AZURE HEROES
  • Home-Updates
  • Blog
    • Azure Blog
    • Azure Heroes Events >
      • Azure Heroes Sessions #1
      • Azure Heroes Sessions #2
      • Azure Heroes Sessions #3
      • Azure Heroes Sessions #4
  • Who We Are!
  • eBooks
  • Azure All In One!
    • Azure Disk & Storage
    • Azure Network
    • Azure VPN
    • Azure VMs
  • Free Azure Support!
  • Contact Us
  • Events
    • Beginners Event
    • Developers Event
    • Special Event
    • Azure Workshop #4
    • Azure Workshop #5
    • Azure Workshop #6
    • Azure Workshop #7
    • Azure Workshop #8
    • Upcoming Events
  • Registration Form
  • Privacy Policy
  • Home-Updates
  • Blog
    • Azure Blog
    • Azure Heroes Events >
      • Azure Heroes Sessions #1
      • Azure Heroes Sessions #2
      • Azure Heroes Sessions #3
      • Azure Heroes Sessions #4
  • Who We Are!
  • eBooks
  • Azure All In One!
    • Azure Disk & Storage
    • Azure Network
    • Azure VPN
    • Azure VMs
  • Free Azure Support!
  • Contact Us
  • Events
    • Beginners Event
    • Developers Event
    • Special Event
    • Azure Workshop #4
    • Azure Workshop #5
    • Azure Workshop #6
    • Azure Workshop #7
    • Azure Workshop #8
    • Upcoming Events
  • Registration Form
  • Privacy Policy

stay on top of Azure best practices - reference architecture

9/8/2020

0 Comments

 
This guide will provides prescriptive guidance and deployment strategy, we will start this guide by explaining how to secure your data
Picture
Secure control of data in Azure
Picture
At Rest
Encrypt inactive data when stored in blob storage, database, etc.

Azure Services:
  • Azure Storage Service
  • Encryption for Data at Rest
  • SQL Server Transparent
  • Database Encryption (TDE)
Picture
In Transit
Encrypt data that is flowing between untrusted public or private networks

a.g:
  • HTTPS
  • TLS
Picture
In Use
Protect/Encrypt data that is in use during computation

a.g:
  • Trusted Execution Environments
  • such as Intel SGX and VBS
  • Homomorphic encryption
IaaS Encryption At Rest
Picture
PaaS Encryption at Rest
Picture
Encryption In Transit
Picture
Encryption In Use
  • Confidential computing brings secure enclaves to Azure
         Trusted execution environments
         First public cloud to offer Intel Software Guard Extensions (SGX) enclaves
  • Enhancing Always Encrypted in Azure SQL Database with enclaves
         Rich computations on encrypted data (pattern matching, range queries, sorting, etc.)
         In-place encryption and key management



Picture
Azure Key Vault
Protect cryptographic keys with FIPS 140 2 Level 2 & Level 3 HSM by Thales

Encrypt Azure VMs, Azure Data Lake, SQL Server, and other apps with a key in your key vault. The key never leaves the vault.

Available as a service in every azure region

Cost: Pay-as-you-go

Picture
As security summary you have to:
  1. Assume highest data classification & encrypt all application & network layers
  2. Use HSM-backed Azure Key Vault for key storage & management
  3. Enable Azure Security Center & apply its recommendations
  4. Enable Azure Sentinel (SIEM) & apply its recommendations
  5. Enable Azure DDoS
  6. Enable Monitoring for all Azure services
Subscription Structure
Microsoft recommended to have a separated subscription for each workload such as Dev/Test and Production
Picture
Azure Reference Architecture
Picture
Microsoft Cybersecurity Reference Architecture
Picture
References
  • https://docs.microsoft.com/en-us/azure/architecture/browse/
  • https://gallery.technet.microsoft.com/Cybersecurity-Reference-883fb54c
0 Comments



Leave a Reply.

    Author

    Mohammad Al Rousan is a Microsoft MVP (Azure), Microsoft Certified Solution Expert (MCSE) in Cloud Platform & Azure DevOps & Infrastructure, An active community blogger and speaker. Al Rousan has over 8 years of professional experience in IT Infrastructure and very passionate about Microsoft technologies and products.

    Picture
    Picture
    Top 10 Microsoft Azure Blogs

    Archives

    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    May 2021
    February 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    June 2020
    April 2020
    January 2020
    July 2019
    June 2019
    May 2019
    February 2019
    January 2019

    Categories

    All
    AKS
    Azure
    Beginner
    CDN
    DevOps
    End Of Support
    Fundamentals
    Guide
    Hybrid
    License
    Migration
    Network
    Security
    SQL
    Storage
    Virtual Machines
    WAF

    RSS Feed

    Follow
    Free counters!
Powered by Create your own unique website with customizable templates.