Presently sponsored by: ScriptRunner - Get your free PowerShell Security e-Book!
Do you also feel that there is an exponential growth of resources in your cloud environments?
In my job, I have had to plan, design, architect, and develop solutions for the cloud ecosystem. When it is time to operate and maintain them, it gets a bit trickier if you have many departments. Demands will vary by department, and requirements on the technology you use might look different in other parts of the organization.
A key thing I've learned over the years is that you need a proper governance plan. It would help if you allowed the business to thrive. Operations and your security teams should be enabled to stay on top of the game.
Here are a few simple tips to help understand what is going on in your Azure environment.
Azure Resource Graph
The built-in capabilities in Azure for querying resources are extensive. Azure Resource Graph provides us with a way to use Kusto Query Language (KQL) queries to ask Azure about the state of our Azure resources.
Use cases, for me, include:
- Extended audits and reviews
- Cross-subscription resource insights
- Determine the impact of an Azure Policy action before rolling out
- Continuously discover changes to resources
- Visualize your inventory
Read more about the Azure Resource Graph and how it can help: Using the Azure Resource Graph to improve your Azure Governance game.
Custom recommendations in Azure Security Center
Getting insights from more than one angle helps. With Azure Security Center, we can stay on top of many industry-standard regulations. We can enforce and ensure we have good security posture and good data sovereignty (laws and regulations of where data resides and is stored).
Great functionality in the Azure Security Center that I've been making use of a lot is creating custom recommendations with Azure Policies. If the rules we need to play by do not exist, we can roll out custom recommendations.
The Security Development Lifecycle (SDL) process
Continuously rolling out new resources doesn't have to be a bad thing. But do you know what they are and what they do? Perhaps they comply with Azure Policies and all recommendations in Azure Security Center. However, that does not mean that they are trustworthy or okay to roll out.
To add another layer of control in an ever-growing landscape of technology and rapid changes in development and deployments, a Security Development Lifecycle, or SDL, can help a lot.
I have a few key points.
- Security should be an organization-wide responsibility.
- Introducing DevSecOps will naturally help your ops (operations), hence strengthening your governance early in the game.
- Security breaches often happen from poorly configured resources or third-party code. I would rather have them mitigated during this process than find out in production.
Read more about embracing a Security Development Lifecycle (SDL) for Azure.
Over to you!
Do you ever consider the governance aspect of your cloud journey, or is that someone else's department? How does it work in your organization?
Thanks for reading. You are awesome.