Azure DevSecOps Service: 6 week assessment

Computer Concepts Limited

The Azure DevSecOps Service automates security processes and continuous auditing enabling security being approached proactively within your development lifecycle.

For organisations deploying applications on Azure, speed and agility of development often results in security taking a back seat.

The Azure DevSecOps Service automates security processes and continuous auditing enabling security being approached proactively within your development lifecycle.

The Azure DevSecOps Service comprises 3 key parts:

  • Initial security review: We create a baseline of understanding by using tools to scan, audit and report on the current Azure subscriptions and Azure DevOps. Findings are discussed in a workshop format with key stakeholders, with one outcome to apply any fixes to all identified vulnerabilities.
  • Application development security review: We look at the security of application development using a range of leading toolsets. This includes Threat modeling, Static Code Analysis, Security Verification Tests, Secure Cloud Configurations, IaC, Policy management.
  • Secure Azure SecDevOps review: Delivery of a formal report and presentation outlining high-level recommendations for both quick wins and long-term improvements with identified next steps. This would also involve setting up Secure Development Framework for existing and future projects to adopt and implement.

At the end of an engagement, the client will realise the following benefits:

  • Understand the current security profile of your tenancy and Azure DevOps organisation and your current projects.
  • Post audit, take remedial actions to quickly close vulnerabilities and adopt better secure development processes.
  • Embed this process through workshops that help your organisation adopt their custom security posture.
  • Reduce risk by automating security checking and reporting, allowing you to respond to gaps quickly.

Estimates for the delivery of this service vary based on the complexity of the client organisation, the number of applications and workloads, availability of personnel involved, the ease of availability of information and inputs, and the desired outcomes sought.

https://store-images.s-microsoft.com/image/apps.23478.3d554591-ed1a-44c1-a5af-6bb8947fa1d4.0b887275-280e-4f7f-853c-10fff68c4064.c6e1d283-f92f-45ef-aa58-6ea8d83e9468
https://store-images.s-microsoft.com/image/apps.23478.3d554591-ed1a-44c1-a5af-6bb8947fa1d4.0b887275-280e-4f7f-853c-10fff68c4064.c6e1d283-f92f-45ef-aa58-6ea8d83e9468