Chapter 8. Networking and Policy Management: Behold the Gatekeepers

In the preceding chapters, we built infrastructure in Azure and explained how to discover and monitor our applications. Now it’s time to secure those applications! Although there have been numerous cloud data breaches over time because of simple misconfigurations, the reality is that securing cloud infrastructure is not difficult. Cloud networking technology has rapidly evolved, and today a number of vendors provide cloud native software that can help you enhance your network configuration as well as secure it.

Azure comes with an offering, Azure Policy, that allows you to set a policy against a tenant, management group, or subscription, which provides a layer of security by default. For example, in Azure you can set a policy that will ensure that no storage accounts are accessible publicly within a management group or subscription.

In this chapter, we will explore the power of container networking and the many ways you can use it to improve your infrastructure. We will also explain how to apply a policy to your infrastructure to keep it secure.

We will start with a discussion about container networking and the standards that multiple projects are built around, then focus on products such as Calico and Flannel, which provide networking connectivity and network policy enforcement. We’ll conclude the chapter with a discussion about system policy enforcement with Open Policy Agent (OPA).