We have used Secure DevOps Kit for Azure(AzSK) for many of our clients, also have enhanced to meet HIPAA, HITRUST Compliance

The “Secure DevOps Kit for Azure” (referred to as ‘AzSK’ henceforth) is a collection of scripts, tools, extensions, automations, etc. that caters to the end to end Azure subscription and resource security needs for dev ops teams using extensive automation and smoothly integrating security into native dev ops workflows helping accomplish secure dev ops with these 6 focus areas:

  1. Secure the subscription: A secure cloud subscription provides a core foundation upon which subsequent development and deployment activities can be conducted. An engineering team should have the capabilities to deploy and configure security in the subscription including elements such as alerts, ARM policies, RBAC, Security Center policies, JEA, Resource Locks, etc. Likewise, it should be possible to check that all settings are in conformance to a secure baseline.
  2. Enable secure development: During the coding and early development stages, developers should have the ability to write secure code and to test the secure configuration of their cloud applications. Just like build verification tests (BVTs), we introduce the concept of security verification tests (SVTs) which can check for security of various resource types in Azure.
  3. Integrate security into CICD: Test automation is a core tenet of devops. We emphasize this by providing the ability to run SVTs as part of the VSTS CICD pipeline. These SVTs can be used to ensure that the target subscription used to deploy a cloud application and the Azure resources the application is built upon are all setup in a secure manner.
  4. Continuous Assurance: In the constantly changing dev ops environment, it is important to move away from the mindset of security being a milestone. We have to treat security as a continuously varying state of a system. This is made possible through capabilities that enable continuous assurance using a combination of automation runbooks, schedules, etc.
  5. Alerting & Monitoring: Visibility of security status is important for individual application teams and also for central enterprise teams. We provide solutions that cater to the needs of both. Moreover, the solution spans across all stages of dev ops in effect bridging the gap between the dev team and the ops team from a security standpoint through the single, integrated views it generates.
  6. Cloud Risk Governance: Lastly, underlying all activities in the kit is a telemetry framework that generates events capturing usage, adoption, evaluation results, etc. This allows us to make measured improvements to security targeting areas of high risk and maximum usage before other

The Secure DevOps Kit Git repo has moved to a new location.
Please go here for source: https://github.com/azsk/DevOpsKit and here for docs: https://github.com/azsk/DevOpsKit-docs

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

About Us

Ismile Technologies is a worldwide IT administrations organization that represents considerable authority in planning, executing, and overseeing frameworks that legitimately add to income and business achievement.

We assist organizations with receiving troublesome advances to propel development and increment readiness.

Our profoundly gifted specialized groups function as a coordinated expansion of our customers' associations to convey persistent change and continuous operational greatness.

sales@ismiletechnologies.com

USA
+1 (732) 347-6245 
241 Jonathan Way
Bolingbrook, IL  60490

INDIA
2-3-285, Secunderabad
Hyderabad 500003

CANADA
3191 Stocksbridge Ave
Oakville, ON L6M 0A7