New Training: Implement Advanced Network Security
In this 8-video skill, CBT Nuggets trainer Daniel Sasse leads a tour on the services available to secure Azure container objects and infrastructure. Some of the technologies covered are Azure Kubernetes, Azure container registry and security for the Azure App service. Watch this new Azure training.
Watch the full course: Microsoft Certified: Azure Security Engineer Associate
This training includes:
1.5 hours of training
You’ll learn these topics in this skill:
Configure NSGs and ASGs
Secure the Connectivity of Virtual Networks
Implement Service Endpoints
Create and Configure Azure Firewall
Configure Azure Front Door Service as an App Gateway
Configure a WAF on an Azure App Gateway
Configure Azure Bastion
Implement DDoS Protection
Understanding Your Role in Azure's Shared Responsibility Model
Traditional networks housed in data centers put all of the responsibility for cybersecurity on the owning organization. From purchasing hardware and software to effectively maintaining it, companies have complete control. This could be good or bad, but what's important here is to understand that it is simply different from virtual network security.
Azure operates off of a shared responsibility model. Some traditional responsibilities remain with the customer, such as the security for any physical assets the organization uses (such as PCs and mobile devices), account and identity security, and data integrity. Other responsibilities are always owned by Azure, such as maintaining and securing the physical data center, the physical network, and the physical hosts for virtual instances.
The rest of the responsibilities vary based on the type of services you're procuring from Azure. Depending on whether you're using Azure's Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS) offerings, you may own all or part of the responsibility for identity and directory infrastructure, applications, network controls, and operating systems.
Knowing what Azure is responsible for and what it isn't is the starting point for securing your virtual network.
delivered to your inbox.