August Online User Group: SecDevOps for Azure Functions and APIM in Hybrid cloud architecture - where do you start?
What is Hybrid Cloud Architecture
What are Azure functions?
What is APIM?
- 0perate in zero trust security model
- Security Development lifecycle
- Improve security posture by educating stakeholders
Who is it aimed at?
Software engineers, DevOps Engineers
Why should you attend?
Cloud services offer more freedom and flexibility, but they create huge blind spots for IT security.
Similarly, the popularity of serverless applications comes with their own challenges. Coupled with heavy usage of APIs and microservices architecture does not make security simpler.
In this talk: how to mitigate modern security threats using APIM:
- Authorisation Key / Subscriptions
- Overview: what are subscriptions in Azure
- How to protect your Subscription Keys and not expose them to the whole development team? Keep audience small - take advantage of Segregation of Duties model
- Azure Key Vault as a tool to keep your secrets including subscription keys
- Remove technical information from the response
- Secure your backend using OAuth2/JWT(json web tokens). Extract JWT Claims in Azure API Management Policy
- Pipelines as a code - why should everything be source controlled and no manual changes should be made in Azure Portal?
- Certificates on APIM
- In hybrid architecture connect on-premises APIs to cloud services by creating a façade that lets you safely integrate on-premises and cloud environments
- Do not allow to call Azure Functions directly - only via APIM
- Logging all calls to APIM and down to Azure Monitor as a consolidated place
- Incidents response procedure
- Use 3rd party tools to tighten security in Azure - such as Netskope
About the Speaker:
Lana Vyshnivetska spent her professional life building software applications of enterprise level. With the 20+ years of experience in software development and IT, she is experienced in software development lifecycle, architecture, SecDevOps, cloud and people management.
She knows there are no simple answers for all challenges in IT with modern technologies, but is very passionate to drive tech forward and help businesses utilise the best from information technologies, so she continues to educate herself and coach Software Engineers and IT specialists.
She received education in the IT, Diploma in Computer science, system and complexes, Ukraine
Lana lives in Sydney with her family and currently holding position of a Technical Lead in Challenger Ltd