Azure 作業安全性檢查清單Azure operational security checklist

在 Azure 上部署應用程式很快速、輕鬆且符合成本效益。Deploying an application on Azure is fast, easy, and cost-effective. 在生產環境中部署雲端應用程式之前,針對您需要考慮的重要和建議作業安全性動作清單,取得檢查清單以協助評估應用程式是很有幫助的。Before deploying cloud application in production useful to have a checklist to assist in evaluating your application against a list of essential and recommended operational security actions for you to consider.

簡介Introduction

Azure 提供的基礎結構服務套件,可讓您用來部署應用程式。Azure provides a suite of infrastructure services that you can use to deploy your applications. Azure 作業安全性是指使用者可在 Microsoft Azure 中用來保護其資料、應用程式和其他資產的服務、控制及功能。Azure Operational Security refers to the services, controls, and features available to users for protecting their data, applications, and other assets in Microsoft Azure.

  • 若要發揮雲端平台的最大效益,建議您運用 Azure 服務並遵循下列檢查清單。To get the maximum benefit out of the cloud platform, we recommend that you leverage Azure services and follow the checklist.
  • 在啟動之前投入時間和資源評估其應用程式之作業整備狀態的組織,會比未這麼做的組織擁有更高的滿意度。Organizations that invest time and resources assessing the operational readiness of their applications before launch have a much higher rate of satisfaction than those who don’t. 執行這項工作時,檢查清單可用來作為一項重要機制,確保會以一致且完整的方式來評估應用程式。When performing this work, checklists can be an invaluable mechanism to ensure that applications are evaluated consistently and holistically.
  • 作業評估的層級是根據組織的雲端成熟度等級和應用程式的開發階段、 可用性需求,以及資料敏感度需求而有所不同。The level of operational assessment varies depending on the organization’s cloud maturity level and the application’s development phase, availability needs, and data sensitivity requirements.

檢查清單Checklist

這份檢查清單旨在協助企業在 Azure 上部署複雜的企業應用程式之際,思考各種作業的安全性考量。This checklist is intended to help enterprises think through various operational security considerations as they deploy sophisticated enterprise applications on Azure. 它也可以用來協助您建置組織的安全雲端移轉和作業策略。It can also be used to help you build a secure cloud migration and operation strategy for your organization.

檢查清單類別Checklist Category 描述Description

安全性角色和存取控制

Security Roles & Access Controls

資料收集和儲存

Data Collection & Storage

安全性原則和建議

Security Policies & Recommendations

身分識別與存取管理

Identity & Access Management

持續安全性監視

Ongoing Security Monitoring
  • 使用惡意程式碼評估方案Azure 監視器記錄來回報基礎結構中的反惡意程式碼保護狀態。Use Malware Assessment Solution Azure Monitor logs to report on the status of antimalware protection in your infrastructure.
  • 使用更新評量判斷潛在安全性問題的整體風險,以及這些更新是否或如何適用於您的環境。Use Update assessment to determine the overall exposure to potential security problems, and whether or how critical these updates are for your environment.
  • 身分識別和存取提供您的使用者概觀The Identity and Access provide you an overview of user
    • 使用者身分識別狀態、user identity state,
    • 若要登入嘗試失敗次數number of failed attempts to sign in,
    • 這些嘗試期間所使用的使用者帳戶、已鎖定的帳戶the user’s account that were used during those attempts, accounts that were locked out
    • 密碼已變更或重設的帳戶accounts with changed or reset password
    • 目前已登入的帳戶數目。Currently number of accounts that are logged in.

Azure 資訊安全中心的偵測功能

Azure Security Center detection capabilities

開發人員作業 (DevOps)

Developer Operations (DevOps)
  • 基礎結構即程式碼 (IaC)是一種做法,可用來將建立及卸除網路和虛擬機器加以自動化並驗證,從而協助提供安全且穩定的應用程式裝載平台。Infrastructure as Code (IaC) is a practice, which enables the automation and validation of creation and teardown of networks and virtual machines to help with delivering secure, stable application hosting platforms.
  • 持續整合及部署會驅動進行中的合併和程式碼測試,以便及早找出缺失。Continuous Integration and Deployment drive the ongoing merging and testing of code, which leads to finding defects early.
  • Release Management 可透過您管線的每個階段管理自動化的部署。Release Management Manage automated deployments through each stage of your pipeline.
  • 應用程式效能監視執行包括實際執行的應用程式的環境的應用程式健康情況和客戶使用方式可協助組織形成假說並快速驗證或反駁策略。App Performance Monitoring of running applications including production environments for application health and customer usage help organizations form a hypothesis and quickly validate or disprove strategies.
  • 使用負載測試和自動縮放,就可以在我們的應用程式中找出效能問題,從而改善部署品質,並確保我們的應用程式一律保持最新狀態,或使用符合商務需求。Using Load Testing & Auto-Scale we can find performance problems in our app to improve deployment quality and to make sure our app is always up or available to cater to the business needs.

結論Conclusion

許多組織已成功在 Azure 上部署和操作其雲端應用程式。Many organizations have successfully deployed and operated their cloud applications on Azure. 提供的檢查清單中,反白顯示數個檢查清單,很重要,而幫助您增加成功部署更有把握且作業的可能性。The checklists provided highlight several checklists that are essential and help you to increase the likelihood of successful deployments and frustration-free operations. 強烈建議您在 Azure 上進行現有和新的應用程式部署時,使用這些作業和策略考量。We highly recommend these operational and strategic considerations for your existing and new application deployments on Azure.

後續步驟Next steps

若要深入了解安全性,請參閱下列文章:To learn more about Security, see the following articles: