Karl Ots, profile picture
Uploaded byKarl Ots
PDF, PPTX867 views

Azure Saturday: Security + DevOps + Azure = Awesomeness

The document discusses the Azure Security Kit (AZSK) presented by Karl Ots at Azure Saturday 2018, highlighting the increasing threat landscape in cloud security and the challenges of managing Azure's security features. AZSK aims to enhance security in Azure environments by providing tools for automated checks and secure coding practices, while emphasizing that it is not a complete solution and should be part of a broader security strategy. Key features include security verification tests, continuous assurance setups, and integration into existing DevOps processes.

Technology
Related topics:
Information Security
Download as PDF, PPTX
1 Azure Saturday 2018 Security + DevOps + Azure = Awesomeness Karl Ots | Kompozure @fincooper
2 Azure Saturday 2018 Thank you, sponsors!
KARL OTS @ KOMPOZURE • Co-organizer of IglooConf and PolarConf • Podcast host at Cloud Gossip • Working on Azure since 2011 • Patented inventor • Worked with tens of different customers on full-scale Azure projects, from startups to Fortune 500 enterprises Managing Consultant karl.ots@kompozure.com +358 50 480 1102
SECURITY LANDSCAPE • Cloud-based user account attacks have increased 300% YoY (Microsoft Security Intelligence Report, Volume 22) • An attacker is on a victim’s network 99 days on average before they are detected (FireEye/Mandiant report – March 14, 2017) • Average cost of a data breach in 2017 was 4 M $ (IBM security)
WHY AZSK? • Cloud security is hard. • Knowledge of Azure security controls is not widespread. • MS IT wanted to accelerate internal Azure adoption in a controlled way • Approach: avoid reinventing the wheel o Use as much out-of-the-box Azure features as possible o For example: outsource VM controls to Security Center
SECURE DEVOPS KIT FOR AZURE (AZSK)
INSTALLATION
SUBSCRIPTION SECURITYSubscription RBAC provisioning Deploy mandatory and scenario/solution specific accounts/groups on a subscription. Ability to specify and remove deprecated accounts. Alerts setup Configure insights-based alerts for important activities. Runbooks for critical alerts to send SMS with key alert body info. ARM policy setup Deploy and enable ARM policy definitions (e.g., audit/deny use of ASM/v1 resources) ASC setup Configure Azure Security Center by enabling policies, setting security POCs, etc. Resource Locks Ensure that critical enterprise resources have locks deployed on them. Health Check More than a dozen subscription hygiene security checks, including proper provisioning
SUBSCRIPTION HEALTH SCAN Select-AzureRmSubscription -SubscriptionId $subscriptionId # Sub health scan Get-AzSKSubscriptionSecurityStatus -SubscriptionId $subscriptionId -GeneratePDF Portrait
DEVELOP SECURELY Feature Scenarios/Details Development Security IntelliSense • Get inline support for secure coding right at the point of code creation. • Checks on Azure Best practices, ADAL and common crypto • VS plug-in for C#. • Security IntelliSense extension works on Visual Studio 2015 Update 3 or later.
SECURE INTELLISENSE
“UNIT TEST” AZURE SECURITY Feature Scenarios/Details Development Security IntelliSense • Get inline support for secure coding right at the point of code creation. • Checks on Azure Best practices, ADAL and Crypto • VS plug-in for C#. Security Verification Tests • Scan cloud solutions during early dev and prototyping stages. • Provides a variety of options to define scan targets. • Easy, intuitive reports and detailed logs. Support for 25+ Azure IaaS and PaaS service types.
SECURITY VERIFICATION TESTS Select-AzureRmSubscription -SubscriptionId $subscriptionId # Security Verification Test Get-AzSKAzureServicesSecurityStatus -SubscriptionId $subscriptionId -GeneratePDF Portrait
DEMO TIME!
DEVOPS • Security Verification Tests (SVTs) in VSTS / on-prem TFS pipeline • SVTs in Jenkins pipeline • AzSK ARM Template Checker
CONTINUOUS ASSURANCE • Run AzSK tests periodically using Azure Automation • Write to Log Analytics • Query with Gusto Query Language • Integrate with your existing systems, such as your SIEM
#### Deploy the AzSK view in the OMS workspace #### Install-AzSKOMSSolution -OMSSubscriptionId $subscriptionId ` -OMSResourceGroup $omsRGName ` -OMSWorkspaceId $omsWSId ` -ViewName $azSkViewName #### Setup AzSK scan data to OMS #### Set-AzSKOMSSettings -OMSWorkspaceID $omsWSId -OMSSharedKey $omskey #### Run AzSK scripts per usual #### Get-AzSKSubscriptionSecurityStatus -SubscriptionId $subscriptionId #### Run AzSK SVT scan #### Get-AzSKAzureServicesSecurityStatus -SubscriptionId $subscriptionId SETTING UP CONTINUOUS ASSURANCE
ADVANCED FEATURES • Generate PDF Report • Generate AutoFix Script • AzSK ARM Templates • Customizing the security policies for your organization
DISCUSSION • AzSK is not your magic bullet to tick the security box o AzSK mostly covers “administrative access” in traditional threat models, some “application access” as well o You still have to worry about users, external threats and more o Threat modeling and Defense in Depth approach are your friends! • Carefully analyze the results in the scope of your application – are the recommended controls right for your app?
RESOURCES • Try out the Secure DevOps Kit for Azure! • Installation guide, docs: https://github.com/azsk/DevOpsKit -docs • Controls coverage: http://aka.ms/AzSKosstcp • IT Showcase: http://aka.ms/AzSK/itshowcase • Support: AzSKsupext@microsoft.com
36 Azure Saturday 2018 Azure Saturday 2018 We appreciate your feedback! SLIDESHARE.NET/KARLOTS
KOMPOZURE WE ROAR AT CHALLENGE

