Improve landing zone security
When a workload or the landing zones that hosts it require access to any sensitive data or critical systems, it's important to protect the data and assets. Improving landing zone security builds on the test-driven development approach to landing zones by expanding or refactoring the landing zone to account for heightened security requirements.
Landing zone security best practices
The following list of reference architectures and best practices provides examples of ways to improve landing zone security:
- Azure Security Center: Onboard a subscription to Security Center.
- Azure Sentinel: Onboard Azure Sentinel to provide a security information event management (SIEM) and security orchestration automated response (SOAR) solution.
- Network boundary security: Several reference patterns for developing a network, similar to how the network boundary is secured in a datacenter.
- Secure network architecture: Reference architecture for implementing a perimeter network and secure network architecture.
- Identity management and access control: Series of best practices for implementing identity and access to secure a landing zone in Azure.
- Network security practices: Provides additional best practices for securing the network.
- Operational security provides best practices for increasing operational security in Azure.
- The Security Baseline discipline: Example of developing a governance-driven security baseline to enforce security requirements.
Test-driven development cycle
Before beginning any security improvements, it's important to understand the "definition of done" and all "acceptance criteria". For more information, see the articles on test-driven development of landing zones and test-driven development in Azure.
Next steps
Understand how to improve landing zone operations to support critical applications.