您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Azure 操作安全性清单Azure operational security checklist

在 Azure 上部署应用程序的过程快速、轻松且经济高效。Deploying an application on Azure is fast, easy, and cost-effective. 在生产环境中部署云应用程序之前,准备好一个清单会很有用,这样可以根据一份必要和建议的操作安全措施列表来评估应用程序。Before deploying cloud application in production useful to have a checklist to assist in evaluating your application against a list of essential and recommended operational security actions for you to consider.

简介Introduction

Azure 提供一套可用于部署应用程序的基础结构服务。Azure provides a suite of infrastructure services that you can use to deploy your applications. Azure 操作安全性是指用户可用于在 Microsoft Azure 中保护其数据、应用程序和其他资产的服务、控件和功能。Azure Operational Security refers to the services, controls, and features available to users for protecting their data, applications, and other assets in Microsoft Azure.

  • 为了最大程度地发挥云平台的优势,我们建议利用 Azure 服务并遵循本清单的建议。To get the maximum benefit out of the cloud platform, we recommend that you leverage Azure services and follow the checklist.
  • 在推出应用程序之前投入时间和资源评估应用程序操作就绪性的组织,比不采取这些措施的组织最终收获的满意度要高得多。Organizations that invest time and resources assessing the operational readiness of their applications before launch have a much higher rate of satisfaction than those who don’t. 在执行这项工作时,清单可以充当一个极其有效的机制,确保以一致且整体的方式评估应用程序。When performing this work, checklists can be an invaluable mechanism to ensure that applications are evaluated consistently and holistically.
  • 操作评估的级别根据组织的云成熟度级别和应用程序的开发阶段、 可用性需求和数据敏感度要求而异。The level of operational assessment varies depending on the organization’s cloud maturity level and the application’s development phase, availability needs, and data sensitivity requirements.

清单Checklist

此清单的目的是帮助企业在 Azure 上部署复杂的企业应用程序时全盘考虑各种操作安全因素。This checklist is intended to help enterprises think through various operational security considerations as they deploy sophisticated enterprise applications on Azure. 此外,它还有助于为组织构建安全的云迁移和操作策略。It can also be used to help you build a secure cloud migration and operation strategy for your organization.

清单类别Checklist Category 描述Description

安全角色和访问控制

Security Roles & Access Controls

数据收集和存储

Data Collection & Storage

安全策略和建议

Security Policies & Recommendations

标识和访问管理

Identity & Access Management

持续安全监视

Ongoing Security Monitoring
  • 使用恶意软件评估解决方案Azure Monitor 日志报告基础结构中的反恶意软件保护状态。Use Malware Assessment Solution Azure Monitor logs to report on the status of antimalware protection in your infrastructure.
  • 使用更新评估确定潜在安全问题的总体风险,以及这些更新对环境是否重要、有多重要。Use Update assessment to determine the overall exposure to potential security problems, and whether or how critical these updates are for your environment.
  • 标识和访问提供用户的概述,具体信息包括:The Identity and Access provide you an overview of user
    • 用户标识状态;user identity state,
    • 若要在中,登录失败尝试次数number of failed attempts to sign in,
    • 尝试登录期间使用的用户帐户、已锁定的帐户;the user’s account that were used during those attempts, accounts that were locked out
    • 密码已更改或重置的帐户;accounts with changed or reset password
    • 当前已登录的帐户数目。Currently number of accounts that are logged in.

Azure 安全中心检测功能

Azure Security Center detection capabilities

开发运营 (DevOps)

Developer Operations (DevOps)
  • 基础结构即代码 (IaC) 实务可以自动化并验证网络和虚拟机的创建与解除流程,帮助交付安全、稳定的应用程序托管平台。Infrastructure as Code (IaC) is a practice, which enables the automation and validation of creation and teardown of networks and virtual machines to help with delivering secure, stable application hosting platforms.
  • 持续集成和部署能够推动代码的持续合并与测试,帮助提前发现缺陷。Continuous Integration and Deployment drive the ongoing merging and testing of code, which leads to finding defects early.
  • 版本管理可通过管道的每个阶段管理自动化部署。Release Management Manage automated deployments through each stage of your pipeline.
  • 应用程序性能监视正在运行的应用程序,包括生产的环境的应用程序运行状况和客户使用情况帮助组织做出假设并快速验证或推翻策略。App Performance Monitoring of running applications including production environments for application health and customer usage help organizations form a hypothesis and quickly validate or disprove strategies.
  • 使用负载测试和自动缩放可以发现应用中的性能问题,提高部署质量,确保应用始终保持运行或可用,以迎合业务需求。Using Load Testing & Auto-Scale we can find performance problems in our app to improve deployment quality and to make sure our app is always up or available to cater to the business needs.

结束语Conclusion

许多组织已在 Azure 中成功部署并运行其云应用程序。Many organizations have successfully deployed and operated their cloud applications on Azure. 提供的清单突出显示多个清单是必不可少的可帮助你提高成功部署和顺畅运营的可能性。The checklists provided highlight several checklists that are essential and help you to increase the likelihood of successful deployments and frustration-free operations. 我们强烈建议针对 Azure 上的现有应用程序部署和新的部署实施这些操作性和策略性事项。We highly recommend these operational and strategic considerations for your existing and new application deployments on Azure.

后续步骤Next steps

若要了解有关安全性的详细信息,请参阅以下文章:To learn more about Security, see the following articles: