Azure Well Architected Security Review Checklist

 Here We have compiled for you a checklist for Azure Security.


Priority: High Weight: 90

Item No 1: Classify your data at rest and use encryption
Item No 2: Implement Conditional Access Policies

Priority: High Weight: 70
Item No 3: Conduct periodic access reviews for the workload
Item No 4: Use only secure hash algorithms (SHA-2 family)
Item No 5: Discover and remediate common risks to improve Secure Score in Azure Security Center
Item No 6: Define a set of Azure Policies which enforce organizational standards and are aligned with the governance team
Item No 7: Use tools like Azure Disk Encryption, BitLocker or DM-Crypt to encrypt virtual disks
Item No 8: Deprecate legacy network security controls
Item No 9: Integrate network logs into a Security Information and Event Management (SIEM)
Item No 10: Data in transit should be encrypted at all points to ensure data integrity
Item No 11: Establish a designated group responsible for central network management
Item No 12: Build a security containment strategy
Item No 13: Evolve security beyond network controls
Item No 14: Periodically perform external and/or internal workload security audits
Item No 15: Establish lifecycle management policy for critical accounts
Item No 16: Standardize on modern authentication protocols

Priority: Medium Weight: 60
Item No 17: Configure web apps to reuse authentication tokens securely and handle them like other credentials
Item No 18: Ensure security team has Security Reader or equivalent to support all cloud resources in their purview
Item No 19: Synchronize on-premises directory with Azure AD
Item No 20: Implement identity-based storage access controls
Item No 21: Design virtual networks for growth
Item No 22: Use standard and recommended encryption algorithms
Item No 23: Assign permissions based on management or resource groups
Item No 24: Add planning, testing, and validation rigor to the use of the root management group

Priority: Medium Weight: 50

Item No 25: Use managed identity providers to authenticate to this workload
Item No 26: Enforce password-less or Multi-factor Authentication (MFA)
Item No 27: Continuously assess and monitor compliance
Item No 28: Use identity services instead of cryptographic keys when available
Item No 29: Establish a designated point of contact to receive Azure incident notifications from Microsoft
Item No 30: Establish process and tools to manage privileged access with just-in-time capabilities
Item No 31: Implement role-based access control for application infrastructure

Priority: Medium Weight: 40
Item No 32: Implement resource locks to protect critical infrastructure.


 

0 comments:

Post a Comment

Twitter Facebook Favorites More