Start Secure, Stay Secure: Full-Lifecycle Application Security with Azure

dinushak 59 views 21 slides Aug 31, 2025
Slide 1
Slide 1 of 21
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21

About This Presentation

How to start and operate secure applications on Microsoft Azure

Size: 24.52 MB
Language: en
Added: Aug 31, 2025
Slides: 21 pages

Slide Content

Start Secure, Stay Secure: Full-Lifecycle Application Security with Azure Dinusha Kumarasiri

Dinusha Kumarasiri, MVP Microsoft MVP for Microsoft Azure Microsoft Certified Trainer (MCT) Enterprise Architect at NCS Australia Cloud Enthusiast Love to share what I learn dinushaonline.blogspot.com @kumarasiri048 dinushak Dinusha Kumarasiri

Agenda Evolution of Application Landscape Modern Application Security Challenges Start Secure: Strategy, Design & Build Stay Secure: Deploy & Operate dinushaonline.blogspot.com @kumarasiri048 dinushak Dinusha Kumarasiri

Evolution of Application Landscape Network perimeter-based security controls Implicit trust inside the network Physical datacenter security Legacy security protocols Security Lense

Evolution of Application Landscape Diversity of endpoints Scattered application components Shared security responsibility Identity becomes the primary Perimeter APIs is the main integration layer Security Lense

The Modern Application Security Challenges Expansion of attack surface Inconsistent security controls across environments More entry points for threat actors to exploit Misconfigurations & data control SaaS & Cloud services deployed outside central IT oversight Insecure settings & accidental exposure of data Evolving threat landscape AI-Powered attacks How do we protect AI solutions? Regulatory & compliance pressure Compliance with multiple frameworks (ISO, SOC, PCI DSS, etc..) Data residency & sovereignty challenges Lack of controls on identity Compromised credentials (Phishing, MFA fatigue attacks, token theft) Complexity of using multiple identity providers (Entra, Okta, etc..)

Start Secure dinushaonline.blogspot.com @kumarasiri048 dinushak Dinusha Kumarasiri Strategy, Design & Build

Design: Security Requirements & Threat Modelling Identify risks early, align to compliance from the start Threat Modelling Microsoft Threat Modeling Tool To identify potential threats of an application Spoofing identity Tampering with data Repudiation Information disclosure Denial of service Elevation of privilege Impersonate a user/service Entra ID with conditional access, Managed Identity Modify data in transit or at rest Storage service encryption, Key Vault, TLS/HTTPS Deny a transaction or making difficult to trace Azure Monitor Logs, Immutable retention Sensitive data leakage Microsoft Purview Disrupting service availability to legitimate users DDoS Protection, Front Door rate limiting Gaining higher access levels than permitted RBAC, Privileged Identity Management , Access Reviews Microsoft Defender for Cloud Baseline: Microsoft cloud security benchmark Additional: Custom or built-in security standards

Design: Security Requirements & Threat Modelling

Design: Zero Trust with Defense in Depth Plan your application to Never trust, Always verify! Verify explicitly MFA, Device compliance, Location-based checks Entra ID Conditional Access Policies to detect suspicious sign-ins Entra ID Protection Validate incoming requests at the entry point Azure Front Door + WAF Authenticate among azure components Managed Identities Use Least Privilege Access Granular permission on Azure resources Azure Role-Based Access Control (RBAC) Just-in-time access to privileged roles Privileged Identity Management (PIM) Security trimming, row level security Azure Cognitive Search, Azure SQL Assume Breach Network micro segmentation. Network security VNETs, Subnets & NSGs Keep network traffic private whenever possible Private Endpoints Enforce governance over the entire estate Azure Policy Assess security posture & compliance Microsoft Defender for Cloud Collects, correlates & analyzes logs to detect anomalies Azure Monitor

Design: Secure Data & API Design Build APIs & data flows with Confidentiality, Integrity & Availability in mind Observability Policy Business Continuity Scalability Data Security Define data classification labels with Microsoft Purview Encryption, access restrictions & watermarks to labels Encrypt data in transit & rest Default platform encryption, Azure Disk Encryption, TLS, mTLS Control access with Azure RBAC & Azure Key Vault Connection strings, encryption keys Immutable retention & lifecycle policies in Azure Blob Storage Hot -> Cool -> Archive, Immutable for compliance & holds API Security Expose APIs through Azure API Management Authentication, throttling, monitoring, developer experience Protect APIs with OAuth 2.0/ OIDC via Entra ID Entra app registrations. Entra ID issues JWT tokens Implement Azure Front Door/Application Gateway with WAF Access restrictions on app service(s)

Microsoft Purview

Develop: Secure Coding & Dependency Management Prevent vulnerabilities in custom code & third-party components Static Application Security Testing (SAST) GitHub advanced security GitHub advanced security for Azure DevOps Analyze the code without running the app Supports many languages Integrate at pull request level for pre-merge checks Scheduled branch scans Injection attacks Cross-Site Scripting Hardcoded secrets Insecure cryptography Open redirects

Stay Secure dinushaonline.blogspot.com @kumarasiri048 dinushak Dinusha Kumarasiri Operate & Govern

Continuous Monitoring & Threat Detection Continuously monitor app behaviour for anomalies Azure Monitor Defender for Cloud Application Insights Azure Dashboards Collect metrics, logs & telemetry Application performance management within Azure Monitor Requests, dependencies, exceptions & response times Visualize collected telemetry & metrics Supports multiple sources Threat detection & security posture management

Incident Response & Recovery Minimize damage & recover securely after an incident Microsoft Sentinel Azure Business Continuity Centre Cloud native Security Information & Event Management (SIEM) system Security Orchestration, Automation & Response (SOAR) Detects incidents and automate responses based on playbooks Central hub for BC & DR Recovery & backup vaults

Operational Governance & Compliance Azure Advisor – Security Score Defender for Cloud – Security Posture Defender for Cloud – Compliance

Resources Microsoft Security Development Lifecycle (SDL) Practices Microsoft Threat Modeling Tool Zero Trust

Thank You! dinushaonline.blogspot.com @kumarasiri048 dinushak Dinusha Kumarasiri
Tags
azure cloud zero-trust cybersecurity
Categories
Technology
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 59
  • Slides 21
  • Age 92 days
Related Slideshows
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx 11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx 10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
44 views
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx 13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx 11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
Know for Certain 21
Know for Certain
DaveSinNM
19 views
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx 17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views
View More in This Category