Browse our archives by topic…
Security and Compliance
Exploring OpenChain: From License Compliance to Security Assurance
Open-source software has become an essential part of many organisation's software supply chain, however, this poses challenges with license compliance and security assurance.
The OpenChain specification explained
When implementing OpenChain, understanding the specification will help guide your organisation to having processes in place to review and manage open-source software
What are the risks with open-source software?
The key risks associated with open-source software, from whether you use it minimally, to using it throughout all your systems.
What is OpenChain?
With much of the modern world is built upon software, organisations need to understand and manage the legal and security risks associated with open-source software.
How to sign your git commits
Signing git commits proves that you are the author of the code you are pushing up to GitHub, and helps protect the integrity of your software supply chain.
Flex Your DevSecOps Muscles With Bicep (and get started with our cheat sheet)
Bicep provides a significant improvement in tooling for organisations seeking to deploy infrastructure as code on Microsoft Azure.
How to fix the "You need permission to access workspace..." error in Azure Synapse Analytics
Data Engineers/Developers want to get access to Azure Synapse Analytics as quickly as possible to start designing and creating their data solutions. Being denied access to Synapse Studio can be frustrating and slows matters down. This article will address the "You need permission to access workspace..." error, discuss what causes it, and describe how to fix it.
How to use the Azure CLI to manage access to Synapse Studio
Azure Synapse Analytics developers need to be assigned a role within Synapse Studio in order to access the GUI. The Azure CLI provides one way of programmatically achieving this, which can be done by any Owner or Contributor of the Azure Synapse Analytics resource.
The Public Health England Test and Trace Excel error could have been prevented by this one simple step
Despite the subsequent media reporting, the loss of 16,000 Covid-19 test results at Public Health England wasn't caused by Excel. This post argues that a lack of an appropriate risk and mitigation analysis left the process exposed to human error, which ultimately led to the loss of data and inaccurate reporting. It describes a simple process that could have been applied to prevent the error, and how it will help if you're worried about ensuring quality or reducing risk in your own business, technology or data programmes.
How to update your Microsoft Authenticator App for a work/school account
This post quickly runs through the steps for setting up a new Microsoft Authenticator App for a work or school account.
Using Azure Key Vault for Encryption in C# - A Simple Tutorial
Do you need to encrypt a piece of data in your application? Do you want Azure Key Vault to secure the key? Well, using C# along with a couple of libraries from the Azure SDK, it couldn't be easier to get up and running. This blog explains how to do just that.
Using multiple azure-cli credentials within automation
Have you ever needed an automated process to use alternative credentials for a subset of tasks? This post will demonstrate a technique that allows you setup multiple, concurrent authenticated sessions when using the azure-cli and switch freely between them.
Does Azure Synapse Analytics spell the end for Azure Databricks?
Have you or are you about to invest in Azure Databricks? If so, the new Spark offering in Azure Synapse Analytics is likely to have grabbed your attention and rightly so. Why is Microsoft putting yet another Spark offering on the table and what does it mean for you?
How does Azure Key Vault help me secure my data?
Azure Key Vault is used to protect encryption keys and secrets. These keys and secrets can be used to access encrypted data and protected services. Individual Key Vaults can be used to preserve security information for isolating keys and secrets. The keys stored can be either hardware or software protected. Access to the keys and secrets is controlled using Azure Active Directory, RBAC and access policies.
Building a secure data solution using Azure Data Lake Store (Gen2)
In this blog we discuss building a secure data solution using Azure Data Lake. Data Lake has many features which enable fine grained security and data separation. It is also built on Azure Storage which enables us to take advantage of all of those features and means that ADLS is still a cost effective storage option!This post runs through some of the great features of ADLS and runs through an example of how we build our solutions using this technology!
Secure Azure Function-to-Function authentication without the need for credentials
Building a secure solution on Azure can be a daunting task. Using Azure Functions and Managed Identities, we have built up a pattern for giving services access to one another, without the need to store credentials. These managed identities can be given access to necessary resources. For example, they can be granted roles and added to access control lists in ADLS Gen2 accounts, or the ability to access keys in key vault. This means that data can be securely accessed without needing to store connection strings or app passwords.
Enforce resource tagging with Azure Policy
This blog post details how we used Azure Policy to enforce Azure resources were tagged with appropiate tags and ensured tags were inherited from parent resource groups where possible.
Managing applications using Azure AD, service principals and managed identities: A permissions story
The complexities around Azure Active Directory can be difficult to understand. This post runs through some of the key concepts - AAD apps, service principles, managed identities, and walks through an example of how to set some of this up!
How to plan your cloud transformation journey
We've been helping customers adopt Microsoft Azure since 2010, we have produced a lot of thought leadership to help people think about the steps required, the risk involved and how to plan a successful adoption.
Benchmarking the Cloud against on-premise data centres
In the third and final part in this series we compare the risk of Azure vs the risk of on-premise data centres, using the Swiss Cheese Risk Model.
Automating office security with Synology, Surveillance Station, OneDrive and Power Automate
Read about how we set up automated backups of our office security camera footage and used Power Automate to alert us if anything went wrong
AWS vs Azure vs Google Cloud Platform - Networking
Cloud Adoption: A Deep Dive into the Swiss Cheese Model
In the second part of this series, we take a deep dive into the Swiss Cheese Model and show how this type of threat modelling is essential for understanding the risks that adopting Microsoft Azure post your organisation, and how you mitigate them.
Cloud Adoption: Risks & Mitigations Analysis
In the first part of this series, we look at how you take a strategic look at the risks of adopting Microsoft Azure, and how you report these to C-level execs.
Embracing Disruption - Financial Services and the Microsoft Cloud
We have produced an insightful booklet called "Embracing Disruption - Financial Services and the Microsoft Cloud" which examines the challenges and opportunities for the Financial Service Industry in the UK, through the lens of Microsoft Azure, Security, Privacy & Data Sovereignty, Data Ingestion, Transformation & Enrichment, Big Compute, Big Data, Insights & Visualisation, Infrastructure, Ops & Support, and the API Economy.
Why is blockchain revolutionising Financial Services?
There is a lot of hype about the blockchain - usually wrapped up with talk about Bitcoin and crypto-currencies. In this article, we look at its impact on trust, and auditability in financial services, and why it may (or may not) be appropriate for your solutions.
Regulatory Compliance and Cloud Adoption
In this post we review the FCA's guidelines for the adoption of cloud services by FinTech businesses, and help you to understand their impact across the value chain.