Cloud, Security and Technology

2020 is coming upon us, and it's time to reflect on my 2019 predictions I made, and look forward to this coming year with another technology prediction. So let's get started - first off - a lookback to see  progress in the areas I outlined, possibly no earth shattering results, but progress.  2019 retrospective - New UX - probably not as much evolution as I would have wanted to see in this area. For now, we use windows, android, IOS, and it's pretty much the same UX as it's been for a while. IoT the simple assistant - IoT continues to be the hot area of growth. I consider this more evolution than revolution. As we see IoT based technology being embedded into more and more devices. Cloud growth advances in   astonishing speeds - This past year all three cloud providers made strides in the cloud worth noticing.  AWS entered the quantum computing market with Bracket, introduced an in-house  S

The update to the Secured Workstations Reference Architecture was released this week, and reflects the addition of several Key updates include - Here's the new content in summary: Setting up WAF blocking all outbound connections This is an interesting section that was provided by a colleague who helped define a set of white-listed URL's and by design block all other traffic. I'd note this is a benchmark of URL's you can use and block when managing Azure.   Improved conditional access Conditional access is also important to ensure that workstation is the only way you manage your Azure subscription. The addition addresses the limitation of managing your cloud from ONLY a secure workstation, and prevent legacy protocols that may not be as secure. Setting up ATP, sentinel for monitoring Detecting and monitoring your network with the newly minted Azure SIEM. Sentinel offers a great way to agriggate your detection platform. This also provides a good means to co

Two months ago I introduced the Azure secure workstation, and I’ve had the privilege to present the ideal to some great audiences. From the discussions, a common question I’ve been asked is a pattern that would provide the Secured PAW model lock down scenario to exclusively manage an Azure Portal (EG how to I assure only secured workstation, and users assigned to the program can manage my cloud services)? In this article I’ll provide the NEXT step to accomplish exactly that outcome. This includes additional configurations that I only lightly covered, or net new technology to apply since the publishing of the doc. Proposed outcome “ How do I” Use a Secured workstation (that I can trust) to manage my Azure cloud. Here’s how I would deploy the solution. First I will start by deploying the Secured Workstation model this using the secured profile. New technology, and capabilities to add: Hardware root of trust – in our solution we post the idea that you can

A Shared responsibility journey requires that you consider how you use the cloud. A while back I discussed the need to make sure you understand the responsibility you share with your cloud provider and consider that in cloud your responsibility to mange your services changes based on the cloud model your considering. IaaS, and PaaS you need to look at protecting network, and applications, which requires that you build with SDL in mind. In all services you need to ensure you design and implement good authentication, and authorization. This can at times be as simple as enabling 2FA.  In the blogs I've published I've noted that the device you use to connect to your services also needs to be designed and configured correctly. This includes your development workstations, and administrative clients. This is essential since there is very little guarantee that the device you use is already owned, and managed by an hacker.  If your lucky they will only mess with your workstation