Developer Security in Azure with Daniel Piessens
How can Azure help your applications be secure? Carl and Richard talk to Daniel Piessens about his experiences using various features of Azure to secure applications. The conversation starts out with application secrets stored in Azure Key Vault - not just for SSL certificates, any information that your application needs should be in there. To access it, you'll want Azure Active Directory, and that leads to a discussion on multi-factor authentication and increasing sophistication of identity - all features that come automatically from Azure. Whether your application is in the cloud or on-premises, you can make it more secure with these tools!
Guests:
Daniel Piessens
Having over 15 years of experience in the software industry, Daniel Piessens has built world class enterprise applications in the transportation, insurance, and healthcare industries. He was a Microsoft Patterns and Practices Champion and is regular adviser to Microsoft on DevOps related topics. Dan speaks regularly at conferences such as Agile and DevOps Days, but also enjoys the local user group. After 4 years in the Agile and DevOps consulting space, Dan recently returned to the product world as VP of Product Development for Tricast. When he's not geeking out, you can find him spending time with wife and three children.
Links:
- Telerik Modern Web Tour https://www.telerik.com/campaigns/devcraft/the-modern-web-tour
- DevIntersection https://devintersection.com/
- PawScout https://pawscout.com/
- Azure Key Vault https://azure.microsoft.com/services/key-vault/
- Azure Active Directory https://azure.microsoft.com/services/active-directory/
- Azure AD Managed Service Identity https://azure.microsoft.com/blog/keep-credentials-out-of-code-introducing-azure-ad-managed-service-identity/
- Azure Quickstart Templates https://azure.microsoft.com/resources/templates/
- Azure Multi-Factor Authentication https://azure.microsoft.com/services/multi-factor-authentication/
- RSA SecurID Token https://www.rsa.com/en-us/resources/rsa-securid-hardware-tokens
- YubiKey https://www.yubico.com/security-keys-authentication/
- Auth0 https://auth0.com/
- OAuth https://oauth.net/
- Azure Activity Log Analytics https://docs.microsoft.com/azure/log-analytics/log-analytics-activity
- Azure Security Center https://azure.microsoft.com/services/security-center/
- Azure AD Privileged Identity Management https://docs.microsoft.com/azure/active-directory/active-directory-privileged-identity-management-configure
- Security Policy in Azure Security Center https://docs.microsoft.com/azure/security-center/security-center-policies
- RunAsRadio Episode on Cloud Security http://runasradio.com/Shows/Show/586