{"id":62413,"date":"2021-09-28T03:00:11","date_gmt":"2021-09-28T11:00:11","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/devops\/?p=62413"},"modified":"2021-09-28T08:48:54","modified_gmt":"2021-09-28T16:48:54","slug":"azurefunbytes-episode-57-securing-azure-with-shehackspurple","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/devops\/azurefunbytes-episode-57-securing-azure-with-shehackspurple\/","title":{"rendered":"AzureFunBytes Episode 57 &#8211; Securing @Azure with @shehackspurple"},"content":{"rendered":"<p>AzureFunBytes is a weekly opportunity to learn more about the fundamentals and foundations that make up Azure. It&#8217;s a chance for me to understand more about what people across the Azure organization do and how they do it. Every week we get together at 11 AM Pacific on <a href=\"https:\/\/cda.ms\/226\">Microsoft LearnTV<\/a> and learn more about Azure.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/res.cloudinary.com\/practicaldev\/image\/fetch\/s--Z7BxBMz1--\/c_limit%2Cf_auto%2Cfl_progressive%2Cq_66%2Cw_880\/https:\/\/dev-to-uploads.s3.amazonaws.com\/uploads\/articles\/j2xzw2g664tj31jij13t.gif\" alt=\"AzureFunBytes animation\" \/><\/p>\n<p>On this week&#8217;s AzureFunBytes Episode 57, Securing Azure, I welcome <a href=\"https:\/\/twitter.com\/shehackspurple\">Tanya Janca<\/a> from <a href=\"https:\/\/wehackpurple.com\/\">We Hack Purple<\/a> to give an overview of security basics within Azure!<\/p>\n<p>Tanya\u202fJanca, also known as SheHacksPurple, is the best-selling author of \u2018<a href=\"https:\/\/AliceandBobLearn.com\">Alice and Bob Learn Application Security<\/a>\u2019. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, &amp; Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger &amp; streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.<\/p>\n<p>Our agenda:<\/p>\n<ul>\n<li>Tanya made an Azure course<\/li>\n<li>Why it\u2019s important to secure your Azure instance<\/li>\n<li>Let\u2019s investigate a security incident<\/li>\n<li>How could we have prevented this?<\/li>\n<li>Security center overview<\/li>\n<\/ul>\n<p><iframe title=\"AzureFunBytes Episode 57 - Securing @Azure with @shehackspurple\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/BVj3BMIcbwE?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p><a href=\"https:\/\/youtu.be\/CLdCauszCt4\">00:00:00 &#8211; Opening<\/a><br \/>\n<a href=\"https:\/\/youtu.be\/CLdCauszCt4?t=323\">00:05:23 &#8211; Let&#8217;s meet Tanya<\/a><br \/>\n<a href=\"https:\/\/youtu.be\/CLdCauszCt4?t=940\">00:15:40 &#8211; We Hack Purple<\/a><br \/>\n<a href=\"https:\/\/youtu.be\/CLdCauszCt4?t=1700\">00:28:28 &#8211; Azure Security Center<\/a><br \/>\n<a href=\"https:\/\/youtu.be\/CLdCauszCt4?t=2207\">00:36:47 &#8211; Looking at a security alert<\/a><br \/>\n<a href=\"https:\/\/youtu.be\/CLdCauszCt4?t=2411\">00:40:11 &#8211; Secure score<\/a><br \/>\n<a href=\"https:\/\/youtu.be\/CLdCauszCt4?t=2744\">00:45:44 &#8211; Azure Bastion<\/a><br \/>\n<a href=\"https:\/\/youtu.be\/CLdCauszCt4?t=2744\">00:54:28 &#8211; Can you customize recommendations to fit your own baselines?<\/a><\/p>\n<h3>Azure Security Center<\/h3>\n<p><a href=\"https:\/\/cda.ms\/2Hz\">Azure Security Center<\/a> provides unified security management and advanced threat protection across hybrid cloud workloads. By implementing Security Center into your workloads, you can use best practices to strengthen the security posture of your apps and IT infrastructure.<\/p>\n<p><a href=\"https:\/\/cda.ms\/2HB\">From the Azure Security Center documentation<\/a>:<\/p>\n<p><em>Keeping your resources safe is a joint effort between your cloud provider, Azure, and you, the customer. You have to make sure your workloads are secure as you move to the cloud, and at the same time, when you move to IaaS (infrastructure as a service) there is more customer responsibility than there was in PaaS (platform as a service), and SaaS (software as a service). Azure Security Center provides you the tools needed to harden your network, secure your services and make sure you&#8217;re on top of your security posture.<\/em><\/p>\n<p><em>Azure Security Center addresses the three most urgent security challenges:<\/em><\/p>\n<ul>\n<li><em><strong>Rapidly changing workloads<\/strong> \u2013 It&#8217;s both a strength and a challenge of the cloud. On the one hand, end users are empowered to do more. On the other, how do you make sure that the ever-changing services people are using and creating are up to your security standards and follow security best practices?