Nino’s research on Azure Serverless Security

Key Takeaways

Nino Crudele is a Solutions Director at Hitachi Solutions. He has experience working in several business sectors like banking, public sector, medical, communication, education, engineering, financial, manufacturing, etc. Nino has been a frequent public speaker, Microsoft MVP since 2006, author, and blogger. His core expertise areas are Microsoft Azure, Cloud Security, Architecture and Design, Integration, code development, and a strong geek passion for technologies.

Nino at INTEGRATE 2022

INTEGRATE 2022 is the world’s largest Microsoft Integration Tech Conference. This year the event is held at St Paul’s, London + Remote from June 13 – 15, with sessions from Azure experts across the globe.

This year Nino is presenting a session on “Top 10 tips to secure your integration solutions” on Day 2 of INTEGRATE 2022 (14th June). The session will be a compilation of his research on Azure Serverless security for the past eight months. This podcast is a quick overview of the highlights of Nino’s INTEGRATE session.

The Security Research

Nino used to work a lot in the integration space, especially using the BizTalk server. He found security held to be a crucial topic. In the last period of his career in life, Nino decided to engage much more in this topic. Therefore, he started engaging much more in the research in the previous year. Nino started engaging in Microsoft Azure with Service Bus, and for him, the idea of the cloud was like software as a service or platform as a service approach. During the research, Nino started discovering much more, and one of the first things he tried to look at was the CoreOS. Everything we do, everything we execute in the cloud, is just software. When we look at all these technologies in the cloud, it gets executed by the operating system. This incident started intriguing Nino’s mind, and he started thinking about security.

Security stack to consider during the development of Azure

From Nino’s point of view, Containers and Firewalls might be an essential factor, but an integral part of security is protecting the terminal part of the application. When users develop something that will be executed inside the cloud, they always need to think about how it’s going to be executed by the operating system via container, etc. Another factor is code security, and the code must be secure, so he recommends using scanning code tools. The next big thing is the J attack, this major vulnerability in this Java library is open source, and it is being used everywhere across the globe.

Loops in Security

“The common thing in all these technologies is, an operating system hosts it. The job is done if they can hack the lower layer, the operating system where the application is running. Yeah, it looks a simple bit. One of the main weaknesses in the cloud is everything in the cloud is just containers. If they can hack a container, then they get into the technology. It can be Amazon, Azure, Google, or wherever it is, but the principle is the same, and nothing changes. This is how all organizations leave a loophole in terms of Security”, says Nino.

INTEGRATE 2022:

Register here for Nino Crudele’s session: Click Here