Share this
Cloud Azure Meetup Article
by Seven Peaks on Apr 8, 2022 12:40:00 PM
Intro
Another Seven Peaks Speaks was held on March 23, 2022. This time our four speakers will be talking about “How to deploy & secure your application in Azure” for efficient Azure app migration.
The meet-up started with Giorgio Desideri, Tech Lead Cloud Solutions at Seven Peaks Software, and the topic that he will be talking about is “Develop Security & Compliances in Azure.”
Azure Accounts
Starting with Azure accounts, Giorgio explains the foundation that there are 3 prices of Azure accounts: free, Office 365 and Premium account. Users, services, applications and devices can be regulated by roles or groups and these are related with policy. There are 4 types of user including guest, member, Microsoft 365 (Enterprise) and work/consumer account (Azure B2C).
The identity type of services is divided into:
- Manage Identity, which can be a system-defined or a user defined
- Service Principal (Application Registration)
- Enterprise Application
Watch the live coding demonstration of this Cloud Azure Meetup below:
Azure accounts, Azure app migration, and more by Giorgio, Phu, Mean, and Nicolas
Later Giorgio went deeper with database & application and how can we apply secure development. The developer is the key for database security. He ends his session with some take away points.
First, we have to consider the requirements and check the Azure account . Then, regulate the Access Management of the identities, such as the audiences, permissions, methods and operation. Lastly, knowledge & practice, monitor & alerts and together with review & enforcement are important traits to have for a better secure development.
Mean, the Mid-Level Java Developer and Phu, the Junior .NET Developers, are the next speakers. This meetup is their first time as a speaker for Seven Peaks Speaks!
Mean introduced us to Azure Function concepts by using car analogy. If Azure Function is a car, triggers, such as HTTP Triggers, will be a key to start the car. Each Azure Function can have only one trigger type.
There are so many trigger types out there, so Mean selected 6 common types to present to us.
- HTTP Trigger Type: the Azure Function will be triggered whenever there is a HTTP request
- Blob Trigger Type: the Azure Function will be executed whenever there is an update to the Blob storage
- Event Hub Trigger Type: will get executed whenever we have an event in Azure
- Time Trigger Type: will be used when the time schedule is reached
- Queue Trigger Type: will get executed when there is any queue in Azure
- Azure Cosmo Trigger Type: will be triggered when there is any changes in the document
To use the triggers and binding, Mean shows us an example situation when a user requests for a room availability for a condominium. When the user clicks on the website, the Azure Function (HTTP Trigger type) will be triggered and try to send the data from the user to the back office team, “SendGrid”.
Phu talks about the security in-transit , which divided into 4 topics, Function Access Keys, Authorization Scopes, Authentication/Authorization and Networking (Azure Private Endpoint).
Authorization scopes are separated into 3 scopes:
- Anonymous scope: no keys are needed and can be used by anyone
- Function scope: have to assign a key to the function
- Admin level scope: needs master key to access
For Networking, there are many ways to secure your function inside the network, however, Phu suggested that Azure Virtual Network is simple, yet effective.
Mean closed this section with “Security At-Rest” which is based on identity-based security. In the Azure universe, identity-based security is also known as managed identities because it’ll let Azure manage the security for us. Furthermore, she shared many useful tips that she learned from her past experience with us!
Azure App Migration
The last session for that night is Devsecops with Azure App Migration with EF6 presented by Nicolas Pierson, the Solution Architect from Seven Peaks Software.
Firstly, Nicolas quickly summarized the concept of Agile and DevOps practices to us before jumping to how Seven Peaks Software’s working process looked like with a diagram. To improve our performance, Nicolas showed us the feedback loop where he started with gathering feedback, analyzing it and making some changes by acting on these feedbacks. Also, follow up with his teammates for new feedback to continue the whole process.
Because DevOps practices bring developers, QAs and Ops to collaborate in order to release software faster, there is a checklist to make sure that all security requirements are met. Nicolas summarized the DEVSCOP Checklist from Microsoft into 6 bullet points:
- Create a cross-functional DevOps team to manage, build and maintain your workload.
