Speaking | Azure Security Do's and Don'ts: A Developer's Checklist for Secure Azure Applications

AzureOnAir

Static Badge

I recently had the privilege to be hosted on the Azure on Air podcast by the Turbo360 team. I had a great conversation with Lex discussing the importance of a “security first” mindset in the world of Azure solutions, and how this mindset should be carried out as a priority in every stage from Requirements Gathering, Design, Development, and Release.

During our time together we discussed topics such as:

  • The Three A’s: Access, Authentication, and Authorisation:

    By keeping these concepts in mind throughout, developers can ensure their solutions are secure and driven with defined access routes.

  • Blast Radius: Minimise the Impact of Security Breaches:

    Following the good practice of Principal of Least Privilege(PoLP), developers should consider the security impact of granting services and identities permissions and access that are beyond their required need.

  • Managed Identities: Removing Manual Management:

    Azure has made considerable efforts in Managed Identities and Role Based Access Control(RBAC), thus removing the need to use keys that need to be rolled over or may be visible and vulnerable to attackers.

  • Observability: Tracking Integrations End-to-End:

    Observability is critical in ensuring that Azure solutions are working as intended and within acceptable bounds. This is more achievable than ever with tools such as Application Insights and Log Analytics.

Have a watch and enjoy.

For the original version of this post see Andrew Wilson's personal blog at Speaking | Azure Security Do's and Don'ts: A Developer's Checklist for Secure Azure Applications