{"id":11047,"date":"2017-09-26T15:09:50","date_gmt":"2017-09-26T22:09:50","guid":{"rendered":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?p=11047"},"modified":"2023-06-11T16:21:43","modified_gmt":"2023-06-11T23:21:43","slug":"building-cloud-apps-using-the-secure-devops-kit-for-azure","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/insidetrack\/blog\/building-cloud-apps-using-the-secure-devops-kit-for-azure\/","title":{"rendered":"Building cloud apps using the Secure DevOps Kit for Azure"},"content":{"rendered":"<div class=\"m-alert f-error\" role=\"alert\">\n<div>\n<div class=\"c-glyph glyph-incident-triangle\" aria-label=\"Error message\"><\/div>\n<p class=\"c-paragraph\">This content has been archived, and while it was correct at time of publication, it may no longer be accurate or reflect the current situation at Microsoft.<\/p>\n<\/div>\n<\/div>\n<p>Microsoft is embracing the cloud and we\u2019re adopting agile methodology\u2014DevOps\u2014for cloud app development. This transition has challenged traditional security methods. To build security into our agile development process and provide a baseline for security in cloud apps, we created the Secure DevOps Kit for Azure. It offers tools and best practices for building security into every stage of cloud app development.<\/p>\n<p>Core Services Engineering (CSE, formerly Microsoft IT) created the Secure DevOps Kit for Azure to help build security best practices into enterprise cloud application development and operations. The kit contains automation, extensions, plugins, templates, modules, and other tools that seamlessly add security to cloud applications during development process. Additionally, the kit helps our engineering teams save time and money, increase security awareness in Azure, and create a simpler, more structured, and consistent security environment in the CSE Azure app infrastructure.<\/p>\n<h2>Adopting modern engineering with DevOps<\/h2>\n<p>CSE has been on a steady journey to the cloud over the last few years. In fact, we plan to have 90 percent of our IT resources hosted in the cloud as of July 2017. Continual progress in cloud technology and cloud security readiness allows us to migrate to Microsoft Azure and come closer to our cloud-first, mobile-first transformation strategy.<\/p>\n<p>During this period, our engineering teams have adopted modern practices and a DevOps-centric culture, using the cloud as the default platform for IT solutions. DevOps has brought our development and operations teams together and started a grassroots movement that has led to this new, agile culture. Together, we create innovative solutions using cloud technologies with a goal to deliver continuous, rapid, and incremental value to business.<\/p>\n<h3>Understanding the security challenges of DevOps<\/h3>\n<p>The digital transformation to DevOps in unison with our move to the cloud hasn\u2019t been without challenges for enterprise security. DevOps in the cloud changes the IT ecosystem in ways that significantly affect security. We questioned the future relevance of how we had traditionally developed and managed IT security and risk management, and it became clear to us early on that enterprise security also needed to transform for a smooth and complete transition. There were several challenges to consider, including:<\/p>\n<ul class=\"c-list\">\n<li><strong>Engineering teams have increased autonomy.<\/strong>\u00a0In the past, engineering teams waited weeks or months for development resources. Now that IT no longer provisions development environments, we don\u2019t have a significant impact on scheduling or capital expense. With DevOps in the cloud, autonomy and decentralization allows engineering teams to work end to end with almost complete independence from IT. Engineering teams can instantly provision test environments, and solutions can be deployed and published with an Azure subscription at whatever pace suits the team and business stakeholders. Traditional security methods hinder this agility.<\/li>\n<li><strong>More development technologies are available.<\/strong>\u00a0Developing in the cloud opens up a huge opportunity for connecting different platforms and frameworks, but as flexibility has increased, so has the number of APIs and services used to make those connections. The cloud app development environment is more complex, and maintaining security in that environment using traditional methods is also more complex\u2014and sometimes isn\u2019t possible.<\/li>\n<li><strong>Constant change is the norm.<\/strong>\u00a0With the shift to agile sprints and DevOps, constant change is the norm. The platform components on which applications run keeps changing, improving, and growing\u2014often at a cadence dictated by individual Azure service teams. On top of that, dedicated business unit application teams regularly add new functionality and improve existing functionality following the agile philosophy of incremental but continuous improvement. Traditional security and the associated tollgate procedures aren\u2019t designed for such continuous change.<\/li>\n<li><strong>DevOps has wide-ranging operational responsibilities.<\/strong>\u00a0In the DevOps era, there isn\u2019t a hard boundary between development and operations. The engineer who developed a feature is also responsible for the operational aspects of the feature. Operational considerations, including security, are a high priority for the development team in a DevOps culture.