More Related Content

PPTX
Azure Security and Management
byAllen Brokken
 
PPTX
Azure Compute, Networking and Storage Overview
byAzure Riyadh User Group
 
PPTX
2016, A new era of OS and Cloud Security
byTudor Damian
 
PDF
Azure 101: Shared responsibility in the Azure Cloud
byPaulo Renato
 
PDF
Building an Enterprise-Grade Azure Governance Model
byKarl Ots
 
PPTX
Trust No-One Architecture For Services And Data
byAidan Finn
 
PPTX
Connect your datacenter to Microsoft Azure
byK.Mohamed Faizal
 
PDF
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
byJames Anderson
 
Azure Security and Management
byAllen Brokken
 
Azure Compute, Networking and Storage Overview
byAzure Riyadh User Group
 
2016, A new era of OS and Cloud Security
byTudor Damian
 
Azure 101: Shared responsibility in the Azure Cloud
byPaulo Renato
 
Building an Enterprise-Grade Azure Governance Model
byKarl Ots
 
Trust No-One Architecture For Services And Data
byAidan Finn
 
Connect your datacenter to Microsoft Azure
byK.Mohamed Faizal
 
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
byJames Anderson
 

What's hot

PDF
Introduction to Azure
byRobert Crane
 
PDF
Microsoft Azure Security Overview
byAlert Logic
 
PDF
Azure governance v4.0
byMarcos Oikawa
 
PDF
Hashicorp Vault - OPEN Public Sector
byKangaroot
 
PPTX
Four Scenarios for an Integration Service Environment (ISE)
byDaniel Toomey
 
PPTX
AWS Security
byMagdy El-Faramawy , MBA,PMP,CISA,CM,ITIL
 
PPTX
5 minutes on security
byCloudHesive
 
PDF
Azure Penetration Testing
byCheah Eng Soon
 
PDF
AWS Security Best Practices, SaaS and Compliance
byGaurav "GP" Pal
 
PPTX
Azure Networking - The First Technical Challenge
byAidan Finn
 
PPTX
Azure governance
byUdaiappa Ramachandran
 
PPTX
Synnefo @ LinuxCon/CloudOpen North America 2014
byVangelis Koukis
 
PDF
RightScale Webinar: Security and Compliance in the Cloud
byRightScale
 
PPTX
EUC State of the Union 2021
byMarius Sandbu
 
PPTX
Delivering and optimizing citrix from microsoft azure
byMarius Sandbu
 
PDF
Govern Your Cloud: The Foundation for Success
byAlert Logic
 
Introduction to Azure
byRobert Crane
 
Microsoft Azure Security Overview
byAlert Logic
 
Azure governance v4.0
byMarcos Oikawa
 
Hashicorp Vault - OPEN Public Sector
byKangaroot
 
Four Scenarios for an Integration Service Environment (ISE)
byDaniel Toomey
 
AWS Security
byMagdy El-Faramawy , MBA,PMP,CISA,CM,ITIL
 
5 minutes on security
byCloudHesive
 
Azure Penetration Testing
byCheah Eng Soon
 
AWS Security Best Practices, SaaS and Compliance
byGaurav "GP" Pal
 
Azure Networking - The First Technical Challenge
byAidan Finn
 
Azure governance
byUdaiappa Ramachandran
 
Synnefo @ LinuxCon/CloudOpen North America 2014
byVangelis Koukis
 
RightScale Webinar: Security and Compliance in the Cloud
byRightScale
 
EUC State of the Union 2021
byMarius Sandbu
 
Delivering and optimizing citrix from microsoft azure
byMarius Sandbu
 
Govern Your Cloud: The Foundation for Success
byAlert Logic
 

