Post on 23-Jan-2018
Building Modern Apps with the
Secure DevOps Kit for AzureNotes:
If you experience audio issues during the webinar, you can dial in through telephone details provided to you in
your registration confirmation email.
Please feel free to post questions in the questions dialog & we will try to answer as many as we can at the end.
Recording of this session will be shared in next 24-48 hours.
You can also write to us at marketing@winwire.com for any clarifications or information.
Session Speaker
Viplove Sharma
Technical Architect
WinWire Technologies
Agenda
3. Secure DevOps Kit for Azure
4. Toolkit Adoption at Microsoft
2. Security Challenges of DevOps
5. Q & A
1. DevOps and Azure
DevOps
A software development approach that establishes
Communication and collaboration
within development teams
Automation and monitoring of the
processes
Rapid, frequent and more reliable
software development
DevOps in Azure
DevOps Tool
Visual Studio Team
Services (VSTS)
Continuous
Integration
Ensure merged & unit-
tested code at all time
Continuous
Delivery
Create environments/
pipeline, deploy/
release services to
Azure
Monitor
Monitor using VSTS
Dashboard,
Application Insights
Service Fabric Cluster
Deploy
Git RepositoryDev Branch
Code Checked In
Yes
No
Build Success
Trigger Build & Unit Test
Sent for Approval
Notify UsersTrigger Release
Git RepositoryStaging Branch
Merge Code
Trigger Build & Unit Test
No
Build Success
Notify Users
Approved
Application Architecture
YesSent for Approval
Trigger Release
Approved
Development
Service Fabric Cluster
Staging
Service Fabric Cluster
Production East
Service Fabric Cluster
Production West
Git RepositoryProduction Branch
Trigger Build & Unit Test
No
Build Success
Notify Users
YesSent for Approval
Trigger Release
Approved
Deploy
Deploy
Deploy
VSTS Build Definition
VSTS Release Management
Security Challenges of DevOps
2. Traditional security methods are not flexible enough
to adapt to the above changes
• Quicker, more frequent deployments
1. DevOps in Azure has changed the IT ecosystem
• More complex development environments
• Constantly changing applications
• Developers responsible for operational responsibilities
Secure DevOps Kit for AzureA set of automation, extensions, plugins, templates, modules, and other tools that combine to offer a security-
focused development workflow for our DevOps engineering teams working in Azure
Subscription
Security
Security
IntelliSense
Security
Verification
Tests (SVTs)
CI/CD build/
release
extensions
Continuous
Assurance
runbooks
OMS
solution for
alerting &
monitoring
Telemetry
dashboard
1
2
3
4
5
6
Provision security in subscription
Make data-driven
improvements to security
Develop securely, spot check
security via scripts
Deploy securely from VSTS build/
release pipeline
Periodically scan in production to watch for
drift
Single security dashboard
across DevOps stages
1. Subscription Security
Subscription
Security
Security
IntelliSense
Security
Verification
Tests (SVTs)
CI/CD build/
release
extensions
Continuous
assurance
runbooks
OMS
solution for
alerting &
monitoring
Telemetry
dashboard
A package of scripts and programs that help ensure
secure provisioning, configuration, & administration
of an Azure subscription
• Health Check Script – for security issues,
misconfigurations, or obsolete settings
• Provisioning Script – for access control, alerts,
policies, contacts
2. Secure Development
Subscription
Security
Security
IntelliSense
Security
Verification
Tests (SVTs)
CI/CD build/
release
extensions
Continuous
assurance
runbooks
OMS
solution for
alerting &
monitoring
Telemetry
dashboard
Components ensure that security is integrated
into the day-to-day development process, that
include
• Security Verification Tests (SVTs) – built-in
security controls for Azure services
• Security IntelliSense – guidance on secure
coding best practices for developers while they
code
3. Security in CI/CD
Subscription
Security
Security
IntelliSense
Security
Verification
Tests (SVTs)
CI/CD build/
release
extensions
Continuous
assurance
runbooks
OMS
solution for
alerting &
monitoring
Telemetry
dashboard
• AzSDK extension for VSTS – is private, needs to
requested for
• Build/release task for Security Verification Tests
(SVTs) in CI/CD pipeline
4. Continuous Assurance
Subscription
Security
Security
IntelliSense
Security
Verification
Tests (SVTs)
CI/CD build/
release
extensions
Continuous
assurance
runbooks
OMS
solution for
alerting &
monitoring
Telemetry
dashboard
Continuous Assurance (CA):• Prevents security state drift in the wrong
direction
• Helps to stay current with security
improvements
• Encourages adherence to operational best
practices
Tools include:• Azure Automation runbooks
• Azure Resource Manager templates
• PowerShell scripts
5. Alerting and Monitoring
Subscription
Security
Security
IntelliSense
Security
Verification
Tests (SVTs)
CI/CD build/
release
extensions
Continuous
assurance
runbooks
OMS
solution for
alerting &
monitoring
Telemetry
dashboard
Operations Management Suite (OMS) displays the
security state and trends as reported by the
different components of the kit
6. Security Telemetry
Subscription
Security
Security
IntelliSense
Security
Verification
Tests (SVTs)
CI/CD build/
release
extensions
Continuous
assurance
runbooks
OMS
solution for
alerting &
monitoring
Telemetry
dashboard
Security telemetry is routed to Application
Insights, and viewed on a Power BI
dashboard, with three primary views:
• Usage of the DevOps Kit across the
enterprise
• Aggregate cloud-related risks across service
lines
• Common errors/challenges that developers
face while using the kit
Secure DevOps Kit at Microsoft
1
2
3
4
5
Reduction in development time
and costs
Higher awareness of security in
development teams
Easier transition to
DevOps
Simple processes for checking
existing solutions
Easier assurance checks and
problem resolution
Around 50% of Microsoft IT Azure subscriptions use Secure DevOps kit, bringing the
following benefits:
Use the Kit if you are…
1
2
3
4
5
Moving your applications to or
have already moved to Azure
Following agile development
methodologies
Looking at automating your
development processes
Building highly-secure
applications for top clients
Aiming to reduce costs to
ensure security
Q & A Next Webinar• Website: www.winwire.com
• Email: marketing@winwire.com
• Blog: http://www.winwire.com/blog-winsights/
• Twitter: www.twitter.com/winwire
• Topic: Microsoft 365 (Formerly known as
Secure Productive Enterprise)
• When: September 28th at 9 AM PST