<\/li>\n<\/ul>\n<h3>Addressing DevOps security challenges<\/h3>\n<p>Faced with these DevOps security challenges, we set out to determine how security could be managed in a DevOps ecosystem. We wanted to change our thinking, methods, and tools to adapt to a development environment and culture that was in harmony with the nuances inherent in cloud DevOps. To do this, we adopted a number of imperatives.<\/p>\n<h4>Automate security<\/h4>\n<p>Automation gives us a chance to keep pace with the constantly changing cloud environment. DevOps is heavily centered on end-to-end automation, and we need to complement it with automated security. Automated security saves significant time and cost for apps that update much more often than their traditional counterparts, and it allows us to ensure that security configuration and deployment in DevOps can be achieved quickly and consistently.<\/p>\n<h4>Empower engineering teams<\/h4>\n<p>In an environment where change is constant, we want to empower our engineering teams to make meaningful, consistent changes without a tedious approval process. Our engineers need to be able to build security into their applications from the start. We need security integrated into the DevOps workflow. Developers don\u2019t have to take extra measures to be secure, nor do they need to wait for a central security team to approve an app.<\/p>\n<h4>Maintain continuous assurance<\/h4>\n<p>When development and deployment are continuous, everything that goes with them needs to follow suit, including security assurance. The age-old requirements for sign-offs or compliance checks create tension in the modern engineering environment. We want to define a security state and track drift from that state to maintain a consistent level of security assurance across the entire environment. This helps ensure that builds and deployments that are secure at the time they are delivered, stay secure from one release iteration to the next and beyond.<\/p>\n<h4>Set up operational hygiene<\/h4>\n<p>We need to have a clear view of our DevOps environment to ensure that operational hygiene is in place. In addition to understanding operational risks in the cloud, DevOps operational hygiene in the cloud requires a different perspective than the traditional development environment. We need to create the ability to see the security state across DevOps stages and establish capabilities to receive security alerts and reminders for important periodic activities.<\/p>\n<h2>Understanding the Secure DevOps Kit for Azure<\/h2>\n<p>The Secure DevOps Kit for Azure is a set of automation, extensions, plugins, templates, modules, and other tools that combine to offer a security-focused development workflow for our DevOps engineering teams working in the cloud. The goal of the kit is to empower our teams to build and use Azure-based solutions in a consistent, repeatable, and efficient manner with security integrated at every stage.<\/p>\n<p>Figure 1 shows how the six main tools in the DevOps toolkit work together to support secure development in the cloud.<\/p>\n<p>&nbsp;<\/p>\n<figure id=\"attachment_11049\" aria-describedby=\"caption-attachment-11049\" style=\"width: 964px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-11049 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/7452-fig1.jpg\" alt=\"Six main tools in the DevOps toolkit support secure development in the cloud, described next.\" width=\"964\" height=\"578\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/7452-fig1.jpg 964w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/7452-fig1-300x180.jpg 300w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/7452-fig1-768x460.jpg 768w\" sizes=\"(max-width: 964px) 100vw, 964px\" \/><figcaption id=\"caption-attachment-11049\" class=\"wp-caption-text\">Figure 1. The Secure DevOps Kit for Azure tools and processes<\/figcaption><\/figure>\n<p>The Secure DevOps Kit for Azure is designed to approach cloud development security in the following areas:<\/p>\n<ul class=\"c-list\">\n<li><strong>Subscription security.<\/strong>\u00a0This ensures that a subscription is configured and provisioned with necessary security controls.<\/li>\n<li><strong>Secure development.<\/strong>\u00a0This provides the ability to write secure code and spot check secure configuration of cloud resources.<\/li>\n<li><strong>Continuous integration and continuous deployment (CI\/CD) extensions.<\/strong>\u00a0These integrate security testing into CI\/CD workflows.<\/li>\n<li><strong>Continuous assurance.<\/strong>\u00a0This ensures that the security state stays compliant and doesn\u2019t drift over time.<\/li>\n<li><strong>Alerting and monitoring capabilities.<\/strong>\u00a0These check for security events and provide an effective remediation path for subscription and application security issues.<\/li>\n<li><strong>Telemetry dashboards.<\/strong>\u00a0These get aggregate views of security patterns and trends to make concerted improvements.<\/li>\n<\/ul>\n<h3>Breaking down the Secure DevOps Kit for Azure<\/h3>\n<p>To help you understand the nature of the DevOps Kit for Azure, we\u2019ve broken the toolset into six main categories. These components will help facilitate secure development in your Azure environment.