𝔖 Scriptorium
✦   LIBER   ✦
📁

Azure Security Handbook: A Comprehensive Guide for Defending Your Enterprise Environment

✍ Scribed by Karl Ots

Publisher
Apress
Year
2021
Tongue
English
Leaves
162
Edition
1
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

Did you know that the most common cloud security threats happen because of cloud service misconfigurations, not outside attacks? If you did not, you are not alone. In the on-premises world, cybersecurity risks were limited to the organization’s network, but in the era of cloud computing, both the impact and likelihood of potential risks are significantly higher. With the corresponding advent of DevOps methodology, security is now the responsibility of everyone who is part of the application development life cycle, not just the security specialists. Applying the clear and pragmatic recommendations given in this book, you can reduce the cloud applications security risks in your organization.

This is the book that every Azure solution architect, developer, and IT professional should have on hand when they begin their journey learning about Azure security. It demystifies the multitude of security controls and offers numerous guidelines for Azure, curtailing hours of learning fatigue and confusion. Throughout the book you will learn how to secure your applications using Azure’s native security controls. After reading this book, you will know which security guardrails are available, how effective they are, and what will be the cost of implementing them. The scenarios in this book are real and come from securing enterprise applications and infrastructure running on Azure.


What You Will Learn

  • Remediate security risks of Azure applications by implementing the right security controls at the right time
  • Achieve a level of security and stay secure across your Azure environment by setting guardrails to automate secure configurations
  • Protect the most common reference workloads according to security best practices
  • Design secure access control solutions for your Azure administrative access, as well as Azure application access


Who This Book Is For

Cloud security architects, cloud application developers, and cloud solution architects who work with Azure. It is also a valuable resource for those IT professionals responsible for securing Azure workloads in the enterprise.

✦ Table of Contents

Table of Contents
About the Author
About the Technical Reviewer
Acknowledgments
Foreword
Introduction
Chapter 1: Introduction to Cloud Security Architecture
Cloud Security Responsibilities
Shared Responsibility Model
Shifting Security Left
Cloud-Native Security
Multi-cloud or Cloud-Native Security?
Cloud Security Architecture
Azure Security Building Blocks
Landing Zone Security
Identity and Access Management
Detection and Monitoring
Network Security
Cloud Security Framework
Cloud Control Frameworks
Building Your Cloud Security Framework
Summary
Chapter 2: Identity and Access Management
Azure Active Directory
Overview of Azure Active Directory
Identity Sources
Relationship Between Azure Active Directory and Azure
Intelligent Security Graph
Conditional Access
Securing Your Azure AD
Directory Splitting
Guest Management
Default Access Management
Privileged Access Management
Conditional Access Policies
Authorization: Azure Role-Based Access Control
Scope
Identity
Role
Role Definition
Built-In Roles
General Built-In Roles
Service-Specific Built-In Roles
Custom Roles
Account Manipulation
Azure AD Administrative Roles
Assignment Life cycle
Policies
Policy Effects
Locks
Managed Identities and Service Principals
Access Control Throughout the Secure Development Life cycle
Developer Sandbox Access
Continuous Deployment Pipeline Access
Summary
Chapter 3: Logging and Monitoring
Platform Monitoring
Activity Logs
Administrative Activity Logs
Activity Logs: Authorization
Service Health
Security
Policy
Deployment History
Azure AD Monitoring
Infrastructure Monitoring
Application Monitoring
Centralized Log Architecture
Enterprise Environment Considerations
Securing the Centralized Log Store
Complex Environments
Security Posture Monitoring
Security Posture Monitoring Using Azure Security Center
Security Policy Initiatives
Security Policy Architecture at Scale
Change Tracking of Security Policies
Azure Tenant Security Scan
Summary
Chapter 4: Network Security
Azure Virtual Networks
Microsoft Global Network
IP Addresses in Azure
Azure Virtual Network
Network Controls for Infrastructure as a Service
Network Security Groups
Securing Administrative Access to Virtual Machines
Securing Outbound Access from Virtual Machines
Network Controls for Platform as a Service
Application PaaS Networking
Controlling Inbound Traffic to App Service
Controlling Outbound Traffic from App Service
Cross-Network Connectivity
Network Controls for Data Platform as a Service
Storage Account Firewall
Azure Monitor Network Isolation
Private Endpoints
Azure Firewalls
Azure Web Application Firewall
Network Monitoring
Logs Supporting Forensic Investigation
Alternative Network Monitoring
Cloud Adoption Framework
Summary
Chapter 5: Workload Protection – Data
Azure Key Vault
Access Control
Network
Logging
Best Practices
Azure Blob Storage
Access Control
Data-Plane Role-Based Access Control
Shared Key Access
Delegated Access
Anonymous Access
Network
Logging
Backup and Disaster Recovery
Best Practices
Azure SQL Database
Access Control
SQL Authentication
Azure AD Authentication
Authorization
Control-Plane Role-Based Access Control Roles
Network
Logging
Backup and Disaster Recovery
Best Practices
Summary
Chapter 6: Workload Protection – Platform as a Service
Azure App Service
Access Control
Built-In Authentication
Storage Access
API Access
Key Vault access
Network
Controlling Inbound Traffic to App Service
Controlling Outbound Traffic
Web Application Firewall
Encryption in Transit
Logging
Azure Functions
Access Control
Network
Logging
Best Practices for Azure Compute PaaS
Summary
Chapter 7: Workload Protection – Containers
Container Security
Build Security
Registry Security
Runtime Security
Azure Container Registry
Access Control
Data-Plane Role-Based Access Control
Access Control Without Azure Active Directory
Network
Logging
Best Practices
Encryption at Rest
Automate Base Image Updates
Image Signing
High Availability
Azure Container Instance
Access Control
Network
Logging
Azure Kubernetes Service
Access Control
Azure RBAC
Azure Active Directory Authentication and Kubernetes RBAC
Network
Kubernetes Control Plane Network Controls
Application Network Controls
Logging
Best Practices
Summary
Chapter 8: Workload Protection – IaaS
Access Control
Azure Role-Based Access Control
Automation Access
Virtual Machine Login Access
Network Controls
Self-Managed Virtual Machines
Centrally Managed Virtual Machines
Web Application Access
Monitoring and Detection
Vulnerability Management
Endpoint Protection
Azure Defender Alerts
Backup and Disaster Recovery
Guest Operating System Management
Operating System Image Management
Self-Managed Patching
Centrally Managed Patching
Summary
Index

