Security patterns
Security provides confidentiality, integrity, and availability assurances against malicious attacks on information systems (and safety assurances for attacks on operational technology systems). Losing these assurances can negatively impact your business operations and revenue, as well as your organization's reputation in the marketplace. Maintaining security requires following well-established practices (security hygiene) and being vigilant to detect and rapidly remediate vulnerabilities and active attacks.
Patterns
| Pattern | Summary |
|---|---|
| Federated Identity | Delegate authentication to an external identity provider. |
| Gatekeeper | Protect applications and services by using a dedicated host instance that acts as a broker between clients and the application or service, validates and sanitizes requests, and passes requests and data between them. |
| Valet Key | Use a token or key that provides clients with restricted direct access to a specific resource or service. |
Key Security Resources
| Resource | Summary |
|---|---|
| Azure Security Benchmarks | Prescriptive best practices and recommendations to integrate into architectures for securing workloads, data, services, and enterprise environments on Azure. |
| Microsoft Defender for Cloud | Native security controls to simplify integration of threat detection and monitoring in Azure architectures |
| Security Strategy Guidance | Building and updating a security strategy for cloud adoption and modern threat environment |
| Security Roles and Responsibilities | Guidance on security roles and responsibilities including definitions of mission/outcome for each organizational function and how each should evolve with the adoption of cloud. |
| Getting Started Guide for Security | Guidance for planning and implementing security throughout cloud adoption |
Security Resiliency
Achieving security resilience requires a combination of preventive measures to block attacks, responsive measures detect and quickly remediate active attacks, and governance to ensure consistent application of best practices.
- Security strategy should include lessons learned described in security strategy guidance.
- Azure security configurations should align to the best practices and controls in the Azure Security Benchmark (ASB). Security configurations for Azure services should align to the Security baselines for Azure in the ASB.
- Azure architectures should integrate native security capabilities to protect and monitor workloads including Microsoft Defender for Cloud, Azure DDoS protection, Azure Firewall, and Azure Web Application Firewall (WAF).
For a more detailed discussion, see the Cybersecurity Resilience module in the CISO workshop.