<\/p>\n<h4>Subscription security<\/h4>\n<p>The subscription security component is a package of scripts and programs that help ensure secure provisioning, configuration, and administration of an Azure subscription. Using these capabilities, you can set up and configure a compliant, secure subscription from the very start and have a solid foundation upon which to develop, deploy, and run secure solutions. You can also check the subscription configuration to see if various settings are compliant to an expected level. The primary tools in subscription security include:<\/p>\n<ul class=\"c-list\">\n<li><strong>Health check script.<\/strong>\u00a0The subscription health check script runs automated steps to examine a subscription and flag conditions that indicate your subscription may be at risk due to security issues, misconfigurations, or obsolete settings.<\/li>\n<li><strong>Provisioning script.<\/strong>\u00a0The provisioning script is a master script, which coordinates several smaller components that work together to provision a DevOps Kit environment. These components include:\n<ul class=\"c-list\">\n<li>Mandatory role-based access control accounts for important functions.<\/li>\n<li>High-level alerts for critical or severe security events.<\/li>\n<li>Azure Resource Manager policies that help secure otherwise insecure actions.<\/li>\n<li>Default enterprise policy settings for Azure Security Center.<\/li>\n<li>Security contact information.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h4>Secure development<\/h4>\n<p>The secure development components help ensure that security is integrated into the day-to-day development process. The primary components include:<\/p>\n<ul class=\"c-list\">\n<li><strong>Security Verification Tests.<\/strong>\u00a0These tests automatically verify most built-in security controls for common Azure services such as App Services, Azure Storage, Azure SQL Database, Azure Key Vault, or Azure Virtual Machines.<\/li>\n<li><strong>Security IntelliSense.<\/strong>\u00a0This feature augments traditional IntelliSense with secure coding best practices and offers corrections, tips, and guidelines while a developer writes code. The secure coding rules covered vary from Azure platform as a service (PaaS) APIs to traditional web application security and cryptography best practices.<\/li>\n<\/ul>\n<h4>Security in CI\/CD<\/h4>\n<p>Build\/Release Tasks for CI\/CD workflows allow us to check subscription and resource security during automated build\/deployment flows. These workflows integrate security coverage within the Visual Studio Team Services (VSTS) CI\/CD pipeline via VSTS build\/release extensions for security verification tests and other security tools.<\/p>\n<h4>Continuous assurance<\/h4>\n<p>Continuous assurance prevents security state drift, helps to stay current with Azure security feature improvements. It also encourages adherence to security best practices such as key rotation and separation of duties. The tools in this section include:<\/p>\n<ul class=\"c-list\">\n<li>Azure Automation runbooks that identify and correct security configuration drift.<\/li>\n<li>Azure Resource Manager templates used to securely deploy pre-configured Azure resources.<\/li>\n<li>A set of PowerShell scripts to create the Automation account, apply the templates, and install and configure the Runbooks.<\/li>\n<\/ul>\n<h4>Alerting and monitoring<\/h4>\n<p>The alerting and monitoring solution for the DevOps Kit uses Operations Management Suite (OMS) to offer a central dashboard where teams can view the security state and trends for their Azure subscriptions and applications, as reported by the different components of the kit. The OMS solution is created from an Azure Resource Manager template that builds all the necessary components needed for security state monitoring. The OMS views include:<\/p>\n<ul class=\"c-list\">\n<li>Summary views of critical tasks that need immediate attention.<\/li>\n<li>Outcomes of the most recent continuous assurance scans.<\/li>\n<li>Summary of recent role-based access control activity (important role assignments, access revocation, and others).<\/li>\n<li>Trends of various security metrics and activity over time.<\/li>\n<li>Common useful queries for alerting, and other activities.<\/li>\n<li>Pre-configured alerts in OMS.<\/li>\n<li>Runbooks for auto-healing when certain alerts are triggered.<\/li>\n<\/ul>\n<h4>Cloud risk governance<\/h4>\n<p>The Secure DevOps Kit generates telemetry events from all stages that use automation, scripts, or extensions. The telemetry is routed to an Application Insights account where it\u2019s processed through web jobs that integrate organization mapping information and then viewed on a Power BI dashboard. The telemetry supports a data-driven approach to agile development and DevOps by allowing us to make measured and accurate security improvement decisions in a continuous fashion. Cloud risk governance focuses on three primary views:<\/p>\n<ul class=\"c-list\">\n<li>We can see adoption and usage of the DevOps Kit across the enterprise. These views give us a picture of the company\u2019s secure DevOps maturity in the cloud.<\/li>\n<li>We can view aggregate cloud-related risks across service lines. Aggregation of control failures for different cloud resource types helps us understand which areas of cloud use are leading to higher risk exposure for the company due to vulnerable configuration. This information can be used to target risk reduction.