What is a Cloud Adoption Security Review?

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

What is a Cloud Adoption Security Review?

The Cloud Adoption Security Review (CASR) is aimed to self-assess an Azure landing zone (ALZ) environment that has achieved baseline security against the Secure Methodology of the Cloud Adoption Framework (CAF).

 

Security is an ongoing journey of incremental progress and maturity, and not a static destination. The Cloud Adoption Framework provides security guidance for this journey by providing clarity to the processes and best practices. This guidance is based on real world experiences of our customers, of Microsoft's own security journey and lessons learned, and the work with other organizations like NIST (National Institute of Standards and Technology) or CIS (Center for Internet Security).

 

The outcome is manifested in the Cloud Adoption Framework Secure Methodology which provides a vision of the complete end state of your security journey and follows the Zero Trust principle (assume breachverify explicitlyuse least privilege access).

This assessment gives you the opportunity to self-assess your security journey of your cloud adoption against this secure methodology.

 

What are the areas we are addressing with this assessment?

This assessment targets the CAF secure methodology. This methodology provides guidance on the integration of security with business processes (also called business alignment) and security disciplines. The following domain areas are covered in the Cloud Adoption Security Review:

 

AriyaKhamvongsa_0-1682984131707.jpeg

 

 

When should you do a Cloud Adoption Security Review?

Before cloud adoption can begin you need to have Azure landing zones created which will host the workloads. Within CAF this is called the Ready phase. At this phase or stage, you should already have designed your Azure landing zones and you should know about your cloud operation model because security is critical here. You should have a secure design or plan before you are going to the next phases and deploy your workload resources into your landing zones. 

 

AriyaKhamvongsa_1-1682984131715.jpeg

 

 

 

What are the benefits of doing a Cloud Adoption Security Review?

It will help you to identify opportunities for critical security optimizations to better align to the secure methodology of CAF and improve your Azure landing zone security. At the end of this assessment, you will receive actionable recommendations to incrementally improve your security. Actionable means that you can import those recommendations into your Azure DevOps or GitHub project and are able to track the implementation progress through standard project management processes and tasks. You can create multiple versions (Milestones) of the assessment and track your progress over time.

 

AriyaKhamvongsa_2-1682984131716.jpeg

 

 

More Information

  • Watch the corresponding Azure Enablement Show video about this Cloud Adoption Security Review

CAF Security Review.jpg

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.