Designing for security
Azure provides a range of tools to help us ensure our systems are secure. Some of these tools, such as Azure Key Vault, are independent services to be consumed as part of our solution. Other tools are component-specific, such as an Azure SQL Server’s firewall or threat protection capabilities.
In many cases, some options may seem to be duplicated or overlap in services – this isn’t by accident. When designing cloud applications, we often want to deploy and combine multiple tools that seem to serve the same purpose, or at the very least provide additional layers.
This multi-layered approach is called defense in depth and is an important subject in cloud platforms such as Azure. This concept essentially states that we should expect one or more of our security measures to fail – and then design additional measures to compensate when they do.
It may seem odd to assume something will fail – after all, years of system design...