SecDevOps for Azure Functions and APIM in Hybrid cloud architecture with Lana Vyshnivetska

Join Lana as she shows us how to start with SecDevOps for Azure Functions and APIM in Hybrid cloud architecture.

Cloud services offer more freedom and flexibility, but they create huge blind spots for IT security. Similarly, the popularity of serverless applications comes with their own challenges. Coupled with heavy usage of APIs and microservices architecture does not make security simpler.

In this talk – How to mitigate modern security threats using APIM:

– Authorisation Key / Subscriptions

– Overview: what are subscriptions in Azure

– How to protect your Subscription Keys and not expose them to the whole development team? Keep audience small

– take advantage of Segregation of Duties model

– Azure Key Vault as a tool to keep your secrets including subscription keys

– Remove technical information from the response

– Secure your backend using OAuth2/JWT (json web tokens). Extract JWT Claims in Azure API Management Policy

– Pipelines as a code – why should everything be source controlled and no manual changes should be made in Azure Portal?

– Certificates on APIM

– In hybrid architecture connect on-premises APIs to cloud services by creating a façade that lets you safely integrate on-premises and cloud environments

– Do not allow to call Azure Functions directly – only via APIM

– Logging all calls to APIM and down to Azure Monitor as a consolidated place

– Firewalls/WAF

– Incidents response procedure

– Use 3rd party tools to tighten security in Azure – such as Netskope

 

|| Subscribe for more content from SSW TV ||

|| Press like and leave a comment below to let us know how we’re doing ||

Twitter ↴ https://twitter.com/ssw_tv

Facebook ↴ https://www.facebook.com/SSW.page

See more videos at http://tv.ssw.com

For more information about SSW’s web application consulting services, please visit https://www.ssw.com.au/ssw/Consulting…

Created by SSW TV | Videos By Developers, For Developers