Microsoft provided a new experience in cloud computing at the launch of Azure back in 2010, with almost too good to be true cloud capabilities and features, high-security levels, and apps for almost everything.
In this article, we’ll discuss why you should use DevSecOps in azure and what features you’ll get in addition to some updates on the major services and techniques that can be used to accomplish production-grade deployments in the Azure cloud without having to sacrifice speed.
So let’s dive into the features you need to know about.
When using DevOps, your eyes should be set on Key Performance Indicators (KPIs) related to speed, frequency, and failure.
What does that mean for you? Well, it means that you should be using specific metrics to meet delivery objectives.
However, you also have to think about security metrics and which of them you should focus on? These metrics often include mean time to resolve security issues and a review of your security-tagged backlog. It doesn’t hurt to have security-focused dashboards as well to track metrics and progress.
The software development process here will often start with Azure Boards. Here, tasks should be tagged, requiring any design or code injection to be reviewed first for security impact.
In addition to what we mentioned above, using integrations and extensions will allow you to incorporate most of the tools that a team typically uses, such as a bug tracking system and vulnerability scanning tools like Micro Focus.
If you have a preferred Continuous Integration CI, you can use that instead of native Azure DevOps builds, or replace the Continuous Deliver CD with your favourite deployment tools.
In Azure, IaC is often based on Azure Resource Manager ARM or Terraform Modules. These are languages that specify the desired state and allow the tooling system to perform the actions.
This contradicts scripting with Azure CLI or Powershell, both have become filled with checks to see if elements already exist to avoid deploying twice.
Now you have to deploy and integrate a linting system for your IaC such as Secure DevOps Kit for Azure in order to catch security fails and vulnerabilities before they are deployed.
The aforementioned building blocks can be assembled in Azure Pipelines and triggered by commits to IaC or developer repositories.
In essence, Pipelines are composed of units of code or steps, jobs, and stages. It may benefit you to spend some time on these Pipelines to make them work efficiently at catching and parallelization techniques, as this will ensure a tight feedback loop for developers. If it’s done right, then the developers will be much more open-minded to add security features such as code scanning.
First, let’s talk a bit about what Kubernetes are! Kubernetes is a complete ecosystem of services, and in Azure, it’s a managed service that comes with enhanced security features such as Azure Policy and Azure Defender.
These are often installed into the Cloud Native Computing Foundation, Which is a CNFC sandbox project offering enhanced WAF protection, application DDoS, rate limiting, and many more services.
When it comes to hardening, Azure is the platform with a tremendous number of hardening capabilities. However, you need to make sure that you’re not violating company policies! That’s where Azure Policy comes in handy, as it allows organizations to tune the “default” or allowed configurations and prevent those that violate company policy.
Azure Policy enforcement environments should be taken into consideration when designing subscriptions topology in an Azure tenant. Policies can be applied at the management group, subscription, or resource group level.
This in turn means, compliance can be enforced gradually as deployments progress through the test, stage, and production environment.
Your DevOps team should then work on integrating Azure Security Center ASC and Azure Advisor into the DevOps processes as well.
Ctelecoms is a proud Microsoft Partner in Saudi Arabia, helping thousands of customers overcome IT and security issues in their organizations.
So, if you’re curious about DevSecOps on Azure all you have to do is contact our team for support: https://www.ctelecoms.com.sa/en/Form15/Contact-Us