Please enable JavaScript.
Coggle requires JavaScript to display documents.
Security Architecture - Coggle Diagram
Security Architecture
Frameworks
Microsoft Security Adoption Framework
Zero Trust Architecture
Verify explicitly
Use least-privileged access
Assume compromise
Secure Identities and Access
Least Privilege
: Grant users only the minimum permissions needed for their tasks.
Use strong authentication controls
: Use Use passwordless authentication. Or enforce MFA for all user access.
Strong Passwords & Password Rotation
: Enforce complex passwords and regular rotation.
Identity Federation
: Use federation for centralized identity management.
Regular Privilege Reviews
: Regularly review and update user permissions.
Use single sign-on (
SSO
) for application access
Separate and limit highly
privileged/administrative
users
Modern Security Operations (SecOps/SOC)
Conduct threat modeling
SAST/DAST/SCA
Enable logging and monitoring in DevOps
Enforce security of workload throughout DevOps lifecycle
Ensure regular automated backups
Infrastructure & Development Security
VAPT & Red Team
Software supply chain security
Network segmentation
Private access point for the resources, including between on-cloud and cloud or between cloud services
Firewall and WAF
Enable DDOS protection at many layers such as VNET or WAF
Detect and disable insecure services and protocols
Ensure Domain Name System (DNS) security, ex: seprate public and private DNS
Data Security & Governance, Risk, Compliance (GRC)
Data Encryption
: Encrypt data at rest and in transit (e.g., SSL/TLS).
Data Classification
: Classify data based on sensitivity and implement appropriate controls.
Access Controls
: Restrict access to data based on the principle of least privilege.
Data Loss Prevention (DLP)
: Implement DLP solutions to prevent sensitive data leaks.
Compliance with Regulations
: Ensure adherence to relevant data privacy regulations (e.g., GDPR, CCPA).
Use
customer-managed key
option in data at rest encryption when required
Use
Key Vault
to secure keys and certificates
IoT and Operational Technology (OT) Security
Use
only approved
services and softwares
Enable threat detection capabilities
Centralize security log management and analysis
Setup incident process
NIST Cybersecurity Framework
Tradeoffs