Skip to content

Commit 94ac99d

Browse files
MikeDodaroMikeDodaro
committed
Security controls draft
1 parent 9236b18 commit 94ac99d

File tree

1 file changed

+23
-0
lines changed

1 file changed

+23
-0
lines changed

articles/spring-cloud/spring-cloud-concept-security-controls.md

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
---
2+
title: Concept - Security controls for Azure Spring Cloud Service
3+
description: Use security controls built-in into Azure Spring Cloud Service.
4+
author: MikeDodaro
5+
ms.author: brendm
6+
ms.service: spring-cloud
7+
ms.topic: concept
8+
ms.date: 04/23/2020
9+
---
10+
11+
# Security controls for Azure Spring Cloud Service
12+
Security controls are built-in into Azure Spring Cloud Service.
13+
14+
A security control is a quality or feature of an Azure service that contributes to the service's ability to prevent, detect, and respond to security vulnerabilities. For each control, we use *Yes* or *No* to indicate whether it is currently in place for the service. We use *N/A* for a control that is not applicable to the service.
15+
16+
## Data protection security controls
17+
18+
| Security control | Yes/No | Notes | Documentation |
19+
|:-----------:|:--------:|:-------------------------------:|:-------------------:|
20+
| Server-side encryption at rest: Microsoft-managed keys | Yes | User uploaded source and artifacts, config server settings, app settings and data in persistent storage are stored in Azure Storage, which automatically encrypts the content at rest. Config server cache, runtime binaries built from uploaded source, and application logs during the application lifetime are saved to Azure Managed Disk, which automatically encrypts the content at rest. Container images built from user uploaded source are saved in Azure Container Registry, which automatically encrypts the image content at rest. | [Azure Storage encryption for data at rest](https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption) [Server-side encryption of Azure managed disks](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption) [Container image storage in Azure Container Registry](https://docs.microsoft.com/en-us/azure/container-registry/container-registry-storage) |
21+
| Encryption in transient | Yes | User app public endpoints use HTTPS for inbound traffic by default. | |
22+
| API calls encrypted | Yes | Management calls to configure Azure Spring Cloud service occur via Azure Resource Manager calls over HTTPS. | [Azure Resource Manager](https://docs.microsoft.com/en-us/azure/azure-resource-manager/) |
23+

0 commit comments

Comments
 (0)