Security patterns

Our take on Azure security patterns

Azure uses design patterns extensively. You can find them almost everywhere such as when dealing with data protection at rest, implementing user authentication, and too many other scenarios to include here. Instead of reinventing the wheel, Azure adopts the same patterns and sometimes even the same services to provide critical capabilities and address common problems.

It is essential to know Azure’s security patterns because they represent the best way to address common security problems. They may even enable you to design secure solutions without adopting more sophisticated approaches, like threat modeling, discussed in Chapter 4, “Threat modeling.” This chapter introduces some of these patterns and includes the following information about each one:

  • The name of the pattern

  • The intent of and motivation behind the pattern

  • A description of the pattern

  • Examples of the pattern’s implementation in Azure

  • Related security principles (discussed in Chapter 2, “Secure design”)

  • Related patterns

Furthermore, the patterns are split into categories to simplify their identification:

  • Authentication These patterns deal with the authentication of the counterparts of an interaction.

  • Authorization These patterns focus on controlling access to resources.

  • Secrets management These patterns deal with how the solution manages the secrets.

  • Sensitive information management These patterns focus on how to manage sensitive information.

  • Availability These patterns deal with ensuring that resources are accessible by legitimate users.

In the following pages, we describe a few patterns, sorting them by alphabetical order within each category. This is not an exhaustive list by any means. It simply includes some of the most common patterns we have seen in our practice that focus solely on solution design. This chapter does not cover implementation and deployment patterns, like those related to the supply chain. Considerations that relate to those patterns are covered elsewhere in the book, in Chapter 9, “Secure coding.” By discussing some of the most important patterns here and clearly stating why you need to adopt them, we aim to provide you with a consistent view.

Once you know about patterns and their importance in Azure, you might be able to identify other patterns in the services you use. This understanding of design decisions empowers you to design better solutions by adopting the same concepts and by using Azure Services correctly.