Azure Security Architecture for Global Manufacturing Firm
Our client, a global manufacturing firm based in the Midwest, requested Concurrency’s assistance with an Azure architecture project of significance to the firm’s operations worldwide. Our client recognized a need to improve on aspects of its security-related practices, such as patching systems in a timely way. That need became one focus area in a project we undertook to create the Azure architecture for a “minimally viable product” (MVP) that, when implemented, would drastically improve our client’s security posture throughout the organization.
As we designed the architecture, we covered topology, subscriptions, resources, and security configuration. We provided a security architecture used for the Azure environment, including access to resource groups. We addressed how administrators are secured, how VPN would factor into the Azure solution, and how both third-party firewalls and Network Security Groups (NSGs) would be applied.
At the beginning of this project, our client had begun some initial experimentation with Azure at the parent-company level. At its conclusion, the organization was ready to implement a robust Azure architecture that could encompass both the parent company and a series of worldwide subsidiaries.
In the architecture we designed, we accommodated key existing tools such as by extending on-premises System Center Configurations Manager functions into Azure. We also accommodated our client’s desire to use a third-party firewall and helped our client get oriented with regard to Microsoft product roadmaps on how that integration could further improve over time. We also helped our client identify areas where Azure NSGs (which offer automated deployment) could be applied with better security results than a traditional firewall by walling off applications.
In that same vein of extending tools our client was already familiar with, we also built a security model around Active Directory with an integration into Azure Active Directory—enabling our client to continue using existing auditing tools.
We developed an architectural overview document in a form for review by upper management. As our client moved forward with implementing the Azure plan, we continued to provide assistance. This project helped ensure that both recognized critical needs—such as an improved approach to systems patching—were attained. More generally, it also provided our client with a plan to achieve a modern approach to monitoring and securing its systems around the globe.