XaaS - Everything as a Service. Objects can be used as a service e.g. renting cars by the hour
CX - Customer Experience
XaaS - Everything as a Service. Objects can be used as a service e.g. renting cars by the hour
CX - Customer Experience
Overview: AIP has had many names and twists over the past few years. The functionality has been improving, but the naming and changes made it difficult to implement well. Finally, I feel Microsoft Azure Information Protection is implementable at scale.
Summary: Sensitivity labels have have the ability to allow documents and email to be classified to protect email and files. One can track, and encrypt documents/email. You can also use sensitivity labels to protect SharePoint sites, Teams sites and Microsoft 365 Groups. Within AAD (B2C) I can assign sensitivity labels to Microsoft 365 Groups.
Overview: I have been thru several ISO and security audits over the years for various companies offering SaaS products. This post outlines a some of my note around the latest ISO 27001 audit I touched on.
ISO 27001 covers Information Security Management (ISMS) which is about protecting and managing your businesses information assets to reduce your business risks. It demonstrates that your organisation has good security practices in place.
Note: ISO 27001 is a management of systems standard for an organisation, it is not done for a particular product.
An ISO 27001 ISMS consists of policies, procedures and other controls involving people, processes and technology". https://www.itgovernance.co.uk/iso27001
Parts to an ISO 27001 audit:
ISO 27701 - "ISO 27701 extends the meaning of “information security” detailed in ISO 27001. While the privacy and protection of personal data is part of ISO 27001, the newer standard extends the scope to include the “protection of privacy as potentially affected by the processing of PI" source: https://www.learningcert.com/information-security/iso-27001-vs-iso-27701/
ISO 27017 - is a security standard developed for cloud service providers and users to make a safer cloud-based environment and reduce the risk of security source Wikipedia. I think ISO27017 is now part of ISO27001 extended.
ISO 28000 - is the spec for security management systems for the supply chain (partner dependancies e.g. software vendor, hosting company service)
ISAE 3402/SOC 2/ISO 27001 - about verification of business processes/internal controls of the business of of a high standard.
Problem: Broadband offers various speeds options when purchasing, the actual speeds you get are usually well below and depend on you specific instance.
Initial Hypothesis: iOS has multiple apps to monitor speed to your iPhone.
Resolution: Download "Speedtest" using the app store an any Apple device. 5G performance is fantastic.
Below are my Results, I live in South West London (Zone 4)
Broadband | Download (Mbps) | Up Speed (Mbps) | Location |
Sky phone | 34.80 | 5.72 | SW London |
EE 4G - LTE | 13.00 | 0.13 | SW London |
O2 4G - LTE | 16.90 | 10.20 | SW London |
EE - 5G | 372.00 | 19.80 | Newcastle |
Overview: Azure SQL is incredible.
There are a lot of options when choosing how to host database and performance
good. "handles
patching, backups, replication, failure detection, underlying potential
hardware, software or network failures, deploying bug fixes, failovers,
database upgrades, and other maintenance tasks", from Microsoft Docs and
Azure SQL.
Three Tiers:
Backups
Point in time backups are automatically stored for 7 to 35 days (default is 7 days), protected using TDE, full, differential and transaction log backups are used to point in time recovery. The backups are stored in blob storage RA-GRS (meaning in the primary region and all the read-only backups are stored in a secondary Azure region). £ copies of the data in the active Azure Zone and 3 read only copies of the data.
Long Term Retention backups can be kept for 10 years, these are only full backups. The smallest retention is full backups retained for each weeks full backup. LTR is in preview available for Managed Instances.
Azure Defender for SQL
Monitors SQL database servers checking vulnerability assessments (best practice recommendations) and Advance Threat Protection which monitors traffic for abnormal behavior.
Checklist:
Note: Elastic Database Jobs (same as SQL Agent Jobs).
Azure offers MySQL, Postgre and MariaDB as hosted PaaS offerings.
Note: The Azure SQL PaaS Service does not support the filestream datatype : use varbinary or references to blobs.
Overview: The current version of Identity Server is 4. Identity server is basically a .NET Core 3.1 application that is an Identify Provider (IdP) similar in role to PingId, SiteMinder, AAD b2C. Identity server allows application (native mobile, web sites and servers) to securely authenticate users. In this post OAuth means OAuth2.0.
OAuth2 Grant Types:
Flow | Description | Client | Grant Type | |
Authorization with PK | Authorization Code Grant Type. Default choice for authorization. | Native mobile Apps, Windows app, Browser Apps | Code | |
Client Credential | Server-to-server (S2S) communication also refereed to as Machine-to-machine (M2M). | Server,Consoles,Services | ClientCredentials | |
Implicit | Rather use the Authorization Code Flow with PKCE | Native Apps & SPA's often use Implicit Flow | Implicit | |
Hybrid | ||||
Device | ||||
Resource Owner Pswd | Don't use |
Overview: APIM can be setup in multiple regions and incoming request will be routed to the closest APIM endpoint. If there is only 1 APIM region, it is best to ensure the API/App Service/Function is hosted in the same region. With multiple APIM's you can also host a API in the same region. The routing is either done automatically using Azure Front Door or via policy on the APIM.