Design an authentication and authorization strategy
• design an access solution (Azure AD Privileged Identity Management (PIM), Azure AD Conditional Access, MFA)
• organize the team using Azure AD groups
• implement Service Principals and Managed Identity
• configure service connections
Design a sensitive information management strategy
• evaluate and configure vault solution (Azure Key Vault, Hashicorp Vault)
• generate security certificates
• design a secrets storage and retrieval strategy
• formulate a plan for deploying secret files as part of a release
Develop security and compliance
• automate dependencies scanning for security (container scanning, OWASP)
• automate dependencies scanning for compliance (licenses: MIT, GPL)
• assess and report risks
• design a source code compliance solution (e.g. GitHub security, pipeline-based scans, Git hooks, SonarQube)
Design governance enforcement mechanisms
• implement Azure policies to enforce organizational requirements
• implement container scanning (e.g. static scanning, malware, crypto mining)
• design and implement Azure Container Registry Tasks (eg. Azure Policy)
• design break-the-glass strategy for responding to security incidents
Design an authentication and authorization strategy
• design an access solution (Azure AD Privileged Identity Management (PIM), Azure AD Conditional Access, MFA) • organize the team using Azure AD groups • implement Service Principals and Managed Identity • configure service connections
Design a sensitive information management strategy
• evaluate and configure vault solution (Azure Key Vault, Hashicorp Vault) • generate security certificates • design a secrets storage and retrieval strategy • formulate a plan for deploying secret files as part of a release
Develop security and compliance
• automate dependencies scanning for security (container scanning, OWASP) • automate dependencies scanning for compliance (licenses: MIT, GPL) • assess and report risks • design a source code compliance solution (e.g. GitHub security, pipeline-based scans, Git hooks, SonarQube)
Design governance enforcement mechanisms
• implement Azure policies to enforce organizational requirements • implement container scanning (e.g. static scanning, malware, crypto mining) • design and implement Azure Container Registry Tasks (eg. Azure Policy) • design break-the-glass strategy for responding to security incidents