Azure Well-Architected Part 2: Security

The Azure Well-Architected Framework is a set of guidelines spanning five key pillars that can be used to optimise your workloads. In the previous blog we covered Reliability, relevant services and the review tool provided by Microsoft. This time we will focus on the Security pillar of the framework. 

Overview of Security

Security is a pillar that must be thought about throughout the lifecycle of a workload but especially during the initial design and architecture phase. The main aim of the security pillar is to protect applications and data from threats. By implementing security best practices, you improve the overall confidentiality, integrity and availability if your workloads. With the adoption of modern cloud services and architectures, the attack surface an attacker can exploit is far greater and more complex that it has ever been before. The modern services that improve the reliability, scalability and cost efficiency of your workloads can also be your downfall if security is an afterthought. As a minimum you should be thinking about the following areas during system design not just at code-level but infrastructure level too:

  • Identity & Access Management
  • Threat Protection
  • Cloud Security
  • Information protection
  • Information Governance
  • Risk management
  • Compliance Management
  • Discover & Respond

Security Principals

When designing for Security in Azure there are a set of principals covered in the Framework that you must think about before deploying the workloads, those principles include:

  • Plan your workloads, consider security exploits when designing and understand how to harden them
  • Drive least privileged processes throughout the application and use automation to minimize human interaction where needed.
  • Classify data according to risk and apply industry standard encryption where possible.
  • Monitor your workload security and ensure you have a planned response
  • Protect against code-level vulnerabilities, not just infrastructure and networking
  • Test potential threats and use the output to establish mitigation processes.

Security Services

When designing workloads, Azure provides a set of services that once implemented will assist with the principals of reliability, the main services you should be thinking about are below:

  • Protect identities with MFA, Privileged identity Management, Conditional Access, Risk sign-ins, RBAC and Managed Identities.
  • Monitor and secure networks using Network Watcher, Azure Firewall, WAF, DDoS Protection, Network Security Groups and segmentation.
  • Encrypt data at rest using Key Vault, HSM and encryption an rest and transit.
  • Understand your security posture and threat protection using Microsoft Defender for Cloud
  • Model and test potential threats using code analysis and penetration testing
  • Enforce governance, compliance and resource controls using Management Locks, Azure Policy, IaC and Blueprints.

Review your workloads

We will continue to cover the remaining pillars throughout this series of blogs. As highlighted on previous posts, you can review you current posture against the five well-architected pillars. The tool is free and can be accessed here.

For a more in-depth Architecture Review feel free to reach out to Transparity’s Azure Cloud Experts.

Find out more about Azure

Your competition doesn’t stand still and neither does cloud. Establishing and maintaining your cloud environment needs to be approached as a continuous cycle to remain competitive by taking advantage of the latest cloud capabilities. From assessment to design and build through to modernisation, we don’t believe in taking a ‘set and forget’ approach to your cloud.

In the new year Microsoft is implementing changes to their Enterprise Agreements (EA) which are set to impact how businesses manage their Microsoft software and services, particularly for those using cloud-based solutions. The changes are in line with Microsoft’s broader business strategy to streamline licensing and emphasise subscription-based models.

Before Copilot, our Sales Specialists, like Jamie Cronk, had to balance customer calls, detailed note-taking, and proposal creation, which was time-consuming and prone to human error. By using Copilot in Teams and Word, our Sales team have reported a really satisfying increase in productivity and accuracy.

Skip to content