business Activity Tracking – Insights from Smurfit KappaOptimise Business Activity Tracking – Insights from Smurfit Kappa
Optimise Business Activity Tracking – Insights from Smurfit Kappa
 
What's inside "migrating to biz talk server 2020" Book (BizTalk360 Webinar)
What's inside "migrating to biz talk server 2020" Book (BizTalk360 Webinar)What's inside "migrating to biz talk server 2020" Book (BizTalk360 Webinar)
What's inside "migrating to biz talk server 2020" Book (BizTalk360 Webinar)
 
Integration Monday - Logic Apps: Development Experiences
Integration Monday - Logic Apps: Development ExperiencesIntegration Monday - Logic Apps: Development Experiences
Integration Monday - Logic Apps: Development Experiences
 
Integration Monday - BizTalk Migrator Deep Dive
Integration Monday - BizTalk Migrator Deep DiveIntegration Monday - BizTalk Migrator Deep Dive
Integration Monday - BizTalk Migrator Deep Dive
 
Testing for Logic App Solutions | Integration Monday
Testing for Logic App Solutions | Integration MondayTesting for Logic App Solutions | Integration Monday
Testing for Logic App Solutions | Integration Monday
 
No-Slides
No-SlidesNo-Slides
No-Slides
 
System Integration using Reactive Programming | Integration Monday
System Integration using Reactive Programming | Integration MondaySystem Integration using Reactive Programming | Integration Monday
System Integration using Reactive Programming | Integration Monday
 
Building workflow solution with Microsoft Azure and Cloud | Integration Monday
Building workflow solution with Microsoft Azure and Cloud | Integration MondayBuilding workflow solution with Microsoft Azure and Cloud | Integration Monday
Building workflow solution with Microsoft Azure and Cloud | Integration Monday
 
Serverless Minimalism: How to architect your apps to save 98% on your Azure b...
Serverless Minimalism: How to architect your apps to save 98% on your Azure b...Serverless Minimalism: How to architect your apps to save 98% on your Azure b...
Serverless Minimalism: How to architect your apps to save 98% on your Azure b...
 
Migrating BizTalk Solutions to Azure: Mapping Messages | Integration Monday
Migrating BizTalk Solutions to Azure: Mapping Messages | Integration MondayMigrating BizTalk Solutions to Azure: Mapping Messages | Integration Monday
Migrating BizTalk Solutions to Azure: Mapping Messages | Integration Monday
 
Integration-Monday-Infrastructure-As-Code-With-Terraform
Integration-Monday-Infrastructure-As-Code-With-TerraformIntegration-Monday-Infrastructure-As-Code-With-Terraform
Integration-Monday-Infrastructure-As-Code-With-Terraform
 
Integration-Monday-Stateful-Programming-Models-Serverless-Functions
Integration-Monday-Stateful-Programming-Models-Serverless-FunctionsIntegration-Monday-Stateful-Programming-Models-Serverless-Functions
Integration-Monday-Stateful-Programming-Models-Serverless-Functions
 
Integration-Monday-Serverless-Slackbots-with-Azure-Durable-Functions
Integration-Monday-Serverless-Slackbots-with-Azure-Durable-FunctionsIntegration-Monday-Serverless-Slackbots-with-Azure-Durable-Functions
Integration-Monday-Serverless-Slackbots-with-Azure-Durable-Functions
 
Integration-Monday-Building-Stateful-Workloads-Kubernetes
Integration-Monday-Building-Stateful-Workloads-KubernetesIntegration-Monday-Building-Stateful-Workloads-Kubernetes
Integration-Monday-Building-Stateful-Workloads-Kubernetes
 
Integration-Monday-Logic-Apps-Tips-Tricks
Integration-Monday-Logic-Apps-Tips-TricksIntegration-Monday-Logic-Apps-Tips-Tricks
Integration-Monday-Logic-Apps-Tips-Tricks
 
Integration-Monday-Terraform-Serverless
Integration-Monday-Terraform-ServerlessIntegration-Monday-Terraform-Serverless
Integration-Monday-Terraform-Serverless
 
Integration-Monday-Microsoft-Power-Platform
Integration-Monday-Microsoft-Power-PlatformIntegration-Monday-Microsoft-Power-Platform
Integration-Monday-Microsoft-Power-Platform
 