Similar to Azure Saturday: Security + DevOps + Azure = Awesomeness

PPTX
Azure Security Compass v1.1 - Presentation.pptx
byZaheerEbrahim5
 
PDF
Secure Your Code Implement DevSecOps in Azure
bykloia
 
PDF
Techorama Belgium 2019: top Azure security fails and how to avoid them
byKarl Ots
 
PDF
DevSum - Top Azure security fails and how to avoid them
byKarl Ots
 
PPTX
Azure Security - Day6 - Operations And Risk
by2nd Sight Lab
 
PDF
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
byNCCOMMS
 
PDF
CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
byKarl Ots
 
PPTX
Get On Top of Azure Resource Security Using Secure DevOps Kit for Azure
byKasun Kodagoda
 
PDF
Security + DevOps + Azure = Awesomeness
byKarl Ots
 
PDF
IglooConf 2019 Secure your Azure applications like a pro
byKarl Ots
 
PDF
IT Camp 19: Top Azure security fails and how to avoid them
byKarl Ots
 
PDF
7.habits.every.azure.admin.must.have.v082020
byWim Matthyssen
 
PDF
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
byKarl Ots
 
PPTX
DevSecOps - automating security
byJohn Staveley
 
PDF
Monitoring real-life Azure applications: When to use what and why
byKarl Ots
 
PDF
TechDays Finland 2020: Azuren tietoturva haltuun!
byKarl Ots
 
PPTX
aOS Singapore 2019-Azure Secure DevOps Kit
byCheah Eng Soon
 
PPTX
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
byLorenzo Barbieri
 
PDF
FAUG #9: Azure security architecture and stories from the trenches
byKarl Ots
 
PDF
Dev secops for real
bymradwan
 
Azure Security Compass v1.1 - Presentation.pptx
byZaheerEbrahim5
 
Secure Your Code Implement DevSecOps in Azure
bykloia
 
Techorama Belgium 2019: top Azure security fails and how to avoid them
byKarl Ots
 
DevSum - Top Azure security fails and how to avoid them
byKarl Ots
 
Azure Security - Day6 - Operations And Risk
by2nd Sight Lab
 
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
byNCCOMMS
 
CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
byKarl Ots
 
Get On Top of Azure Resource Security Using Secure DevOps Kit for Azure
byKasun Kodagoda
 
Security + DevOps + Azure = Awesomeness
byKarl Ots
 
IglooConf 2019 Secure your Azure applications like a pro
byKarl Ots
 
IT Camp 19: Top Azure security fails and how to avoid them
byKarl Ots
 
7.habits.every.azure.admin.must.have.v082020
byWim Matthyssen
 
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
byKarl Ots
 
DevSecOps - automating security
byJohn Staveley
 
Monitoring real-life Azure applications: When to use what and why
byKarl Ots
 
TechDays Finland 2020: Azuren tietoturva haltuun!
byKarl Ots
 
aOS Singapore 2019-Azure Secure DevOps Kit
byCheah Eng Soon
 
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
byLorenzo Barbieri
 
FAUG #9: Azure security architecture and stories from the trenches
byKarl Ots
 
Dev secops for real
bymradwan
 

More from Karl Ots

PDF
Azure security architecture
byKarl Ots
 
PDF
IglooConf 2020: Best practices of securing web applications running on Azure ...
byKarl Ots
 