<\/li>\n<li>We get visibility into common errors and challenges that developers face while using the kit. Information about errors and exceptions helps the Secure DevOps Kit team improve features and the user experience.<\/li>\n<\/ul>\n<h2>Using the Secure DevOps Kit in CSE<\/h2>\n<p>We\u2019ve encouraged adoption of the Secure DevOps Kit within CSE for any of our business groups working in Azure. One such team is Field Mobility and Cloud Services (FMCS). The FMCS team, consisting of 200 developers, supports approximately 120 apps hosted in Azure. As part of the transition to DevOps, FMCS uses the Secure DevOps Kit to incorporate secure cloud development practices in the application life cycle. They have realized several benefits:<\/p>\n<ul class=\"c-list\">\n<li><strong>Reduced development time and money.<\/strong>\u00a0The Secure DevOps Kit puts security best practices and tools at our fingertips. It saves our developers the time and effort of researching, cataloging, and implementing Azure security practices manually, and it provides a set of consistent security practices for them to follow.<\/li>\n<li><strong>Higher awareness of security.<\/strong>\u00a0Because the Secure DevOps Kit builds security automation and best practices into the development process, our engineers are aware of security requirements and capabilities from the beginning of a project. Security has become an integral piece of the development process, rather than something that\u2019s scrutinized near the end of the development cycle and might require significant re-work of solution components.<\/li>\n<li><strong>Easier transition to DevOps.<\/strong>\u00a0FMCS is in the midst of transitioning to DevOps, and the Secure DevOps Kit has simplified that transition. By incorporating security automation in our toolset, we know that security is built in to the entire life cycle.<\/li>\n<li><strong>Simple processes for checking existing solutions.<\/strong>\u00a0We\u2019ve used the manual Service Validation and Testing (SVT) processes several times with existing projects to confirm that Azure security configuration is correct.<\/li>\n<li><strong>Convenient assurance checks and problem resolution.<\/strong>\u00a0The OMS dashboards in the Secure DevOps Kit enable us to view security assurance across our app portfolio and see where attention is needed. The alert package helps us ensure that Azure resources security configuration drift is kept in check.<\/li>\n<\/ul>\n<h2>Planning for the future<\/h2>\n<ul class=\"c-list\">\n<li><strong>Adoption schedule for CSE.<\/strong>\u00a0At present, the Secure Dev Ops Kit has been used in over 25 percent of Microsoft IT Azure subscriptions. Our goal is to push adoption to over 75 percent by September 2017 and close to 100 percent by December 2017. So far, much of the adoption has been through our security governance program for applications that process critical company data. However, we\u2019re increasingly encouraging teams to do due diligence on security regardless of data classification. We also want to drive teams to onboard continuous assurance features more rapidly to ensure sustained security in production environments.<\/li>\n<li><strong>External requests.<\/strong>\u00a0The Secure DevOps Kit for Azure is available for external customers who may be interested in using our approach and tools to accelerate Azure adoption. Download the Secure DevOps Toolkit for Azure from Github:<br \/>\n<a class=\"c-hyperlink\" href=\"http:\/\/aka.ms\/azsdkossdocs\" target=\"_blank\" rel=\"noopener\" aria-label=\"Read more about http:\/\/aka.ms\/azsdkossdocs\">http:\/\/aka.ms\/azsdkossdocs<\/a><\/li>\n<li><strong>Feature expansion.<\/strong>\u00a0We\u2019re working on a few features to help accelerate adoption. Future enhancements include the ability to remember user attestation for failed controls and the ability to allow access for other downstream systems through event hubs or webhooks.<\/li>\n<\/ul>\n<p><code><!--Hiding for more info section<\/h3>\n\n\n\n\n<ul class=\"c-list\">\n \t\n\n<li><a href=\"https:\/\/azure.microsoft.com\/en-us\/resources\/videos\/\" target=\"_blank\" rel=\"noopener\">Getting started with the Secure DevOps Kit for Azure<\/a><\/li>\n\n\n<\/ul>\n\n\n--><\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This content has been archived, and while it was correct at time of publication, it may no longer be accurate or reflect the current situation at Microsoft. Microsoft is embracing the cloud and we\u2019re adopting agile methodology\u2014DevOps\u2014for cloud app development. This transition has challenged traditional security methods. To build security into our agile development process [&hellip;]<\/p>\n","protected":false},"author":146,"featured_media":11364,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"_hide_featured_on_single":false,"_show_featured_caption_on_single":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[1],"tags":[],"coauthors":[674],"class_list":["post-11047","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","m-blog-post"],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Building cloud apps using the Secure DevOps Kit for Azure - Inside Track Blog<\/title>\n<meta name=\"description\" content=\"Microsoft is embracing the cloud and we\u2019re adopting agile methodology\u2014DevOps\u2014for cloud app development. This transition has challenged traditional security methods. To build security into our agile development process and provide a baseline for security in cloud apps, we created the Secure DevOps Kit for Azure. It offers tools and best practices for building security into every stage of cloud app development.