Azure Security Architecture Assessment - 3 weeks

CGI Inc.

Have confidence that your Azure tenant’s security posture meets your business needs with our security architecture and implementation assessment.

CGI is a leading provider of cybersecurity services to both government and industry clients, backed by a 30 years of quality service delivery.

CGI provides Microsoft Azure Security Architecture Assessments leveraging Microsoft Defender for Cloud as a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) tools. These posture management features provide hardening guidance to improve security and visibility into your current security situation. Defender for Cloud offers security alerts that are powered by Microsoft Threat Intelligence. It also includes a range of advanced, intelligent, protections for your workloads. The workload protections are provided through Microsoft Defender plans specific to the types of resources in your subscriptions.

Defender for Cloud is used to detect threats across Azure PaaS services including Azure App Service, Azure SQL, Azure Storage Account, and data services. Defender for Cloud includes capabilities that help automatically classify data in Azure SQL, including assessments for potential vulnerabilities across Azure SQL and Storage services, and recommendations for how to mitigate them. The list of recommendations is enabled and supported by the Azure Security Benchmark. This Microsoft-authored, Azure-specific, benchmark provides a set of guidelines for security and compliance best practices based on common compliance frameworks. Defender for Cloud groups the recommendations into security controls and adds a secure score value to each control.

Azure Security Benchmarks and service baselines are used to define your configuration baseline for each respective Azure offering or service. The Azure Security Benchmark focuses on cloud-centric control areas. These controls are consistent with well-known security benchmarks, such as those described by the Center for Internet Security (CIS) Controls, National Institute of Standards and Technology (NIST), and Payment Card Industry Data Security Standard (PCI-DSS), and other regulatory frameworks as appropriate for the client's business requirements.

The Azure Security Benchmark (ASB) provides prescriptive best practices and recommendations to help improve the security of workloads, data, and services on Azure. This benchmark is part of a set of holistic security guidance that also includes:

  • Azure Cloud Adoption Framework: Guidance on security, including strategy, roles and responsibilities, Azure Top 10 Security Best Practices, and reference implementation
  • Azure Well-Architected Framework: Guidance on securing your workloads on Azure
  • Microsoft Security Best Practices: Recommendations with examples on Azure
  • Microsoft Cybersecurity Reference Architectures (MCRA): Visual diagrams and guidance for security components and relationships

Azure Security Benchmarks provide guidelines for the following Control Domains:

  • Network Security
  • Identity Management
  • Privileged Access
  • Data Protection
  • Asset Management
  • Logging and threat detection
  • Incident Response
  • Posture and Vulnerability Management
  • Endpoint security
  • Backup and recovery
  • DevOps Security
  • Governance and Strategy

CGI will generate a secure score for your subscriptions based on an assessment of your connected resources compared with the guidance in Azure Security Benchmark and use the score to understand your security posture, and the compliance dashboard to review your compliance with the built-in benchmark. When you've enabled the enhanced security features, you can customize the standards used to assess your compliance, and add other regulations (such as NIST and Azure CIS) or organization-specific security requirements.

CGI leverage the Azure Reference Architecture and Cloud Adoption Framework Landing Zone Architecture for critical security controls and configurations across Azure resources.

Note: Pricing and duration will vary based on the scope, scale, and complexity of client's requirement