Hardening Your Application Insights on Azure: A Comprehensive Guide to Securing Cognitive Services

Description

Application Insights is a feature of Azure Monitor that provides extensible application performance management (APM) and monitoring for live web apps. Developers and DevOps professionals can use it. Application Insights to:

  • Automatically detect performance anomalies.  
  • Help diagnose issues by using powerful analytics tools.  
  • See what users do with apps.  
  • Help continuously improve app performance and usability.  

Application Insights Features:

  • Supports various platforms, including .NET, Node.js, Java, and Python.  
  • Works for apps hosted on-premises, hybrid, or on any public cloud.  
  • Integrates with DevOps processes.  
  • Has connection points to many development tools.  
  • Can monitor and analyze telemetry from mobile apps by integrating with Visual Studio.

BASELINE CONFIGURATION

Config Name Description Solution GE Control ID
RG Resource Group requirement Must use same region for resource, resource group and subscription Standard EA
Network Type Access to the service Must opt NO for "Accept data ingestion& Query from public networks not connected through a Private Link Scope" SEC 1.2
Data Encryption Send data Securely To ensure security of data transit to Azure Monitor. With an enforce to configure the agent to use at least TLS 1.2 SEC 7.2
Authentication/Authorization Authenticate to console services and data sources using Azure native security services Authenticating of services using AAD IAM RBAC SEC 2.1
Keys API keys stored in keys Vault as secrets You can either create your own keys or store them in a key vault APIs to generate keys. SEC 4.1
Logging Collect platform logs and operation logs. Logs must be stored in Gas Power Cyber approved logging destination: central analytics workspace in 328-gp-azr-ops SEC 3.11

Tagging Considerations

Policy Name Description Solution
UAI tag All speech services must be tagged with a valid UAI - Example: Key: uai
- Value: uai1234567
- Use lower case name and value
Env tag All speech services must be tagged with a tag corresponding to the application environment - Example: Key : env, Value: prd
- For Valid envs see item 5.2 in cloud controls document
- Use lower case name and value
Appname tag Must tagged with application short name where applicable - Example: Key: appname
- Value: ABC123

Resource Standards and Policies

Config Name Description Solution
Naming convention Resource follows standard naming convention Apply naming standards based on the following guidelines
Naming & Tagging Standards

Ready to experience the full power of cloud technology?

Our cloud experts will speed up cloud deployment, and make your business more efficient.  

Network Considerations

Config Name Description Solution
Standard network Configuration Standard vnet, subnet, NSG configuration applied See network baseline config for more information.
Private endpoints Deny public internet access Ensure that key vault is accessible only over Stakeholder private network

Identity and Access Management

Config Name Description Solution Mandated/Optional IAM Policy CF Template
IAM RBAC Configuration Standard RBAC roles defined for speech service and assigned to users See Stakeholder’s approved baseline configuration for more information Mandated

Operational Considerations

Config Name Description Solution
API Key rotation Keys should be rotated periodically. Generate Keys regularly and store keys in Key Vaults
Backup and Recovery Ensure Regular automated Backups Follow standards to backup

ISmile Technologies brings its managed cloud security services to your defence. We help you reimagine cloud security by building it into the foundation of your company. In this way it can meet your business’s evolving needs cost-effectively as a fully managed, consumption-based, as-a-service model, ensuring advanced security. Schedule a free assessment today.

CLOUD Engineer

Gopi Krishna

I’m working as Cloud DevOps Engineer. Expertise in technologies of Kubernetes, cloud services and cloud-native services, and DevOps technologies in various clouds.

Register a Free Cloud ROI Assessment Workshop

Register a Free Cloud ROI Assessment Workshop

Get a Detailed assessment report with recommendations with an assessment report

Schedule free Workshop
Register a Free Cloud ROI Assessment Workshop
Register a Free Cloud ROI Assessment Workshop

Liked what you read !

Please leave a Feedback

0 0 votes
Article Rating
guest
0 Comments
Inline Feedbacks
View all comments

Related articles you may would like to read

How can Docker Containerization Help in Reducing CICD Deployment Costs
0
Would love your thoughts, please comment.x
()
x
Proposals

Know the specific resource requirement for completing a specific project with us.

Blog

Keep yourself updated with the latest updates about Cloud technology, our latest offerings, security trends and much more.

Webinar

Gain insights into latest aspects of cloud productivity, security, advanced technologies and more via our Virtual events.

ISmile Technologies delivers business-specific Cloud Solutions and Managed IT Services across all major platforms maximizing your competitive advantage at an unparalleled value.

Request a Consultation