PDF
CloudBurst Malmö: Best practices of securing web applications running on Azur...
byKarl Ots
 
PDF
Securing Azure Infrastructure
byKarl Ots
 
PDF
Techorama Belgium 2019 - Building an Azure Governance model for the Enterprise
byKarl Ots
 
PDF
TechDays Finland 2020: Best practices of securing web applications running on...
byKarl Ots
 
PDF
FAUG Jyväskylä 28.5.2019 - Azure Monitoring
byKarl Ots
 
PDF
Azure Low Lands 2018: Monitoring real life Azure applications when to use wha...
byKarl Ots
 
PDF
UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...
byKarl Ots
 
PDF
Navigating in the sea of containers in azure when to choose which service and...
byKarl Ots
 
PDF
Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
byKarl Ots
 
PDF
Kubernetes in Azure
byKarl Ots
 
PDF
Top Azure security fails and how to avoid them
byKarl Ots
 
PPTX
Sovellusmodernisoinnin webinaarisarja, osa 2: liiketoimintasovelluksen modern...
byKarl Ots
 
PDF
Azure security architecture / FAUG JKL 15.2.2018
byKarl Ots
 
PDF
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
byKarl Ots
 
PDF
Building globally scalable media solutions with Azure Media Services part 2
byKarl Ots
 
PDF
Top 18 azure security fails and how to avoid them
byKarl Ots
 
PPTX
Sovellusmodernisoinnin webinaarisarja, osa 3: modernisoidun sovelluksen integ...
byKarl Ots
 
Azure security architecture
byKarl Ots
 
IglooConf 2020: Best practices of securing web applications running on Azure ...
byKarl Ots
 
CloudBurst Malmö: Best practices of securing web applications running on Azur...
byKarl Ots
 
Securing Azure Infrastructure
byKarl Ots
 
Techorama Belgium 2019 - Building an Azure Governance model for the Enterprise
byKarl Ots
 
TechDays Finland 2020: Best practices of securing web applications running on...
byKarl Ots
 
FAUG Jyväskylä 28.5.2019 - Azure Monitoring
byKarl Ots
 
Azure Low Lands 2018: Monitoring real life Azure applications when to use wha...
byKarl Ots
 
UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...
byKarl Ots
 
Navigating in the sea of containers in azure when to choose which service and...
byKarl Ots
 
Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
byKarl Ots
 
Kubernetes in Azure
byKarl Ots
 
Top Azure security fails and how to avoid them
byKarl Ots
 
Sovellusmodernisoinnin webinaarisarja, osa 2: liiketoimintasovelluksen modern...
byKarl Ots
 
Azure security architecture / FAUG JKL 15.2.2018
byKarl Ots
 
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
byKarl Ots
 
Building globally scalable media solutions with Azure Media Services part 2
byKarl Ots
 
Top 18 azure security fails and how to avoid them
byKarl Ots
 
Sovellusmodernisoinnin webinaarisarja, osa 3: modernisoidun sovelluksen integ...
byKarl Ots
 

Recently uploaded

PDF
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
PDF
GDG Cloud Southlake #47: Bala Desikan: Build Autonomous Agentic AI Apps on GCP
byJames Anderson
 
PDF
Session 4 - Agentic Testing with UiPath Agents
byDianaGray10
 
PDF
Q8 DIGITAL IDENTITY HUB - WSO2 Oxygenate Italy 2025
byProfesia Srl, Lynx Group
 
PDF
Fighting CVEs in Embedded Linux with the Yocto Project and OTA Updates
byLeon Anavi
 
PDF
How Tridens DevSecOps Ensures Compliance, Security, and Agility
byTridens
 
PDF
MicroPython presentation - PyConFr Lyon 2025 - Amine Bendahmane
byAmine Bendahmane
 
PDF
What's New in PostgreSQL 18 | Mydbops MyWebinar 47
byMydbops
 
PDF
Spec Driven Development with Kiro: Ensuring Quality and Traceability in the A...
byHaim Michael
 
PDF
Unleash AI power with the Dell Pro 14 Plus - Interactive PDF
byPrincipled Technologies
 
PDF
Session 8 Specialized AI Associate Series: Fundamentals of Model Training
byDianaGray10
 
