Secure DevOps Kit for Azure(AzSK)

We have used Secure DevOps Kit for Azure(AzSK) for many of our clients, also have enhanced to meet HIPAA, HITRUST Compliance

The “Secure DevOps Kit for Azure” (referred to as ‘AzSK’ henceforth) is a collection of scripts, tools, extensions, automations, etc. that caters to the end to end Azure subscription and resource security needs for dev ops teams using extensive automation and smoothly integrating security into native dev ops workflows helping accomplish secure dev ops with these 6 focus areas:

  1. Secure the subscription: A secure cloud subscription provides a core foundation upon which subsequent development and deployment activities can be conducted. An engineering team should have the capabilities to deploy and configure security in the subscription including elements such as alerts, ARM policies, RBAC, Security Center policies, JEA, Resource Locks, etc. Likewise, it should be possible to check that all settings are in conformance to a secure baseline.
  2. Enable secure development: During the coding and early development stages, developers should have the ability to write secure code and to test the secure configuration of their cloud applications. Just like build verification tests (BVTs), we introduce the concept of security verification tests (SVTs) which can check for security of various resource types in Azure.
  3. Integrate security into CICD: Test automation is a core tenet of devops. We emphasize this by providing the ability to run SVTs as part of the VSTS CICD pipeline. These SVTs can be used to ensure that the target subscription used to deploy a cloud application and the Azure resources the application is built upon are all setup in a secure manner.
  4. Continuous Assurance: In the constantly changing dev ops environment, it is important to move away from the mindset of security being a milestone. We have to treat security as a continuously varying state of a system. This is made possible through capabilities that enable continuous assurance using a combination of automation runbooks, schedules, etc.
  5. Alerting & Monitoring: Visibility of security status is important for individual application teams and also for central enterprise teams. We provide solutions that cater to the needs of both. Moreover, the solution spans across all stages of dev ops in effect bridging the gap between the dev team and the ops team from a security standpoint through the single, integrated views it generates.
  6. Cloud Risk Governance: Lastly, underlying all activities in the kit is a telemetry framework that generates events capturing usage, adoption, evaluation results, etc. This allows us to make measured improvements to security targeting areas of high risk and maximum usage before other

The Secure DevOps Kit Git repo has moved to a new location.
Please go here for source: https://github.com/azsk/DevOpsKit and here for docs: https://github.com/azsk/DevOpsKit-docs

Marketing Lead

Ismile Technologies is looking for someone to join our Sales and Marketing team as a Marketing Lead !   We are looking for a Marketing head who will lead all our marketing activities

Read More »

Inside Sales Manager

Ismile Technologies is looking for someone to join our Sales and Marketing team as a Inside Sales! Are you passionate about pursuing new sales prospects, negotiating deals and maintaining customer

Read More »

Contact us for a quote, help, or to join the team.

email

service@iSmileTechnologies.com

phone

(732) 347-6245

About Us

iSmile Technologies is a global technology services company.

service@iSmileTechnologies.com
(732) 347-6245

USA

+1 (732) 347-6245
241 Jonathan Way
Bolingbrook, IL 60490

INDIA

2-3-285, Secunderabad Hyderabad 500003

CANADA

3190 Stocksbridge Ave
Oakville, ON L6M 0A7