Specifying a security strategy for applications and APIs
As stated at the beginning of this chapter, applications are used by all users to access and perform their daily tasks. Applications are also the primary means for accessing data, some of which may be sensitive or confidential. This combination of the application and the data that is accessed becomes the primary aspect of value to the business, internally and externally. For example, the company website is running on an Azure App Service with an Azure SQL database connected to the App Service to provide the inventory of products available to purchase when a customer visits the website.
The architecture of applications has changed with the use of cloud hyperscaler technologies. Legacy applications that utilize servers and virtual machines with embedded identity and access controls have moved to more modern application development with cloud identity providers. Migrations to the cloud services with these legacy applications...