What is Well-Architected frame work



Download 3.44 Mb.
Date09.10.2023
Size3.44 Mb.
#62288
Azure Well Architect Framework OLD

What is Well-Architected frame work??


The Microsoft Azure Well-Architected Framework provides 
technical guidance specifically at the workload level 
across five pillars –
Cost optimization, Security, Reliability,
Performance efficiency and Operational excellence.

Security

✓ Identity and Access management ✓ Protect your Infrastructure ✓ Application Security ✓ Data Encryption and Sovereignty ✓ Security Resources

Identity and Access management

Azure Active Directory (Azure AD) can be used to authenticate and authorize users. Azure AD is a fully managed identity and access management service. You can use it to create domains that exist purely on Azure or integrate with your on-premises Active Directory identities.

Azure AD also integrates with:

  • Office365
  • Dynamics CRM Online
  • Many third-party SaaS applications
  • For consumer-facing applications, Azure Active Directory B2C lets users authenticate with their existing social accounts, such as:

  • Facebook
  • Google
  • LinkedIn

Protect your Infrastructure

We need to control Access to the Azure resources that have deployed. Every Azure subscription has a trust relationship with an Azure AD tenant.

Azure role-based access control (Azure RBAC role) can be used to grant users within your organization the correct permissions to Azure resources. Grant access by assigning Azure roles to users or groups at a certain scope.

The scope can be a:

  • Subscription
  • Resource group
  • Single resource
  • Audit all changes to infrastructure

Application Security

In general, the security best practices for application development still apply in the cloud.

Best practices include:

  • Use SSL/TLS everywhere
  • Protect against CSRF and XSS attacks
  • Prevent SQL injection attacks
  • Azure Key Vault

Data Encryption and Sovereignty

Make sure that your data remains in the correct geopolitical zone when using Azure data services. Azure's geo-replicated storage uses the concept of a paired region in the same geopolitical region.

Use Key Vault to safeguard cryptographic keys and secrets. By using Key Vault, you can encrypt keys and secrets by using keys that are protected by hardware security modules (HSMs). Many Azure storage and DB services support data encryption at rest, including:

  • Azure Storage
  • Azure SQL Database
  • Azure Synapse Analytics
  • Cosmos DB

Security Resources

Microsoft Azure provides many security monitoring, policy management, services

and documents such as:


Download 3.44 Mb.

Share with your friends:




The database is protected by copyright ©ininet.org 2024
send message

    Main page