📜 SIMILAR VOLUMES

Azure Security Handbook: A Comprehensive
📁 Azure Security Handbook: A Comprehensive Guide for Defending Your Enterprise Environment
✍ Karl Ots 📂 Library 📅 2021 🏛 Apress 🌐 English

<p>Did you know that the most common cloud security threats happen because of cloud service misconfigurations, not outside attacks? If you did not, you are not alone. In the on-premises world, cybersecurity risks were limited to the organization’s network, but in the era of cloud computing, both the

Azure Security Handbook: A Comprehensive
📁 Azure Security Handbook: A Comprehensive Guide for Defending Your Enterprise Environment
✍ Karl Ots 📂 Library 📅 2021 🏛 Apress 🌐 English

<p>Did you know that the most common cloud security threats happen because of cloud service misconfigurations, not outside attacks? If you did not, you are not alone. In the on-premises world, cybersecurity risks were limited to the organization’s network, but in the era of cloud computing, both the

Japan's Quest for Comprehensive Security
📁 Japan's Quest for Comprehensive Security: Defence - Diplomacy - Dependence
✍ J. W. M. Chapman; Reinhard Drifte; I. T. M. Gow 📂 Library 📅 2012 🏛 Bloomsbury Academic

This book examines the key elements which together comprise a viable national security policy. The emergence of the concept of 'comprehensive security' in Japanese national security policy led to the creation of a Ministerial Council on Comprehensive Security. This body was expected to provide the i

Active Defense - A Comprehensive Guide t
📁 Active Defense - A Comprehensive Guide to Network Security
✍ Chris Brenton, Cameron Hunt 📂 Library 📅 2001 🏛 Sybex Inc 🌐 English

In one book, Brenton and Hunt deal with all the major issues you face when you want to make your network secure. The authors explain the need for security, identify the various security risks, show how to design a security policy and illustrate the problems poor security can allow to happen. Paying

Security for You & Your Home: A Complete
📁 Security for You & Your Home: A Complete Handbook
✍ Clarence M. Kelley, C. A. Roper 📂 Library 📅 1984 🏛 Tab Books 🌐 English

Security for You & Your Home: A Complete Handbook. Clarence M. Kelley, C. A. Roper. Tab Books. 1984.