Security patterns

Security provides confidentiality, integrity, and availability assurances against malicious attacks on information systems (and safety assurances for attacks on operational technology systems). Losing these assurances can negatively impact your business operations and revenue, as well as your organization's reputation in the marketplace. Maintaining security requires following well-established practices (security hygiene) and being vigilant to detect and rapidly remediate vulnerabilities and active attacks.


Pattern Summary
Federated Identity Delegate authentication to an external identity provider.
Gatekeeper Protect applications and services by using a dedicated host instance that acts as a broker between clients and the application or service, validates and sanitizes requests, and passes requests and data between them.
Valet Key Use a token or key that provides clients with restricted direct access to a specific resource or service.

Key Security Resources

Resource Summary
Azure Security Benchmarks Prescriptive best practices and recommendations to integrate into architectures for securing workloads, data, services, and enterprise environments on Azure.
Microsoft Defender for Cloud Native security controls to simplify integration of threat detection and monitoring in Azure architectures
Security Strategy Guidance Building and updating a security strategy for cloud adoption and modern threat environment
Security Roles and Responsibilities Guidance on security roles and responsibilities including definitions of mission/outcome for each organizational function and how each should evolve with the adoption of cloud.
Getting Started Guide for Security Guidance for planning and implementing security throughout cloud adoption

Security Resiliency

Achieving security resilience requires a combination of preventive measures to block attacks, responsive measures detect and quickly remediate active attacks, and governance to ensure consistent application of best practices.

For a more detailed discussion, see the Cybersecurity Resilience module in the CISO workshop.