Azure Well-Architected Part 2: Security

The Azure Well-Architected Framework is a set of guidelines spanning five key pillars that can be used to optimise your workloads. In the previous blog we covered Reliability, relevant services and the review tool provided by Microsoft. This time we will focus on the Security pillar of the framework. 

Overview of Security

Security is a pillar that must be thought about throughout the lifecycle of a workload but especially during the initial design and architecture phase. The main aim of the security pillar is to protect applications and data from threats. By implementing security best practices, you improve the overall confidentiality, integrity and availability if your workloads. With the adoption of modern cloud services and architectures, the attack surface an attacker can exploit is far greater and more complex that it has ever been before. The modern services that improve the reliability, scalability and cost efficiency of your workloads can also be your downfall if security is an afterthought. As a minimum you should be thinking about the following areas during system design not just at code-level but infrastructure level too:

  • Identity & Access Management
  • Threat Protection
  • Cloud Security
  • Information protection
  • Information Governance
  • Risk management
  • Compliance Management
  • Discover & Respond

Security Principals

When designing for Security in Azure there are a set of principals covered in the Framework that you must think about before deploying the workloads, those principles include:

  • Plan your workloads, consider security exploits when designing and understand how to harden them
  • Drive least privileged processes throughout the application and use automation to minimize human interaction where needed.
  • Classify data according to risk and apply industry standard encryption where possible.
  • Monitor your workload security and ensure you have a planned response
  • Protect against code-level vulnerabilities, not just infrastructure and networking
  • Test potential threats and use the output to establish mitigation processes.

Security Services

When designing workloads, Azure provides a set of services that once implemented will assist with the principals of reliability, the main services you should be thinking about are below:

  • Protect identities with MFA, Privileged identity Management, Conditional Access, Risk sign-ins, RBAC and Managed Identities.
  • Monitor and secure networks using Network Watcher, Azure Firewall, WAF, DDoS Protection, Network Security Groups and segmentation.
  • Encrypt data at rest using Key Vault, HSM and encryption an rest and transit.
  • Understand your security posture and threat protection using Microsoft Defender for Cloud
  • Model and test potential threats using code analysis and penetration testing
  • Enforce governance, compliance and resource controls using Management Locks, Azure Policy, IaC and Blueprints.

Review your workloads

We will continue to cover the remaining pillars throughout this series of blogs. As highlighted on previous posts, you can review you current posture against the five well-architected pillars. The tool is free and can be accessed here.

For a more in-depth Architecture Review feel free to reach out to Transparity’s Azure Cloud Experts.

Find out more about Azure

Your competition doesn’t stand still and neither does cloud. Establishing and maintaining your cloud environment needs to be approached as a continuous cycle to remain competitive by taking advantage of the latest cloud capabilities. From assessment to design and build through to modernisation, we don’t believe in taking a ‘set and forget’ approach to your cloud.

For finance professionals, working with complex formulas and large datasets can be challenging and time-consuming. Harriett Gray, our Finance Director, has discovered how Copilot in Excel can simplify and optimise finance activities, making her more productive and confident in her data analysis.

As a Managing Director for our Data & AI Practice, Alister Jones works with multiple customers and projects every week, requiring him to stay on top of numerous communication channels and platforms. He knows how challenging it can be to keep track of all the emails and Teams messages he receives, especially when working across different time zones and deadlines. That’s why he leverages Copilot for Microsoft 365, to help him stay organised, productive, and responsive.

Skip to content