- In the planning and design of the DevOps process, it is important to involve the security team to detect any security risks.
- Define CI/CD roles and permissions clearly together with minimizing the number of people who can access to resources or secure information.
- Configure quality gate approvals in DevOps release process.
- Integrate scanning tools within CI/CD pipeline.
- No infrastructure changes, provisioning or configuring, should be done manually outside of IaC.
Here are some tools that can be used in the development process for a more reliable and secure deployment process:
- Code: SonarQube – Static code analysis
- Container: Azure Security Center
- Container Orchestration: Kube-score, Config-lint
- Infrastructure: Tfsec, Horangi Warden
Share this
- FinTech (13)
- Career (12)
- Expert Spotlight (11)
- Thought Leadership (10)
- Product Growth (9)
- Software Development (9)
- Product Design (7)
- Data and Analytics (5)
- Design Thinking (5)
- InsurTech (5)
- QA (5)
- Agile (4)
- Cloud (4)
- Company (4)
- Digital Transformation (4)
- Financial Inclusion (4)
- JavaScript (4)
- Seven Peaks Insights (4)
- Trend (4)
- UX Design (4)
- .NET (3)
- Android Developer (3)
- Android Development (3)
- Azure (3)
- Banking (3)
- CSR (3)
- DevOps (3)
- IoT (3)
- Product-Centric Mindset (3)
- CDP (2)
- Cloud Development (2)
- Customer Data Platform (2)
- Data (2)
- Digital Product (2)
- E-wallet (2)
- Expat (2)
- Hybrid App (2)
- Kotlin (2)
- Product Owner (2)
- Software Tester (2)
- SwiftUI (2)
- UI (2)
- UX (2)
- UX Research (2)
- UX Writing (2)
- Visual Design (2)
- iOS Development (2)
- .NET 8 (1)
- 2023 (1)
- 4IR (1)
- 5G (1)
- AI (1)
- API (1)
- Agritech (1)
- AndroidX Biometric (1)
- App Development (1)
- Azure OpenAI Service (1)
- Backend (1)
- Brand Loyalty (1)
- CI/CD (1)
- Conversions (1)
- Cross-Platform Application (1)
- Dashboard (1)
- Digital (1)
- Digital Healthcare (1)
- Digital ID (1)
- Digital Landscape (1)
- Engineer (1)
- Expert Interview (1)
- Fiddler (1)
- Figma (1)
- Financial Times (1)
- GraphQL (1)
- Hilt (1)
- IT outsourcing (1)
- KYC (1)
- MVP (1)
- MVVM (1)
- Metaverse (1)
- Morphosis (1)
- Native App (1)
- New C# (1)
- Newsletter (1)
- Node.js (1)
- Payment (1)
- Platform Engineer (1)
- Platform Engineering Jobs (1)
- Platform Engineering Services (1)
- Project Manager (1)
- Rabbit MQ (1)
- React (1)
- ReactJS (1)
- Stripe (1)
- Super App (1)
- Turnkey (1)
- UIkit (1)
- UX Strategy (1)
- Web 3.0 (1)
- Web-Debugging Tool (1)
- September 2024 (4)
- August 2024 (3)
- July 2024 (6)
- April 2024 (1)
- March 2024 (7)
- February 2024 (14)
- January 2024 (14)
- December 2023 (9)
- November 2023 (9)
- October 2023 (2)
- September 2023 (6)
- August 2023 (6)
- June 2023 (4)
- May 2023 (4)
- April 2023 (1)
- March 2023 (1)
- November 2022 (1)
- August 2022 (4)
- July 2022 (1)
- June 2022 (6)
- April 2022 (6)
- March 2022 (4)
- February 2022 (8)
- January 2022 (4)
- December 2021 (1)
- November 2021 (2)
- October 2021 (2)
- September 2021 (1)
- August 2021 (3)
- July 2021 (1)
- June 2021 (2)
- May 2021 (1)
- March 2021 (4)
- February 2021 (5)
- December 2020 (4)
- November 2020 (1)
- June 2020 (1)
- April 2020 (1)