您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

云安全体系结构函数Cloud security architecture functions

安全体系结构将组织的业务和保障目标转换为文档和关系图,以指导技术安全决策。Security architecture translates the organizations business and assurance goals into documentation and diagrams to guide technical security decisions.

现代化Modernization

安全体系结构受到不同因素的影响:Security architecture is affected by different factors:

  • 持续参与模式: 软件更新和云功能的连续发布使固定的订婚模型过时。Continuous engagement model: Continuous release of software updates and cloud features make fixed engagement models obsolete. 架构师应与在技术主题领域中合作的所有团队合作,以指导这些团队的功能生命周期做出决策。Architects should be engaged with all teams working in technical topic areas to guide decision making along those teams' capability lifecycles.
  • 云中的安全性: 集成了云中的安全功能,以减少硬件、软件、时间和工作量) (的启用时间和持续维护成本。Security from the cloud: Incorporate security capabilities from the cloud to reduce enablement time and ongoing maintenance costs (hardware, software, time, and effort).
  • 云的安全性: 确保所有云资产的覆盖范围包括软件即服务 (SaaS) 应用程序、基础结构即服务 (IaaS) Vm 和平台即服务 (PaaS) 应用程序和服务。Security of the cloud: Ensure coverage of all cloud assets including software as a service (SaaS) applications, infrastructure as a service (IaaS) VMs, and platform as a service (PaaS) applications and services. 这包括批准和未批准服务的发现和安全性。This should include discovery and security of both sanctioned and unsanctioned services.
  • 标识集成: 安全架构师应确保与标识团队紧密关联,以帮助组织满足实现工作效率和提供安全保障的双重目标。Identity integration: Security architects should ensure tight alignment with identity teams to help organizations meet the dual goals of enabling productivity and providing security assurances.
  • 安全设计中 的内部上下文集成,如通过安全操作 [中心] 调查的状况管理和事件的上下文, (SOC) 。Integration of internal context in security designs to such as context from posture management and incidents investigated by security operations [center] (SOC). 这应该包括用户帐户和设备的相对风险分数、数据的敏感性以及要主动防御的关键安全隔离边界等元素。This should include elements like relative risk scores of user accounts and devices, sensitivity of data, and key security isolation boundaries to actively defend.

团队组合和键关系Team composition and key relationships

安全体系结构最好由专用的个人或专用团队提供,但资源限制可能需要将此函数分配给具有其他职责的个人。Security architecture is ideally provided by a dedicated individual or dedicated team, but resource constraints may require assigning this function to an individual with other responsibilities.

安全体系结构应在安全组织中具有广泛的关系,以及其他组织中的关键利益干系人,以及外部组织中的对等方。Security architecture should have a broad portfolio of relationships across the security organization, with key stakeholders in other organizations, and with peers in external organizations. 主要的内部关系应包括:Key internal relationships should include:

  • IT/企业架构师IT/enterprise architects
  • 安全状况管理Security posture management
  • 技术总监Technology directors
  • 关键业务负责人或其代表Key business leaders or their representatives
  • 安全社区中的行业同级和其他公司Industry peers and others in the security community

安全架构师应积极影响 安全策略和标准Security architects should actively influence security policy and standards.

后续步骤Next steps

查看 cloud security 相容性管理的功能。Review the function of cloud security compliance management.