Uma revisão de melhores práticas de segurança na Azure

Abstract

The text deals with information security concepts from the cloud point of view and uses Azure as an example provider. The definitions of infrastructure, platform and software services are contextualized, with examples based on the chosen provider, such as virtual machines, SQL databases and Web application services. are also presented introductory concepts about information security, such as security frameworks and the main types of cyber attacks following the list of OWASP, a worldwide organization for application security. And joining the concepts of cloud with security, some features offered by Azure to protect cloud applications are illustrated. As an application of the concepts, an architecture of a real project and its description “as is” are presented. The project deals with a data flow involving Azure Data Factory, Azure Databricks, Azure Storage Account, SQL Server, APP Service and other cloud resources. An analysis is carried out from the security point of view, and then a solution proposal is presented to resolve the flawed points. The main points presented as a solution are the use of isolated virtual networks, with strategic exposures on the internet through the Azure Application Gateway and the Azure VPN Gateway, as well as the use of a firewall such as the Web Application Firewall (WAF), the use of identity management like Azure Active Directory (AAD), and secrets management like Azure Key Vault. Finally, it is concluded that the redundancy of security policies contributes to the creation of a safer cloud solution, and that isolating the internet environment using virtual networks and applying Firewall policies and minimum access policies makes it difficult for intruders to access . It is also concluded that when provisioning a cloud solution, a large part of the responsibility is shared with the provider, which already has very well tested and validated security solutions and, therefore, reduces the risks of hacking.