One name unify them all
One name unify them allOne name unify them all
One name unify them all
 
Securely Publishing Azure Services
Securely Publishing Azure ServicesSecurely Publishing Azure Services
Securely Publishing Azure Services
 

Último

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 

Último (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 

Enter The Matrix Securing Azure’s Assets

  • 1. Sponsored & Brought to you by Enter The Matrix: Securing Azure’s Assets Mike Martin http://www.twitter.com/techmike2kx https://be.linkedin.com/in/techmike2kx
  • 2. Enter the Matrix. Securing Azure’s Assets Mike MARTIN, Architect Crosspoint Solutions
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11. Mike Martin Who Am I View more tips on my blog http://techmike2kx.wordpress.com Crosspoint Solutions (part of Cronos) Where I Work Architect, Windows Azure MVP, MEET, Insider What I Do @Techmike2kx Mike.Martin@csps.be Where To Find Me
  • 12.
  • 13. Journey to the Cloud DIFFERENTIATION AGILITY COST SaaS Solutions Higher-level services Cloud Infrastructure
  • 14. AZURE REGIONS Latest launch was in October 2015- India – Central, India – South, India – West GENERALLY AVAILABLE 6 new regions announced: Canada Central, Canada East, Germany Central, Germany North East, United Kingdom (2 – regions TBD)
  • 15. Platform Services Infrastructure Services Web Apps Mobile Apps API Management API Apps Logic Apps Notification Hubs Content Delivery Network (CDN) Media Services BizTalk Services Hybrid Connections Service Bus Storage Queues Hybrid Operations Backup StorSimple Azure Site Recovery Import/Export SQL Database DocumentDB Redis Cache Azure Search Storage Tables Data Warehouse Azure AD Health Monitoring AD Privileged Identity Management Operational Analytics Cloud Services Batch RemoteApp Service Fabric Visual Studio App Insights Azure SDK VS Online Domain Services HDInsight Machine Learning Stream Analytics Data Factory Event Hubs Mobile Engagement Data Lake IoT Hub Data Catalog Security & Management Azure Active Directory Multi-Factor Authentication Automation Portal Key Vault Store/ Marketplace VM Image Gallery & VM Depot Azure AD B2C Scheduler
  • 16. The Matrix Physical Defenses Azure Edge Defenses Your defenses Your App / code
  • 17.
  • 18. Microsoft Azure Shared responsibility REDUCES SECURITY COSTS + MAINTAINS FLEXIBILITY, ACCESS, & CONTROL Customer Microsoft On-Premises IaaS PaaS SaaS
  • 19.
  • 20. Model Realworld Attacks • Model Emerging Threats, Use Blended Threats • Exfiltrate & Leverage Compromised Data • Escape And Evade / Persistence Identify Gaps In Security Story • Measure Time To Compromise (Mttc) / Pwnage (Mttp) • Highlight Security Monitoring & Recovery Gaps • Improve Incident Response Demonstrable Impact • Prove Need For Assume Breach • Enumerate Business Risks • Justify Resources, Priorities & Investment Needs
  • 21. Exercises Ability To Detect & Respond • Detect Attack & Penetration (MTTD) • Respond & Recover To Attack & Penetration (MTT) • Practiced Incident Response Enhances Situational Awareness • Produces Actionable Intelligence • Full Visibility Into Actual Conditions Within Environment • Data Analysis & Forensics For Attack & Breach Indicators Measure Readiness & Impact • Accurately Assesses Real- world Attacks • Identifies Gaps & Investment Needs • Focus On Slowing Down Attackers & Speeding Recovery • Hardening That Prevents Future Attacks
  • 24. Physical data center security Cameras 24X7 security staff Barriers Fencing Alarms Two-factor access control: Biometric readers & card readers Security operations center Days of backup power Seismic bracing BuildingPerimeter Computer room
  • 25. Secure Multi-Tenancy Architecture • Centrally manages the platform and helps isolate customer environments using the Fabric Controller • Runs a configuration-hardened version of Windows Server as the Host OS • Uses Hyper-V, a battle tested and enterprise proven hypervisor • Runs Windows Server and Linux on Guest VMs for platform services • Manages their environment through service management interfaces and subscriptions • Chooses from the gallery or brings their own OS for their Virtual Machines Azure Customer SQL Database Fabric Controller Azure Storage Guest VM Guest VM Customer 2 Guest VM Customer 1 Customer Admin Portal SMAPI Host OS Hypervisor Microsoft Azure End Users 25
