{"id":92335,"date":"2023-06-02T17:39:21","date_gmt":"2023-06-02T17:39:21","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4105544"},"modified":"2023-06-02T17:39:21","modified_gmt":"2023-06-02T17:39:21","slug":"improve-your-app-security-on-azure","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=92335","title":{"rendered":"Improve your app security on Azure"},"content":{"rendered":"
\"The
Image: PhotoGranary\/Adobe Stock<\/figcaption><\/figure>\n

When cloud computing<\/a> first became popular, it was seen as a way of reducing both friction and costs. It was much faster and cheaper to spin up a virtual machine in the cloud than to wait for a physical server to be approved, ordered, delivered and set up.<\/p>\n

SEE:<\/strong> Use this access management policy template<\/a> from TechRepublic Premium to build secure policies around user access.<\/p>\n

Now, cloud computing is powerful and robust enough to run mission critical workloads \u2014 as long as you know how to design applications to scale, configure cloud services to support them and handle the failures inevitable in any complex system.<\/p>\n

Jump to:<\/p>\n

Avoid security flaws when building apps on Azure<\/h2>\n

If you\u2019re building applications on Azure, Microsoft has a Well-Architected Framework<\/a> to help you design and run your app for reliability, security, performance efficiency and effective operations. It even offers a quiz to help you assess<\/a> if you\u2019ve covered everything.<\/p>\n

There\u2019s also a growing number of tools and services to help make the applications you run on Azure more reliable and secure. These tools range from the Azure Chaos Studio<\/a> service, which helps you test how your app will cope with failure, to the open-source OneFuzz<\/a> project, which will look for flaws in your code.<\/p>\n

If you use containers, the default configuration for .NET 8 Linux containers is now \u201crootless<\/a>,\u201d and it takes only one line of code to have your app run as a standard user rather than one with root access. This is to ensure attackers can\u2019t modify files or install and run their own code if they are able to get into your app.<\/p>\n

Lock down your apps<\/h2>\n

In addition to avoiding security flaws when you write your application, you need to make sure you\u2019re only giving access to the right people.<\/p>\n

You can apply locks<\/a> to any Azure resource or even an entire Azure subscription, making sure they can\u2019t be deleted or even modified. But because locks affect the Azure control plane rather than the Azure data plane, a database that\u2019s locked against modification can still create, update and delete data, so your application will carry on working correctly.<\/p>\n

For older applications that don\u2019t have fine-grained options for managing how credentials are used, Azure Active Directory has a new option to help you secure those credentials. This way, an attacker can\u2019t make changes that might let them take control of a key enterprise application and get credentials to move across your network and attack other systems.<\/p>\n

Around 70% of all data breaches<\/a> start with an attack on web applications, so you need to make sure attackers can\u2019t use them as a stepping stone to other resources.<\/p>\n

SEE:<\/strong> Discover how BYOD and personal applications can lead to data breaches<\/a>.<\/p>\n

The new app instance property lock<\/a> feature covers credential signing with SAML and OpenID Connect, which means you can offer single sign-on that lets users sign in with Azure AD and get access to multiple applications.<\/p>\n

It  also encrypts the tokens created using a public key, so apps that want to use those tokens have to have the correct private key before they can use those tokens for the user who\u2019s currently signed in. That makes it harder to steal and replay tokens to get access.<\/p>\n