1 00:00:00,553 --> 00:00:02,253 I believe it's important to understand the 2 00:00:02,253 --> 00:00:05,135 why behind watching this course. I mean, 3 00:00:05,135 --> 00:00:07,404 what is the end game we are trying to 4 00:00:07,404 --> 00:00:09,748 achieve here? The reason behind learning 5 00:00:09,748 --> 00:00:13,095 about Azure Security Center and all of its 6 00:00:13,095 --> 00:00:15,961 features. Only then, we can start mapping 7 00:00:15,961 --> 00:00:18,659 each feature set in Azure Security Center 8 00:00:18,659 --> 00:00:21,838 with a specific need and business or 9 00:00:21,838 --> 00:00:24,241 security value, at least this is how I 10 00:00:24,241 --> 00:00:27,128 like to learn about new things. You might 11 00:00:27,128 --> 00:00:29,221 agree with me that many organizations 12 00:00:29,221 --> 00:00:32,541 start migrating or deploying resources to 13 00:00:32,541 --> 00:00:34,949 the cloud without proper compliance, 14 00:00:34,949 --> 00:00:39,021 security, or governance in mind. In fact, 15 00:00:39,021 --> 00:00:42,263 I see many organizations do this. They try 16 00:00:42,263 --> 00:00:45,117 to copy the same network layout they have 17 00:00:45,117 --> 00:00:47,896 on-premises to the cloud, they deploy the 18 00:00:47,896 --> 00:00:50,653 same on-premises security tools and agents 19 00:00:50,653 --> 00:00:53,275 to their cloud infrastructure, and they 20 00:00:53,275 --> 00:00:55,760 perhaps assume security is mainly the 21 00:00:55,760 --> 00:00:58,876 cloud provider's responsibility. Now the 22 00:00:58,876 --> 00:01:01,083 reality is that the cloud is a new 23 00:01:01,083 --> 00:01:04,105 playground with its own rules and unique 24 00:01:04,105 --> 00:01:06,334 nature. The examples of things that are 25 00:01:06,334 --> 00:01:08,679 left undetermined are the incident 26 00:01:08,679 --> 00:01:12,620 response plan in the cloud, the encryption 27 00:01:12,620 --> 00:01:15,683 used, and the security monitoring. Not 28 00:01:15,683 --> 00:01:17,893 understanding these factors means you are 29 00:01:17,893 --> 00:01:21,303 taking on unknown levels of risk that you 30 00:01:21,303 --> 00:01:24,850 may not even comprehend. Instead, a better 31 00:01:24,850 --> 00:01:27,072 way of carrying security practices to the 32 00:01:27,072 --> 00:01:29,933 cloud is to think about security from a 33 00:01:29,933 --> 00:01:32,003 holistic standpoint. It requires taking 34 00:01:32,003 --> 00:01:34,358 advantage of the built-in security 35 00:01:34,358 --> 00:01:37,071 capabilities available in the cloud 36 00:01:37,071 --> 00:01:39,581 platform and perhaps change the way 37 00:01:39,581 --> 00:01:42,150 networks in the cloud are separated to 38 00:01:42,150 --> 00:01:45,573 achieve best security scores. It can be a 39 00:01:45,573 --> 00:01:47,423 great opportunity, of course, for you to 40 00:01:47,423 --> 00:01:49,716 rethink how you want to deliver various 41 00:01:49,716 --> 00:01:52,736 workloads and services with security in 42 00:01:52,736 --> 00:01:55,560 mind using all the abstractions and 43 00:01:55,560 --> 00:01:57,657 orchestration capabilities that are not 44 00:01:57,657 --> 00:02:01,018 feasible otherwise on-premises. In fact, 45 00:02:01,018 --> 00:02:03,195 the cloud comes with some security 46 00:02:03,195 --> 00:02:05,423 challenges as well. We all know how 47 00:02:05,423 --> 00:02:07,001 quickly you can build a complete 48 00:02:07,001 --> 00:02:09,547 environment in Azure just by running an 49 00:02:09,547 --> 00:02:11,802 Azure template. The question you should 50 00:02:11,802 --> 00:02:14,455 ask yourself is, how can you ensure these 51 00:02:14,455 --> 00:02:18,188 new resources are protected and monitored 52 00:02:18,188 --> 00:02:21,722 from the moment they were created? Keep 53 00:02:21,722 --> 00:02:23,779 also in mind that the lifespan of servers 54 00:02:23,779 --> 00:02:27,035 can be less than an hour in case of a 55 00:02:27,035 --> 00:02:29,738 scale set, for example, so how can you get 56 00:02:29,738 --> 00:02:32,372 visibility and control over such dynamic 57 00:02:32,372 --> 00:02:35,141 cloud environment? Another point I want to 58 00:02:35,141 --> 00:02:37,397 mention here is that in large 59 00:02:37,397 --> 00:02:39,739 organizations, the problem becomes more 60 00:02:39,739 --> 00:02:43,099 difficult due to the dispersed cloud 61 00:02:43,099 --> 00:02:45,407 adoption strategy. You might have some 62 00:02:45,407 --> 00:02:47,490 departments that are adopting the cloud 63 00:02:47,490 --> 00:02:49,722 faster than other departments, and they 64 00:02:49,722 --> 00:02:51,377 end up spinning a couple of applications 65 00:02:51,377 --> 00:02:53,795 in the cloud without even the security 66 00:02:53,795 --> 00:02:56,283 team's knowledge, and they might be using 67 00:02:56,283 --> 00:02:58,962 legacy tools to gain visibility of their 68 00:02:58,962 --> 00:03:02,381 cloud resources. Now it is obvious that 69 00:03:02,381 --> 00:03:04,878 the endless journey to obtain the right 70 00:03:04,878 --> 00:03:08,070 level of visibility and control over the 71 00:03:08,070 --> 00:03:11,664 cloud resources is still a challenge. 72 00:03:11,664 --> 00:03:14,029 According to Palo Alto Networks' report, 73 00:03:14,029 --> 00:03:17,003 the top two security control challenges 74 00:03:17,003 --> 00:03:20,719 SecOps are struggling with are visibility 75 00:03:20,719 --> 00:03:24,548 in infrastructure security and compliance. 76 00:03:24,548 --> 00:03:26,643 Now I hope you agree with me that you 77 00:03:26,643 --> 00:03:28,864 should be prepared as a security 78 00:03:28,864 --> 00:03:31,539 professional when adopting and migrating 79 00:03:31,539 --> 00:03:36,000 workloads to the cloud to overcome these challenges.