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/building-cloud-apps-using-the-secure-devops-kit-for-azure\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Building cloud apps using the Secure DevOps Kit for Azure - Inside Track Blog\" \/>\n<meta property=\"og:description\" content=\"Microsoft is embracing the cloud and we\u2019re adopting agile methodology\u2014DevOps\u2014for cloud app development. This transition has challenged traditional security methods. To build security into our agile development process and provide a baseline for security in cloud apps, we created the Secure DevOps Kit for Azure. It offers tools and best practices for building security into every stage of cloud app development.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/building-cloud-apps-using-the-secure-devops-kit-for-azure\/\" \/>\n<meta property=\"og:site_name\" content=\"Inside Track Blog\" \/>\n<meta property=\"article:published_time\" content=\"2017-09-26T22:09:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-11T23:21:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2017\/09\/7452-hero1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1040\" \/>\n\t<meta property=\"og:image:height\" content=\"585\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Inside Track \u2013 retired stories\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Inside Track \u2013 retired stories\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/building-cloud-apps-using-the-secure-devops-kit-for-azure\/\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/building-cloud-apps-using-the-secure-devops-kit-for-azure\/\",\"name\":\"Building cloud apps using the Secure DevOps Kit for Azure - Inside Track Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/building-cloud-apps-using-the-secure-devops-kit-for-azure\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/building-cloud-apps-using-the-secure-devops-kit-for-azure\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2017\/09\/7452-hero1.jpg\",\"datePublished\":\"2017-09-26T22:09:50+00:00\",\"dateModified\":\"2023-06-11T23:21:43+00:00\",\"author\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/59e5f7b07dae629412c990cc1a63b575\"},\"description\":\"Microsoft is embracing the cloud and we\u2019re adopting agile methodology\u2014DevOps\u2014for cloud app development. This transition has challenged traditional security methods. To build security into our agile development process and provide a baseline for security in cloud apps, we created the Secure DevOps Kit for Azure. It offers tools and best practices for building security into every stage of cloud app development.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/building-cloud-apps-using-the-secure-devops-kit-for-azure\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/insidetrack\/blog\/building-cloud-apps-using-the-secure-devops-kit-for-azure\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/building-cloud-apps-using-the-secure-devops-kit-for-azure\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2017\/09\/7452-hero1.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2017\/09\/7452-hero1.jpg\",\"width\":1040,\"height\":585,\"caption\":\"Portrait of female developer in striped long sleeve shirt with lip piercing, smiling and facing camera.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/building-cloud-apps-using-the-secure-devops-kit-for-azure\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Building cloud apps using the Secure DevOps Kit for Azure\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/\",\"name\":\"Inside Track Blog\",\"description\":\"How Microsoft does IT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/59e5f7b07dae629412c990cc1a63b575\",\"name\":\"Inside Track \u2013 retired stories\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/image\/ee0de87c339052d5d84852473bd7f213\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/24a8c329ab32afd1bc23fd1658d1acc2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/24a8c329ab32afd1bc23fd1658d1acc2?s=96&d=mm&r=g\",\"caption\":\"Inside Track \u2013 retired stories\"},\"description\":\"The content on this page was crafted to highlight a specific moment in time or the solutions that have led us to where we are today. It offers valuable insights into our journey and the progress made over the years. Check out the Inside Track blog page for our up-to-date stories around Microsoft.\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/author\/insidetrackarchive\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Building cloud apps using the Secure DevOps Kit for Azure - Inside Track Blog","description":"Microsoft is embracing the cloud and we\u2019re adopting agile methodology\u2014DevOps\u2014for cloud app development. This transition has challenged traditional security methods. To build security into our agile development process and provide a baseline for security in cloud apps, we created the Secure DevOps Kit for Azure. It offers tools and best practices for building security into every stage of cloud app development.