  • 26. Data Segregation Storage isolation: • Access is through Storage account keys and Shared Access Signature (SAS) keys • Storage blocks are hashed by the hypervisor to separate accounts SQL isolation: • SQL Database isolates separate databases using SQL accounts Network isolation: • VM switch at the host level blocks inter-tenant communication • Design same principles for multi-tenancy Azure Customer 26 Fabric Controller Customer Admin Guest VM Guest VM Customer 2 Guest VM Customer 1Portal SMAPI End Users Host OS Hypervisor Microsoft Azure Azure Storage SQL Database Access Control
  • 27.
  • 28. Azure platform services infrastructure protection 1. Azure Protection Layer A: The Network Access Layer Layer B: Azure’s DDoS/DOS/IDS Layer Layer C: Host firewalls protect all the hosts, and the VLANs Layer D: Conformance with security and privacy requirements includes two-factor authentication for operators. 2. Customer protection: Layers 1-2: The distributed firewall isolates customer’s Layer 3: The virtual network can be managed similar to an on-premises private network. i. Inside the VM: Firewalls, IDS, and DoS solutions. ii. Virtual network appliances
  • 30. DDoS System Protection Overview MSFT Routing Layer Detection Pipeline Profile DB Scrubbing Array SLB Application Attack Traffic Scrubbed Traffic Flow Data Routing Updates Internet • Traffic is re-routed to scrubbers via dynamic routing updates • Traffic is SYN auth. and rate limited MITIGATION PROCESS • Traffic to a given /32 VIP Inbound or Outbound is tracked, recorded, and analyzed in real time to determine attack behavior DETECTION PROCESS • TCP SYN • UDP/ICMP/TCP Flood SUPPORTED DDOS ATTACK PROFILES 30
  • 31.
  • 32. Threat Protection • Performs big data analysis of logs for intrusion detection & prevention for the platform • Employs denial of service attack prevention measures for the platform • Regularly performs penetration testing • Can add extra layers of protection by deploying additional controls, including DOS, IDS, web application firewalls • Conducts authorized penetration testing of their application Azure Customer Customer Environment Cloud Access & Firewall Virtual network Application tier Logic tier Database tier VPN Corp 1 Internet End Users 443 443 Microsoft Azure THREAT DETECTION: DOS/IDS Capabilities 32
  • 33. Customer 2 INTERNET Isolated Virtual Networks Customer 1 Isolated Virtual Network Deployment X Deployment X Deployment Y Portal Smart API Customer Admin VNET to VNET Cloud Access Layer Web Endpoint (public access) RDP Endpoint (password access) Client Client VPN Corp 1 Microsoft Azure Portal SMAPI
  • 34. !
  • 35. Azure Active Directory 2FA Mandatory Active Directory Microsoft Azure Active Directory • Secure access management requires strong, centralized, identity management. • Active Directory (AD) helps you with that on-premises. • Azure Active Directory (AAD) helps you in Azure…and in Office 365, and in 1200+ apps. • AD and AAD are tightly integrated, to enable single sign- on, a single directory, and centralized management. • AD and AAD help address your compliance requirements. Azure Active Directory (AAD) integration • Two Factor Authentication can be implemented with Phone Factor or with AD on-premises. Use Two Factor Authentication or DevOPs to access your production services 35
  • 36. Threat Protection • Uses password hashes for synchronization • Offers security reporting that tracks inconsistent traffic patterns, including: • Sign ins from unknown sources • Multiple failed sign ins • Sign ins from multiple geographies in short timeframes • Sign ins from suspicious IP addresses and suspicious devices • Reviews reports and mitigates potential threats • Can enable Multi-Factor Authentication Azure Customer User Non-user
  • 37.
  • 38. Transparency & independent verification AIDS CUSTOMERS IN MEETING SECURITY & COMPLIANCE OBLIGATIONS Best practices and guidance Third-party verification Cloud Security Alliance Security Intelligence report Compliance packages Trust Center Access to audit reports Security Response Center progress report
  • 39.
  • 40. Global datacenter footprint 100+ Datacenters in over 40 countries
  • 41.
  • 42.
  • 44. and • Public preview now available globally! RMS SDK.NET Crypto SQL TDE Bitlocker Partners EFS Bitlocker StorSimple
  • 45.
  • 46.
