In order to keep all services safe from outside threats, MobileTrack has decided to implement a Zero Trust security model on Azure. This model is based on the principle of "never trust, always verify," and it requires strict identity verification and access controls for all users and devices attempting to connect to the network. By implementing Zero Trust on Azure, MobileTrack can better protect its data, applications, and infrastructure from cyberattacks and other security threats.
Role-Based Access control: All resources are only allowed least-privileged access resources they need to function using user-assigned managed identities.
For Kubernetes, this is handled via a federated identity on the user-assigned managed identity.
The software engineers of MobileTrack have access to the testing resources from their own laptops,
using their Microsoft Entra ID account to authenticate. However, IP-address filters are applied to make sure they can only access the testing environment from their home or the office,
and production resources are only accessible from the office for emergency situations.
On production, only 2 IT workers have access to the production environment's inner ssytem, but only when logged in from the office. All resources are locked to prevent accidental deletions/editing, and the database is read-only for these administrators.
Whenever any administrator needs access to the resource group for maintenance or inspection, all actions will have to be manually logged and approved by another administrator.
We use the following security measures on Azure itself:
By leveraging these Azure services and adhering to Zero Trust principles, organizations can significantly enhance their security posture and better protect their assets in a dynamic threat landscape.