INSANE IN THE MAINFRAME: TAKING CONTROL OF AZURE SECURITY presented at bsidestampa 2018

by Jeremy Rasmussen,

Summary : Everybody’s moving to the cloud these days. If you’re not already on Office365/Azure, odds are you’re considering it. But what are the security implications of doing this versus rolling your own thing on-premises? As a security consultant and architect, Jeremy set out to learn more about the Microsoft Azure security framework. After reading 700+ pages of documentation and consulting on a number of cloud security projects, he has now attained cloud enlightenment — the tl;dr version of which he’ll present in this talk. In particular, he’ll cover the following: * How Azure identity & access management work * How Azure data access control & encryption work * How Azure virtualization, isolation, firewalls, logging & monitoring work * Best practices you should take for dealing with Azure security