Aditya Katira
Aditya Katira

Follow

Aditya Katira

Follow
Azure Defense in Depth

Azure Defense in Depth

Aditya Katira's photo
Aditya Katira
·Nov 28, 2022
Play this article

What is Defense in Depth (DiD)?

  • Strategy to slow the advance of an attack to get unauthorized access to information.
  • Layered approach: Each layer provides protection, so if one layer is breached, a subsequent prevents further exposure.
  • Applied by Microsoft, both in physical data centers and across Azure services.

Layers

Data

  • In almost all cases attackers are after data.
  • Data can be in database, stored on disk inside VMs, on a SaaS application such as a Microsoft 365 app or in cloud storage.
  • Those storing and controlling access to data to ensures that it's properly secured
  • Often regulatory requirements dictates controls & processes to ensure confidentiality, integrity, and availability.

Application

  • Ensure applications are secure and free of vulnerabilities.
  • Store sensitive application secrets in a secure storage medium.
  • Make security a design requirement for all application development.
  • Integrate security into the application development life cycle,

Compute

  • Secure access to virtual machines.
  • Implement endpoint protection and keep systems patched and current.
  • Malware, unpatched systems, and improperly secured systems open your environment to attacks.

Networking

  • Limit communication between resources.
  • Deny by default.
  • Allow only what is required
  • Restrict inbound internet access and limit outbound, where appropriate.
  • Implement secure connectivity to on-premises networks.

Perimeter

  • Use distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for end users.
  • Use perimeter firewalls to identify and alert on malicious attacks against your network.

Identity and access

  • Control access to infrastructure and change control.
  • Access granted is only what is needed
  • Use single sign-on and multi-factor authentication.
  • Audit events and changes.

Physical security

  • Building security & controlling access to computing hardware.
  • First line of defense

Did you find this article valuable?

Support Aditya Katira by becoming a sponsor. Any amount is appreciated!

See recent sponsors Learn more about Hashnode Sponsors
 
Share this