Starting off with the initial problem of an in office workforce moving to a permanent remote workforce due to Covid. This posed some issues like "how do we keep the data protected when the data is scattered in diffrent places.." (on prem and sharepoint). Easy right! Just create a cloud share, migrate the data, and give everyone access. Well no, that won't work because Azure file share supports SMB 3.0 over port 445 and that's great but, some ISPs still block that port. So, what do we do?

Well, as shown in the design, we need to create our storage accounts and file shares. I created a few storage accounts for different departments (HR and Accounting), allowing us to create private endpoints for each storage account with different subnets and DNS records. Next, we needed to create our virtual network gateway so our users can connect using a VPN client. We use Okta as our MFA client to prompt VPN users to enter multifactor authentication.

"With defense in depth, multiple layers of security are applied across the entire information technology infrastructure."

One more thing I wanted to mention is encryption. Azure storage accounts have encryption in transit enabled by default and all data stored in the file share is encrypted at rest. We then moved to migrating the data from various locations using powershell, Azure storage explorer, And other methods. So, with this set-up we have a layered defense approach using a secure tunnel with MFA, data is encrypted, seperate storage accounts with private endpoints on diffrent subnets, and all traffic being monitored. Some keypoints to remember:

• Azure file shares use MSB 3.0 over port 445 that some ISP block.
• Think security all the way through the design phase to keep the data safe.
• Monitor everything. We can't fix what we cant see.

Thank you for visiting and I hope this helps!

With my current position at a mid size enterprise I noticed right away that the IT team and the development team were not working in harmony. After performing pentesting and voulnerabilty scans I was able to take this data to the leadership and developtment team. Where I was able to present a plan to improve our processes and pipelines.

The problems we faced:
• Vulnerabilities in the applications due to outdated code version.
• Dev team not using industry standard tools like IDE, repositories, CI/CD pipelines
• Severe bottleneck to improve the app and build new features
• A large amount of technical debt

We have a lot of work ahead of us. So, the first issue we tackled was quickly bringing the dev team up to speed with new tools, training and best practices. Next I built out 3 CI/CD pipelines for the different versions of the app. I then moved onto to streamlining the entire workflow to make sure everything works, the dev team has what they need and feel supported. The developers can start updating the code version, building features, patch and update with continuous deployment.

“A phased approach to continuous delivery is not only preferable, its infinitely more manageable.” - Maurice Kherlakian

Steps of the CI/CD Pipeline:
• Change application source code with visual studio code to azure devops.
• Commit application code to Azure repositories for version control.
• Continuous integration triggers application build and unit tests (SAST)
• Continuous deployment trigger orchestrates deployment of application artifacts with environment-specific parameters.
• Deployment to Web Apps staggin slot for QA testing.
• Deployment to Web Apps Production.
• Azure Application Insights collects and analyzes health, performance, and usage data.
• Review health, performance, and usage information.
• Update boards with work items.