secure-by-design

ZeroConf Secure Infra for SMBs


Project maintained by mics-sbd Hosted on GitHub Pages — Theme by mattgraham

Features

Declarative Infrastructure

Secure By Design leverages terraform in order to express cloud infrastructure as repeatable and auditable code. By enforcing strict code-review practices and implementing simple CD, it means that a model of current infrastructure is always checked in. As much as possible, infrastructure is created with secure defaults.

Cloud Native Security

Secure By Design uses AAD in order to ensure that applications and infrastructure is protected by both AuthN and AuthZ between each other. Groups are provided to ensure users can be assigned with Principle of Least Privelege in mind, and a Service Principal is provided to prevent direct access to infrastructure. At all times, interactions with Azure are logged and auditable.

Defense in Depth

Applications can quickly be containerized using off the shelf images we ~stole~ forked from popular repos and rebased onto a lightweight alpine image with minimal attack surface. Containers are deployed into a secured Kuberenetes cluster, and hosts are hardened and autopatched. We recommend only exposing 443, but automatically apply configs and firewall rules to block malicious traffic.

Zero Config Topology

While we provide extensible interfaces and patterns, the default out of the box configuration works and is secure. We ship an optimized dev environment in the repo to provide minimal setup, and provide a simple cli to deploy even the most complex network topologies at any scale. Eliminate Shadow IT and tool sprawl - it’s harder to circumvent Secure By Design than to simply use it.