Azure operational security checklist

Deploying an application on Azure is fast, easy, and cost-effective. Before deploying cloud application in production useful to have a checklist to assist in evaluating your application against a list of essential and recommended operational security actions for you to consider.

Introduction

Azure provides a suite of infrastructure services that you can use to deploy your applications. Azure Operational Security refers to the services, controls, and features available to users for protecting their data, applications, and other assets in Microsoft Azure.

  • To get the maximum benefit out of the cloud platform, we recommend that you leverage Azure services and follow the checklist.
  • Organizations that invest time and resources assessing the operational readiness of their applications before launch have a much higher rate of satisfaction than those who don’t. When performing this work, checklists can be an invaluable mechanism to ensure that applications are evaluated consistently and holistically.
  • The level of operational assessment varies depending on the organization’s cloud maturity level and the application’s development phase, availability needs, and data sensitivity requirements.

Checklist

This checklist is intended to help enterprises think through various operational security considerations as they deploy sophisticated enterprise applications on Azure. It can also be used to help you build a secure cloud migration and operation strategy for your organization.

Checklist Category Description

Security Roles & Access Controls

Data Collection & Storage

Security Policies & Recommendations

Identity & Access Management

Ongoing Security Monitoring
  • Use Malware Assessment Solution Azure Monitor logs to report on the status of antimalware protection in your infrastructure.
  • Use Update assessment to determine the overall exposure to potential security problems, and whether or how critical these updates are for your environment.
  • The Identity and Access provide you an overview of user
    • user identity state,
    • number of failed attempts to sign in,
    • the user’s account that were used during those attempts, accounts that were locked out
    • accounts with changed or reset password
    • Currently number of accounts that are logged in.

Azure Security Center detection capabilities

Developer Operations (DevOps)
  • Infrastructure as Code (IaC) is a practice, which enables the automation and validation of creation and teardown of networks and virtual machines to help with delivering secure, stable application hosting platforms.
  • Continuous Integration and Deployment drive the ongoing merging and testing of code, which leads to finding defects early.
  • Release Management Manage automated deployments through each stage of your pipeline.
  • App Performance Monitoring of running applications including production environments for application health and customer usage help organizations form a hypothesis and quickly validate or disprove strategies.
  • Using Load Testing & Auto-Scale we can find performance problems in our app to improve deployment quality and to make sure our app is always up or available to cater to the business needs.

Conclusion

Many organizations have successfully deployed and operated their cloud applications on Azure. The checklists provided highlight several checklists that are essential and help you to increase the likelihood of successful deployments and frustration-free operations. We highly recommend these operational and strategic considerations for your existing and new application deployments on Azure.

Next steps

To learn more about Security, see the following articles: