Security security security, never bypass security!… It is easier said than done, assume breach is the going working assumption in the industry.
As Tom Janetscheck said “it is not a security breach if it wasn´t secure before” when he held a presentation at Skåne Azure User Group.
One thing i recall from The keynote at Expertslive Europé 2018 was that in software development, security is an afterthought. A locksmith makes the lock with the purpose of making something secure, a software is not primarly developed for security but for any other purpose. And later in the development in comes security and then we fix it with the tools from outside the software.
Microsoft is heavily investing in cybersecurity, they have the exposure, research and means to be the leading cybersecurity company. Progress then gets built in to services to secure our business more.
How they do opertaions to secure us against threats.
To get an overview of Microsofts cybersecurity capabilities and how they integrate with existing security architectures and capabilities, download the MCRA and look at the guide how to use it.
Some direct tips for security best practices and patterns found here
If you get a chance to join a conference or meetup with Orin Thomas then take it. I listened to him when he visited Malmö and got many valuable tips.
Azure Security Center
But definetly leverage Azure Security Center, it will continue to evolve and give you insights and recommendations on how to be more secure. As stated above Microsoft will just keep on adding more functionality with for example AI that is developed on the metrics and experience they accumulate from the services they run.
Here is a great guide to do a PoC to determine the value Azure Security Center would give you.
Here is another informative document, usually these question arises when discussing with the CIO or similar.
“The goal of this document is to walk you through the paths that data traverses when Azure Security Center (ASC) is enabled in your subscription. It covers agent collection, the central collection of log data, the creation of recommendations and alerts.”
Quick tip to secure your Azure Subscription and Resources!
Find more details here.
- 1: Use Azure Security Center
- 2: Run AzSK for subscriptions and Resource
- 3: Fix the findings
Additional: I collect some of the useful links on security here
2 thoughts on “Microsoft – CyberSecurity and Azure”