  • 47. Operations Security Assurance HIPAA/ HITECH CJISSOC 1 201220112010 SOC 2 FedRAMP P-ATO FISMA ATO UK G-Cloud OFFICIAL 2013 2014 2015 ISO/IEC 27001:2005 CSA Cloud Controls Matrix PCI DSS Level 1 AU IRAP Accreditation Singapore MCTS ISO/IEC 27018 EU Data Protection Directive CDSA
  • 48. Data Deletion Data destruction • Wiping is NIST 800-88 compliant • Defective disks are destroyed • Index immediately removed from primary location • Geo-replicated copy of the data (index) removed asynchronously • Customers can only read from disk space they have written to Disk Handling
  • 49. Data use policies Azure does not share data with its advertiser- supported services Azure does not mine Customer Data for advertising Read the fine print of other cloud service provider’s privacy statements
  • 50.
  • 51.
  • 52. • Portal access • Uses Live ID (Microsoft Account) • Go to http://manage.windowsazure.com • Role: Service Administrator or Co-Administrator • Uses special REST API without providing certificate • Management certificate • Certificate can be self-signed • Does not check certificate expiration • Used by PowerShell • Used by REST API • Storage access • Uses secret key • Or anonymous share access • RDP VM access • Uses username/password Authentication and Access (4x)
  • 53. • Portal access • Uses Live ID (Microsoft Account) –> Better have AAD / Org ID + MFA • Implement RBAC  JEA principle • Management certificate • ARE EVIL !!!!! • Only Use them in a management solution when that is the ONLY option! • Storage access • I’v got the key … I’ve got ALL your Secrets • If needed? IMPLEMENT KEY VAULT! • RDP VM access • Harden from the outside , and access through GW / S2S / ER • Better implement SSH / PoSh Remoting over SSL Authentication and Access … BUT…!
  • 54. • Network Security Groups • Firewalls before the Gateways • ACL’s • inside the guest OS firewall • Network ACLs on public IP addresses • Network ACLs at the corporate firewall • IPsec inside the guest OS • Network Isolation Network Security
  • 55. Role Based Access in Azure – aka RBAC • Role • Collection of actions • Role Assignment • Access is granted to AAD users and services role assignment on the resources. • Azure AD Security Principals • Roles can be assigned to the following types of Azure AD security principals: • Users • Groups • Service principals
  • 56. RBAC in Azure •Portal Management •Powershell foreach ($roledef in Get-AzureRMRoleDefinition) { Write-Host 'Role: '$roledef.Name Write-Host 'Actions' (Get-AzureRMRoleDefinition -Name $roledef.Name).Actions Write-Host 'NoActions' (Get-AzureRoleRMDefinition -Name $roledef.Name).NoActions Write-Host ([Environment]::NewLine) }
  • 57. Microsoft Azure IaaS SaaSPaaS Microsoft Azure Key Vault Import keys HSM KeyVault Safeguard cryptographic keys and other secrets used by cloud apps and services • Increase security and control over keys and passwords • Create and import encryption keys in minutes • Applications have no direct access to keys • Use FIPS 140-2 Level 2 certified HSMs • Reduce latency with cloud scale and global redundancy
  • 59. Applying to Azure - Infrastructure • Port scanning: the only open ports are those defined by us! • Denial of service: • External: depends on our settings, but the Fabric Controller tries to identify the attacks • Internal: all DOS attacks initiated from internal VMs will result in removing those VMs from the network • Spoofing: compromised machines cannot impersonate VMs from the Fabric Controller (broadcast and multicast are blocked, https between VMs and FC) • Sniffing: the Hyper-V switch prevents sniffing from a VM to another VM on the same host; racks switches block it to other VMs • VMs are untrusted by the Root OS Hypervisor
  • 61. Configuring Virtual Machine Security • Firewall rules • Leveraging public/private/domain profiles • Access control lists (ACL) • Controls port access through at subnet level • IP address blacklisting • VM endpoint rules (up to 50 per endpoint) • Rule ordering • Encryption • DPAPI not supported for cloud service • Secure key data with encryption keys • CloudLink
  • 62. Endpoint ACL’s Using Network ACLs, you can do the following: • Selectively permit or deny incoming traffic based on remote subnet IPv4 address range to a virtual machine input endpoint. • Blacklist IP addresses • Create multiple rules per virtual machine endpoint • Specify up to 50 ACL rules per virtual machine endpoint • Use rule ordering to ensure the correct set of rules are applied on a given virtual machine endpoint (lowest to highest) • Specify an ACL for a specific remote subnet IPv4 address.