PDF
FME Realize in the Real World - The Power of Spatial Computing in Action
bySafe Software
 
PDF
UiPath Community Day UNI - Nuevos productos de UiPath.pdf
byfelixluen
 
PDF
How UK Employers Are Simplifying Entry-Level Hiring with Day One Jobs
byDay One Talent Solutions Ltd
 
PPTX
RAPTOR_Intro_Exercises_Presentation.pptx
bySwatiMalik36
 
PDF
Transform Your Online Store with AltiusNxt AI Enriched data
byAltiusNxt Technologies
 
PDF
NPTEL Assignment Completed PDF FILE with ans
byadultme43
 
PDF
How Generative AI Helps US Healthcare Startups Save 40.pdf
byimoliviabennett
 
PDF
Leonard Janke and Petra Drotleff On Moral and Cybersecurity
byPetra Drotleff
 
PDF
PromptShelf.ai Is Live: Discover, Create, and Manage AI Prompts That Actually...
byTalavera Solutions
 
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
GDG Cloud Southlake #47: Bala Desikan: Build Autonomous Agentic AI Apps on GCP
byJames Anderson
 
Session 4 - Agentic Testing with UiPath Agents
byDianaGray10
 
Q8 DIGITAL IDENTITY HUB - WSO2 Oxygenate Italy 2025
byProfesia Srl, Lynx Group
 
Fighting CVEs in Embedded Linux with the Yocto Project and OTA Updates
byLeon Anavi
 
How Tridens DevSecOps Ensures Compliance, Security, and Agility
byTridens
 
MicroPython presentation - PyConFr Lyon 2025 - Amine Bendahmane
byAmine Bendahmane
 
What's New in PostgreSQL 18 | Mydbops MyWebinar 47
byMydbops
 
Spec Driven Development with Kiro: Ensuring Quality and Traceability in the A...
byHaim Michael
 
Unleash AI power with the Dell Pro 14 Plus - Interactive PDF
byPrincipled Technologies
 
Session 8 Specialized AI Associate Series: Fundamentals of Model Training
byDianaGray10
 
FME Realize in the Real World - The Power of Spatial Computing in Action
bySafe Software
 
UiPath Community Day UNI - Nuevos productos de UiPath.pdf
byfelixluen
 
How UK Employers Are Simplifying Entry-Level Hiring with Day One Jobs
byDay One Talent Solutions Ltd
 
RAPTOR_Intro_Exercises_Presentation.pptx
bySwatiMalik36
 
Transform Your Online Store with AltiusNxt AI Enriched data
byAltiusNxt Technologies
 
NPTEL Assignment Completed PDF FILE with ans
byadultme43
 
How Generative AI Helps US Healthcare Startups Save 40.pdf
byimoliviabennett
 
Leonard Janke and Petra Drotleff On Moral and Cybersecurity
byPetra Drotleff
 
PromptShelf.ai Is Live: Discover, Create, and Manage AI Prompts That Actually...
byTalavera Solutions
 

