Security patterns

By Michael Howard, Simone Curzi, Heinrich Gantenbein
6/26/2023

Contents

What is a pattern?
Our take on Azure security patterns
Authentication pattern
Authorization patterns
Secrets management patterns
Sensitive information management patterns
Availability pattern
Summary

Our take on Azure security patterns

Azure uses design patterns extensively. You can find them almost everywhere such as when dealing with data protection at rest, implementing user authentication, and too many other scenarios to include here. Instead of reinventing the wheel, Azure adopts the same patterns and sometimes even the same services to provide critical capabilities and address common problems.

It is essential to know Azure’s security patterns because they represent the best way to address common security problems. They may even enable you to design secure solutions without adopting more sophisticated approaches, like threat modeling, discussed in Chapter 4, “Threat modeling.” This chapter introduces some of these patterns and includes the following information about each one:

The name of the pattern
The intent of and motivation behind the pattern
A description of the pattern
Examples of the pattern’s implementation in Azure
Related security principles (discussed in Chapter 2, “Secure design”)
Related patterns

Furthermore, the patterns are split into categories to simplify their identification:

Authentication These patterns deal with the authentication of the counterparts of an interaction.
Authorization These patterns focus on controlling access to resources.
Secrets management These patterns deal with how the solution manages the secrets.
Sensitive information management These patterns focus on how to manage sensitive information.
Availability These patterns deal with ensuring that resources are accessible by legitimate users.

In the following pages, we describe a few patterns, sorting them by alphabetical order within each category. This is not an exhaustive list by any means. It simply includes some of the most common patterns we have seen in our practice that focus solely on solution design. This chapter does not cover implementation and deployment patterns, like those related to the supply chain. Considerations that relate to those patterns are covered elsewhere in the book, in Chapter 9, “Secure coding.” By discussing some of the most important patterns here and clearly stating why you need to adopt them, we aim to provide you with a consistent view.

Once you know about patterns and their importance in Azure, you might be able to identify other patterns in the services you use. This understanding of design decisions empowers you to design better solutions by adopting the same concepts and by using Azure Services correctly.

THE AZURE WELL-ARCHITECTED FRAMEWORK

Microsoft has published a set of guidelines on implementing sound architectures on Azure. These guidelines are available as part of the Azure Well-Architected Framework, which is available here: https://azsec.tech/dm8. These guidelines cover multiple aspects of implementing architectures, including reliability, security, cost optimization, operational excellence, performance efficiency, workloads, and services. For our purposes, the section on security is the most interesting. It covers topics like governance, landing zones, identity and access management, and much more. Many concepts within the Azure Well-Architected Framework can be mapped to the design patterns discussed in this chapter, but it goes well beyond our scope. Therefore, our recommendation is to take a look at it.

Save to your account