Have security experts try to ethically hack your system occasionally to find weak spots. Regularly scan your infrastructure, code, and tools to catch any vulnerabilities before they become real problems.
Running security tests that mimic real-world attacks, like penetration testing, helps you see if your defenses actually work.
Threats can sneak in during updates or changes, so it’s smart to build vulnerability scanners right into your deployment process. That way, you can catch problems early and even block risky code from going live until it’s fixed.
Contoso’s challenge
- The threat modeling exercise helped the team find some gaps in their security setup. Now they want to make sure their fixes are strong and that nothing was missed.
- They’ve used open-source tools to test security and found it fun and useful. However, the team and stakeholders want to bring in security professionals to do thorough and rigorous testing regularly.
Applying the approach and outcomes
- The team contacts a well-known Microsoft partner that specializes in cloud security to talk about penetration testing.
- The workload team signs a Statement of Work for quarterly penetration testing, including one white-box test each year for extra confidence.
- The consulting team also helps the development team install anti-malware on dev boxes and the self-hosted build agents.
- Now, both the team and stakeholders feel a lot more confident that they’re ready for potential threats.
Leave a Reply