Introduction
The Azure Well-Architected Framework is a design framework that can improve the quality of a workload by helping it to:
- Be resilient, available, and recoverable.
- Be as secure as you need it to be.
- Deliver a sufficient return on investment.
- Support responsible development and operations.
- Accomplish its purpose within acceptable timeframes.
A Well-Architected workload must be built with a zero-trust approach. A secure workload is resilient to attacks and incorporates the interrelated security principles of confidentiality, integrity, and availability (also known as the CIA triad) in addition to meeting business goals. Any security incident has the potential to become a major breach that damages the brand and reputation of the workload or organization. To measure the security efficacy of your overall strategy for a workload, start with these questions:
- Do your defensive investments provide meaningful cost and friction to prevent attackers from compromising your workload?
- Will your security measures be effective in restricting the blast radius of an incident?
- Do you understand how controlling the workload could be valuable for an attacker? Do you understand the impact to your business if the workload and its data are stolen, unavailable, or tampered with?
- Can the workload and operations quickly detect, respond to, and recover from disruptions?
The concepts described in this module are not all-inclusive of security in a workload, but they represent the core principles and some of their key approaches when you're designing a workload. For a complete perspective, across all of the Well-Architected Framework pillars, visit the Azure Well-Architected Framework as you start planning and designing your architecture.
Each unit in this module focuses on one design principle and three approaches associated with that principle. The approaches in each unit are supported through the use of examples to help demonstrate how they can be applied to real-world scenarios. The examples are all based on a fictional company.
Learning objectives
By the end of this module, you'll understand the five principles of the Security pillar and learn three approaches for each of the following:
- Create a security readiness plan that's aligned with business priorities.
- Properly handle confidentiality requirements.
- Strengthen the integrity of your workload against security risks.
- Strengthen the availability of your workload against security incidents.
- Continuously maintain and improve your workload's security posture
Prerequisites
- Experience building or operating solutions by using core infrastructure technology such as data storage, compute, and networking
- Experience building or operating technology systems to solve business problems