What are security policies?
A security policy defines the desired configuration of your workloads and helps ensure compliance with company or regulatory security requirements. In Azure Security Center, you can define policies for your Azure subscriptions and tailor them to your type of workload or the sensitivity of your data. For example, applications that use regulated data, such as personally identifiable information, might require a higher level of security than other workloads.
Security Center policies contain the following components:
◈ Data collection: Determines agent provisioning and data collection settings.
◈ Security policy: Determines which controls Security Center monitors and recommends. You can edit the security policy in Security Center. You can also use Azure Policy (in limited preview) to create new definitions, define additional policies, and assign policies across management groups.
◈ Email notifications: Determines security contacts, and e-mail notification settings.
◈ Pricing tier: Defines free or standard pricing selection. The tier you choose determines which Security Center features are available for resources in scope. You can specify a tier for subscriptions, resource groups, and workspaces.
Who can edit security policies?
Security Center uses Role-Based Access Control (RBAC), which provides built-in roles that can be assigned to users, groups, and services in Azure. When users open Security Center, they see only information that's related to resources they have access to. Which means that users are assigned the role of owner, contributor, or reader to the subscription or resource group that a resource belongs to. In addition to these roles, there are two specific Security Center roles:
◈ Security reader: Have view rights to Security Center, which includes recommendations, alerts, policy, and health, but they can't make changes.
◈ Security admin: Have the same view rights as security reader, and they can also update the security policy and dismiss recommendations and alerts.
0 comments:
Post a Comment