Study project for all things cloud. Spin-offs will happen when detailing
This project is maintained by jesperancinha
Azure documentation
Secure the perimeter layer
Azure DDoS Protection
, Azure Firewall
Secure the network layer
Segmentation
, Deny by default
, inbout/outbound restrictions
, secure connectivity
Combine services
Network security groups and Azure Firewall
, Azure Application Gateway
, Web application firewall
, Azure Firewall
Authentication
Single sign-on
Application management
Device management
SaaS
Internal Apps
Internal Cloud Applications
Something the user knows
Something the user has
Something the user is
Azure AD Premium P1 or P2 license
Identity Signals
MFA
Approval
Managed Devices
Blocks access from unknown and unexpectted locations
CanNotDelete
, ReadOnly
Azure Blueprints
Allowed virtual machine SKUs
Allowed locations
MFA should be enabled on accounts with write permissions on your subscription
CORS should not allow every resource to access your web applications
System updates should be installed on your machines
Monitor unencrypted SQL Database in Security Center
Monitor OS vulnerabilities in Security Center
Monitor missing Endpoint Protection in Security Center
Criminal Justice Information Service
Cloud Security Alliance STAR Certification
European Union Model Clauses
Health Insurance Portability and Accountability Act
International Organization of Standards/International Electrotechnical Commission 27018
Multi-Tier Cloud Security Singapore
Service Organization Controls 1, 2, and 3
National Institute of Standards and Technology Cybersecurity Framework
United Kingdom Government G-Cloud