Skip to main content

Security

Security Overview

Azure provides a robust set of tools and services to enhance security, manage identities, and enforce policies within the Azure cloud environment

The AosEdge application relies on both Azure-provided and self-provided mechanisms.

Self-provided security mechanisms

All sensitive external endpoints connections covered with mTLS
Private AosEdge Kubernetes interconnections covered with Istio mTLS
AosEdge outbound connections are restricted and controlled with Istio
AosEdge images constantly check with the Software composition analysis tool

Azure-provided security mechanisms

Private AKS cluster (no public API endpoints)
Authorization to the Azure resources is done with Managed Identities
The disks are encrypted with the double encryption mechanism
Networks restricted with Network security groups
AosEdge communication with Azure resources is done via Azure private endpoints
Sensitive data are stored in Azure Key Vaults
Infrastructure and AKS cluster resource creation restricted with Policies

Security Overview
Self-provided security mechanisms
Azure-provided security mechanisms