Azure Saturday: Security + DevOps + Azure = Awesomeness

  • 1.
    1 Azure Saturday2018 Security + DevOps + Azure = Awesomeness Karl Ots | Kompozure @fincooper
  • 2.
    2 Azure Saturday2018 Thank you, sponsors!
  • 3.
    KARL OTS @KOMPOZURE • Co-organizer of IglooConf and PolarConf • Podcast host at Cloud Gossip • Working on Azure since 2011 • Patented inventor • Worked with tens of different customers on full-scale Azure projects, from startups to Fortune 500 enterprises Managing Consultant [email protected] +358 50 480 1102
  • 5.
    SECURITY LANDSCAPE • Cloud-baseduser account attacks have increased 300% YoY (Microsoft Security Intelligence Report, Volume 22) • An attacker is on a victim’s network 99 days on average before they are detected (FireEye/Mandiant report – March 14, 2017) • Average cost of a data breach in 2017 was 4 M $ (IBM security)
  • 6.
    WHY AZSK? • Cloudsecurity is hard. • Knowledge of Azure security controls is not widespread. • MS IT wanted to accelerate internal Azure adoption in a controlled way • Approach: avoid reinventing the wheel o Use as much out-of-the-box Azure features as possible o For example: outsource VM controls to Security Center
  • 8.
    SECURE DEVOPS KITFOR AZURE (AZSK)
  • 9.
  • 10.
    SUBSCRIPTION SECURITYSubscription RBAC provisioning Deploy mandatoryand scenario/solution specific accounts/groups on a subscription. Ability to specify and remove deprecated accounts. Alerts setup Configure insights-based alerts for important activities. Runbooks for critical alerts to send SMS with key alert body info. ARM policy setup Deploy and enable ARM policy definitions (e.g., audit/deny use of ASM/v1 resources) ASC setup Configure Azure Security Center by enabling policies, setting security POCs, etc. Resource Locks Ensure that critical enterprise resources have locks deployed on them. Health Check More than a dozen subscription hygiene security checks, including proper provisioning
  • 13.
    SUBSCRIPTION HEALTH SCAN Select-AzureRmSubscription-SubscriptionId $subscriptionId # Sub health scan Get-AzSKSubscriptionSecurityStatus -SubscriptionId $subscriptionId -GeneratePDF Portrait
  • 15.
    DEVELOP SECURELY Feature Scenarios/Details Development Security IntelliSense •Get inline support for secure coding right at the point of code creation. • Checks on Azure Best practices, ADAL and common crypto • VS plug-in for C#. • Security IntelliSense extension works on Visual Studio 2015 Update 3 or later.
  • 16.
  • 17.
    “UNIT TEST” AZURESECURITY Feature Scenarios/Details Development Security IntelliSense • Get inline support for secure coding right at the point of code creation. • Checks on Azure Best practices, ADAL and Crypto • VS plug-in for C#. Security Verification Tests • Scan cloud solutions during early dev and prototyping stages. • Provides a variety of options to define scan targets. • Easy, intuitive reports and detailed logs. Support for 25+ Azure IaaS and PaaS service types.
  • 18.
    SECURITY VERIFICATION TESTS Select-AzureRmSubscription-SubscriptionId $subscriptionId # Security Verification Test Get-AzSKAzureServicesSecurityStatus -SubscriptionId $subscriptionId -GeneratePDF Portrait
  • 19.
  • 20.
    DEVOPS • Security VerificationTests (SVTs) in VSTS / on-prem TFS pipeline • SVTs in Jenkins pipeline • AzSK ARM Template Checker
  • 21.
    CONTINUOUS ASSURANCE • RunAzSK tests periodically using Azure Automation • Write to Log Analytics • Query with Gusto Query Language • Integrate with your existing systems, such as your SIEM
  • 22.
    #### Deploy theAzSK view in the OMS workspace #### Install-AzSKOMSSolution -OMSSubscriptionId $subscriptionId ` -OMSResourceGroup $omsRGName ` -OMSWorkspaceId $omsWSId ` -ViewName $azSkViewName #### Setup AzSK scan data to OMS #### Set-AzSKOMSSettings -OMSWorkspaceID $omsWSId -OMSSharedKey $omskey #### Run AzSK scripts per usual #### Get-AzSKSubscriptionSecurityStatus -SubscriptionId $subscriptionId #### Run AzSK SVT scan #### Get-AzSKAzureServicesSecurityStatus -SubscriptionId $subscriptionId SETTING UP CONTINUOUS ASSURANCE
  • 25.
    ADVANCED FEATURES • GeneratePDF Report • Generate AutoFix Script • AzSK ARM Templates • Customizing the security policies for your organization
  • 26.
    DISCUSSION • AzSK isnot your magic bullet to tick the security box o AzSK mostly covers “administrative access” in traditional threat models, some “application access” as well o You still have to worry about users, external threats and more o Threat modeling and Defense in Depth approach are your friends! • Carefully analyze the results in the scope of your application – are the recommended controls right for your app?
  • 27.
    RESOURCES • Try outthe Secure DevOps Kit for Azure! • Installation guide, docs: https://github.com/azsk/DevOpsKit -docs • Controls coverage: http://aka.ms/AzSKosstcp • IT Showcase: http://aka.ms/AzSK/itshowcase • Support: [email protected]
  • 28.
    36 Azure Saturday2018 Azure Saturday 2018 We appreciate your feedback! SLIDESHARE.NET/KARLOTS
  • 29.