<\/em><\/li>\n<li><em><strong>Increasingly sophisticated attacks<\/strong> &#8211; Wherever you run your workloads, the attacks keep getting more sophisticated. You have to secure your public cloud workloads, which are, in effect, an Internet facing workload that can leave you even more vulnerable if you don&#8217;t follow security best practices.<\/em><\/li>\n<li><em><strong>Security skills are in short supply<\/strong> &#8211; The number of security alerts and alerting systems far outnumbers the number of administrators with the necessary background and experience to make sure your environments are protected. Staying up-to-date with the latest attacks is a constant challenge, making it impossible to stay in place while the world of security is an ever-changing front.<\/em><\/li>\n<\/ul>\n<p><em>To help you protect yourself against these challenges, Security Center provides you with the tools to:<\/em><\/p>\n<ul>\n<li><em><strong>Strengthen security posture<\/strong>: Security Center assesses your environment and enables you to understand the status of your resources, and whether they are secure.<\/em><\/li>\n<li><em><strong>Protect against threats<\/strong>: Security Center assesses your workloads and raises threat prevention recommendations and security alerts.<\/em><\/li>\n<li><em><strong>Get secure faster<\/strong>: In Security Center, everything is done in cloud speed. Because it is natively integrated, deployment of Security Center is easy, providing you with auto provisioning and protection with Azure services.<\/em><\/li>\n<\/ul>\n<hr \/>\n<p>Learn about Azure fundamentals with me!<\/p>\n<p>Live stream is normally found on Twitch, YouTube, and <a href=\"https:\/\/cda.ms\/226\">LearnTV<\/a> at 11 AM PT \/ 2 PM ET Thursday. You can also find the recordings here as well:<\/p>\n<p><a href=\"https:\/\/twitch.tv\/azurefunbytes\">AzureFunBytes on Twitch<\/a><br>\n<a href=\"https:\/\/aka.ms\/jaygordononyoutube\">AzureFunBytes on YouTube<\/a><br> \n<a href=\"https:\/\/www.youtube.com\/channel\/UC-ikyViYMM69joIAv7dlMsA\">Azure DevOps YouTube Channel<\/a><br> \n<a href=\"https:\/\/twitter.com\/azurefunbytes\">Follow AzureFunBytes on Twitter<\/a><\/p>\n<p>Useful Docs:<\/p>\n<p><a href=\"https:\/\/cda.ms\/2Fs\">Azure security fundamentals documentation<\/a><br \/>\n<a href=\"https:\/\/cda.ms\/2Ft\">Introduction to Azure security<\/a><br \/>\n<a href=\"https:\/\/cda.ms\/2FL\">Azure Security Center<\/a><br \/>\n<a href=\"https:\/\/cda.ms\/2FM\">Azure Bastion<\/a><br \/>\n<a href=\"https:\/\/aka.ms\/WHPSec\">Learn Azure Security with Tanya Janca<\/a><br \/>\n<a href=\"https:\/\/cda.ms\/2Fr\">Security services and technologies available on Azure<\/a><br \/>\n<a href=\"https:\/\/wehackpurple.com\/\">We Hack Purple Academy<\/a><br \/>\n<a href=\"https:\/\/AliceandBobLearn.com\">Alice and Bob Learn Application Security<\/a><br \/>\n<a href=\"https:\/\/cda.ms\/2Fq\">Azure security best practices and patterns<\/a><br \/>\n<a href=\"https:\/\/twitter.com\/shehackspurple\">Tanya on Twitter<\/a><br \/>\n<a href=\"https:\/\/shehackspurple.ca\">SheHacksPurple<\/a><br \/>\n<a href=\"https:\/\/www.youtube.com\/shehackspurple\">Tanya on YouTube<\/a><br \/>\n<a href=\"https:\/\/newsletter.shehackspurple.ca\">Newsletter<\/a><br \/>\n<a href=\"https:\/\/www.linkedin.com\/in\/tanya-janca\">Tanya on LinkedIn<\/a><br \/>\n<a href=\"https:\/\/www.facebook.com\/tanya.janca\/\">Tanya on Facebook<\/a><br \/>\n<a href=\"https:\/\/community.wehackpurple.com\">Free Community at We Hack Purple<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On this week&#8217;s AzureFunBytes Episode 57, Securing Azure, I welcome Tanya Janca from We Hack Purple to give an overview of security basics within Azure!<\/p>\n","protected":false},"author":39313,"featured_media":62414,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[224],"tags":[],"class_list":["post-62413","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure"],"acf":[],"blog_post_summary":"<p>On this week&#8217;s AzureFunBytes Episode 57, Securing Azure, I welcome Tanya Janca from We Hack Purple to give an overview of security basics within Azure!<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts\/62413","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/users\/39313"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/comments?post=62413"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/posts\/62413\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/media\/62414"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/media?parent=62413"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/categories?post=62413"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/devops\/wp-json\/wp\/v2\/tags?post=62413"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}