Chapter 4 / Security

Security
Architecture Design

Security becomes easier to organize by separating what to protect, limiting permissions, and keeping records. Build it into the design from the start, not as an afterthought.

3 Guidelines

The 3 items in this chapter

1Cloud securitySeparate what to protect and the measures.
2Audit/GovernanceMake it traceable later with rules and records.
3Identity/Access rightsGrant only needed permissions for only the needed period.
Diagram of basic security concepts
Separate what to protect with confidentiality, integrity, and availability in mind.
Cloud Security

Separate what to protect

Organize data, identity, permissions, secrets, and logs from separate perspectives. Clarifying what to protect makes choosing measures easier.

Check confidentiality, integrity, and availability.Store secrets in a secure location.Enable threat detection and continuous assessment.
Identity / Audit

Limit permissions and keep records

Identity and permissions are the entry to security. Grant least privilege, elevate temporarily for critical actions, and keep operation records.

Use RBAC and PIM appropriately.Manage secrets with Key Vault.Continuously review audit logs and rules.
Diagram of security and identity
Protect who can do what with least privilege.
Diagram of audit and governance

Audit and governance

Reduce risky configurations and keep things traceable with Policy, RBAC, and audit logs.

Diagram of network defense

Network defense

Narrow the entry, control the path, and segment the interior.