by Almu Gómez Sánchez-Paulete
When we talk about cybersecurity, the image of a person with a hood in front of black screens and white lines (or green, which are cooler) comes to mind, and we don’t always take into account that cybersecurity encompasses much more than knowing how to attack a system (Red Team). It is also important to design a secure architecture and know how to apply compliance controls to help carry out a risk plan and manage vulnerabilities in the infrastructure. If you add a cloud architecture, we find ourselves with the exciting world of “Cybersecurity Compliance on Cloud”.
Cybersecurity Compliance reaches from legal controls of confidentiality, integrity and availability of data, as well as the use of tools and application of processes that help in these controls.
In a cloud-based architecture with Microsoft Azure, we have multiple tools that will help us in this process (Azure Role Based Access Control, Azure Group Administration, Azure Blueprints...). In this first article, we will talk about Azure Policies and how they can help us monitor the compliance of our infrastructure.
These tools fall under the control of Azure Governance, which, in general terms, is the way to control how a group of users access certain resources, and for how long.
The first thing is to know what Azure Policies are and how they....