  • 63. Network Security Groups (NSG) • Enables network segmentation & DMZ scenarios • Access Control List • Filter conditions with allow/deny • Individual addresses, address prefixes, wildcards • Associate with VMs or subnets • ACLs can be updated independent of VMs Virtual Network Backend 10.3/16 Mid-tier 10.2/16 Frontend 10.1/16 VPN GW Internet On Premises 10.0/16 S2S VPNs Internet
  • 64. DMZ in a Virtual Network Web Proxy App Servers Database DMZ DNS Servers NSG NSG NSG NSG
  • 65. Security considerations when using NSG •Endpoint ACLs and Network Security Groups don’t work together •Multi-NIC : for now the Network Security Group rules apply only to the traffic in primary NIC •For RDP endpoints for VM’s and Network Security Group : NSG does not allow access to any port from Internet, you have to create a specific rule to allow RDP traffic.
  • 66. Azure Application Gateway  Azure-managed, first party virtual appliances  HTTP routing based on app-level policies  Cookies affinity  URL hash  SSL termination and caching
  • 67. ARM/PS cmdlets HOST 1. Customer opt into enabling disk encryption 2. Customer provide identity and other encryption configuration to Azure Portal/API to provision encryption key material* in their key vault 3. Azure service management updates service model with encryption and key vault configuration and Azure platform push the encryption extension on the VM 4. Encryption extension initiate encryption on the VM 5. VM is encrypted * Key Material – BitLocker Encryption Keys [Windows], Passphrase [Linux] Azure Active Directory Azure Storage Customer Key Vault Virtual Machine Service Management Encryption Extension Encrypted Disks Encryption Configuration
  • 68. Applying to Azure - applications • Use custom domains instead of myapp.cloudapp.net and scope cookies to your custom domain; scripting! • Access to Azure Storage using Shared Access Signatures; attention to REST query injection • SQL Database: pay attention to SQL Injection; no TDE • Auditing -> Azure Tables • Authentication using Azure’s ACS, Azure AD, Windows Identity Foundation -> rely on existing patterns and user stores!
  • 69.
  • 70. Your identity goes with you 3rd party clouds/hosting Azure AD You
  • 71. Self-service Single sign on ••••••••••• Username Identity as the control plane Simple connection Cloud SaaS Azure Office 365Public cloud Other Directories Windows Server Active Directory On-premises Microsoft Azure Active Directory
  • 72. Microsoft Azure Active Directory Cloud App Discovery 10x Source: Help Net Security 2014 as many Cloud apps are in use than IT estimates • SaaS app category • Number of users • Utilization volume Comprehensive reporting Discover all SaaS apps in use within your organization
  • 73.
  • 74.
  • 75. Azure Active Directory Connect* Microsoft Azure Active Directory Other Directories PowerShell LDAP v3 SQL (ODBC) Web Services ( SOAP, JAVA, REST) *
  • 78. B2B: cross-organization collaboration “I need to let my partners access my company’s apps using their own credentials.” Share without complex configuration or duplicate users. A user at a large partner may log into my company’s apps with their Active Directory usernames and passwords. A user at a smaller partner may log into my company’s apps with their Office 365 usernames and passwords. Admin configures sharing for cloud apps. “I can’t email my 25 MB file and need to share it with a partner using Box.com.” Seamlessly provide Azure Active Directory to customers & partners For example, a user at a partner can set up everyone in their company. Users can bring their own email-based or social identities.
  • 79. Azure Active Directory B2C offering is tailored for enterprises who serve large populations (100’s of thousands to millions) of individual customers, and whose business success depends upon consumer adoption of web applications for improving customer satisfaction and reducing operational costs. Azure Active Directory B2C(Business-to-Consumer ) AzureActiveDirectoryB2Cwill include: Self-Service User registration Login with Social IdP or create your own credentials Optional MFA Bulk user import tools SSO to multiple web sites User interface customization