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/insidetrack\/blog\/building-cloud-apps-using-the-secure-devops-kit-for-azure\/","og_locale":"en_US","og_type":"article","og_title":"Building cloud apps using the Secure DevOps Kit for Azure - Inside Track Blog","og_description":"Microsoft is embracing the cloud and we\u2019re adopting agile methodology\u2014DevOps\u2014for cloud app development. This transition has challenged traditional security methods. To build security into our agile development process and provide a baseline for security in cloud apps, we created the Secure DevOps Kit for Azure. It offers tools and best practices for building security into every stage of cloud app development.","og_url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/building-cloud-apps-using-the-secure-devops-kit-for-azure\/","og_site_name":"Inside Track Blog","article_published_time":"2017-09-26T22:09:50+00:00","article_modified_time":"2023-06-11T23:21:43+00:00","og_image":[{"width":1040,"height":585,"url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2017\/09\/7452-hero1.jpg","type":"image\/jpeg"}],"author":"Inside Track \u2013 retired stories","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Inside Track \u2013 retired stories","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/building-cloud-apps-using-the-secure-devops-kit-for-azure\/","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/building-cloud-apps-using-the-secure-devops-kit-for-azure\/","name":"Building cloud apps using the Secure DevOps Kit for Azure - Inside Track Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/building-cloud-apps-using-the-secure-devops-kit-for-azure\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/building-cloud-apps-using-the-secure-devops-kit-for-azure\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2017\/09\/7452-hero1.jpg","datePublished":"2017-09-26T22:09:50+00:00","dateModified":"2023-06-11T23:21:43+00:00","author":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/59e5f7b07dae629412c990cc1a63b575"},"description":"Microsoft is embracing the cloud and we\u2019re adopting agile methodology\u2014DevOps\u2014for cloud app development. This transition has challenged traditional security methods. To build security into our agile development process and provide a baseline for security in cloud apps, we created the Secure DevOps Kit for Azure. It offers tools and best practices for building security into every stage of cloud app development.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/building-cloud-apps-using-the-secure-devops-kit-for-azure\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/insidetrack\/blog\/building-cloud-apps-using-the-secure-devops-kit-for-azure\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/building-cloud-apps-using-the-secure-devops-kit-for-azure\/#primaryimage","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2017\/09\/7452-hero1.jpg","contentUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2017\/09\/7452-hero1.jpg","width":1040,"height":585,"caption":"Portrait of female developer in striped long sleeve shirt with lip piercing, smiling and facing camera."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/building-cloud-apps-using-the-secure-devops-kit-for-azure\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/insidetrack\/blog\/"},{"@type":"ListItem","position":2,"name":"Building cloud apps using the Secure DevOps Kit for Azure"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/","name":"Inside Track Blog","description":"How Microsoft does IT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/59e5f7b07dae629412c990cc1a63b575","name":"Inside Track \u2013 retired stories","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/image\/ee0de87c339052d5d84852473bd7f213","url":"https:\/\/secure.gravatar.com\/avatar\/24a8c329ab32afd1bc23fd1658d1acc2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/24a8c329ab32afd1bc23fd1658d1acc2?s=96&d=mm&r=g","caption":"Inside Track \u2013 retired stories"},"description":"The content on this page was crafted to highlight a specific moment in time or the solutions that have led us to where we are today. It offers valuable insights into our journey and the progress made over the years. Check out the Inside Track blog page for our up-to-date stories around Microsoft.","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/author\/insidetrackarchive\/"}]}},"jetpack_featured_media_url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2017\/09\/7452-hero1.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9hcZA-2Sb","_links":{"self":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/11047"}],"collection":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/users\/146"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/comments?post=11047"}],"version-history":[{"count":3,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/11047\/revisions"}],"predecessor-version":[{"id":11198,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/11047\/revisions\/11198"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/media\/11364"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/media?parent=11047"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/categories?post=11047"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/tags?post=11047"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/coauthors?post=11047"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}