Designing security for an Azure Landing Zone
The cloud landing zone should be treated as the foundation for a cloud infrastructure deployment. The landing zone encapsulates the identity and access management roles, policies that govern the environment, the monitoring and management connections, the application and compute parameters and templates, and the overall security and governance for resources that are deployed within the subscription.
The design of your Azure landing zone should have a strong focus on security within each of the key areas deployed within the landing zone. Azure landing zones are deployed by templates and code. Companies generally refer to this with the words “secure by design.” To ensure this is a reality and not just a shallow statement, cybersecurity architects should be involved in the design of these landing zones with the cloud architects. Figure 6.23 shows the various components of the landing zone:
Figure...