  • 80. Cloud Domain Join makes it possible to connect work-owned Windows devices to your company’s Azure Active Directory tenancy in the cloud. Users can sign-in to Windows with their cloud-hosted work credentials and enjoy modern Windows experiences. Cloud Domain Joined Devices EnterprisecompliantServices RoamingSettings,Windowsbackup/Restore,Storeaccess… DatastoredinenterprisecompliantbackendservicesonAzure. NoneedtoaddapersonalMicrosoftaccount. SSOfromthedesktoptoorg resources SSOfromdesktoptoOffice365and1,000’sofenterpriseapps,websites andresources. Accessenterprise-curatedStoreandinstallappsusingaworkaccount. Management AutomaticMDMenrollmentduringfirst-runexperience. Supportfor hybrid environments TraditionalDomainJoinedPCsalsobenefitfromCloudDomainJoin functionalitywhentheon-premActiveDirectoryisconnectedwithan AzureActiveDirectoryinthecloud. Cloud Domain Join
  • 81. Azure AD : Identity driven security SSO + MFA Conditional access Cloud App Discovery Advanced security reporting Privileged Identity Management
  • 82.
  • 83. Log Management – Collect, correlate and visualize all your machine data OMS Log Analytics Machine data from on-premises and Cloud Insights OperationalInsights AZURE BLOB SEARCH SERVICE PORTAL DATA PROCESSING ENGINE Troubleshooting  Correlate & Search data from multiple sources  Collect custom data types  Build dashboards powered by search queries Operation Insights  Forecast future capacity needs and pinpoint performance bottlenecks  Check your update and malware protection status Security Intelligence  Identify security breaches  Meet compliance requirements for auditing  Analyze security data REAL TIME DASHBOARDS & REPORTING SCALABLESEARCH READY MADE INTELLIGENCE Key Benefits: Event Logs | IIS Logs | Security Logs Performance Counters | Syslog | & many more Machine Data Windows & Linux Server Servers forwarding data through SCOM Windows & Linux Server Servers directly forwarding data Cloud VMs
  • 85.
  • 86. OMS Agent For Linux What sorts of data can I collect? •Syslog: Collect your choice of syslog events from rsyslog and syslog-ng •Performance Metrics: We can collect 70+ performance metrics at a 30 second granularity using our new. Get metrics from the following objects: System, Processor, Memory & Swap space, Process, Logical Disk (File System) and Physical Disk. Full list of Performance Counters. •Docker container logs, metrics & inventory: We show information about where your containers and container hosts are, which containers are running or failed, and Docker dameon and container logs sent to stdout and stderr. We also show performance metrics such as CPU, memory, network and storage for the container and hosts to help you troubleshoot and find noisy neighbor containers. We support Docker version 1.8+. •Alerts from Nagios + Zabbix: The agent can collect alerts from your most popular monitoring tools. This allows you to view all your alerts from all your tools in a single pain of glass! Combine this with our existing support for collection of alerts from Operations Manager. We currently support Nagios 3+ and Zabbix 2.x. •Apache & MySQL performance metrics: Collect performance metrics about your MySQL/MariaDB server performance and databases and Apache HTTP Servers and Virtual Hosts.
  • 87. How Data Flows to OMS Microsoft Operations Management Suite Your Environment Portal ‘multiple’ mgmt groups https://preview.systemcenteradvisor.com/Content/AdvisorCore/Resources/Security.pdf
  • 88.
  • 90. Unified view of all security related information, relevant threats and recommendations Central management of security policies, network configuration, virtual machine baselines, etc. Integrated security event logging and monitoring, including events from partner solutions
  • 91.
  • 92. Define policies for your Azure subscriptions according to your company security needs Security recommendations guide resource owners through the process of implementing required controls Rapidly deploy security services and appliances from Microsoft and partners, like firewalls and endpoint protection
  • 93.
  • 94. Constantly collects, analyzes, and fuses security events from your Azure resources, the network, and integrated partner solutions Leverages global threat intelligence from Microsoft products and services, Digital Crime and Incident Response Centers, and third party feeds Creates prioritized security alerts with insight into the attack and recommendations on how to remediate
  • 95.
  • 96.