Configure Subscription, Authentication

 Assess on premise active directory authentication

Configure AD/LDAP forkey users

Setup CSP (Cloud Service Providers) policies to enforce rules for resources

Setup any security policy related to RBAC for users

Create resource groups for different environments Dev, QA, Prod, DR, Security

Create groups and idM (Identity Mgmt.) policies and audit those policies regularly

Configure SAML for Single-Sign to Identity device that validates against Active Directory

Setup Networking

Configure virtual networks (vNets) and subnets and SecGroups

Configure connectivity to on premise using direct connections

Configure internal and external Load Balancers

Configure DNS to URL for external load- balancing

Configure Network Security groups to control access to network and VMs

Implement NAC device that RBACs (Role Based)

Create hardened ACL (SG = Security Groups) where the source device isolates communication with an authorized destination devices

Automate Deployment

Setup the PowerShell scripts, ARM, Terraform templates for resource deployments

Manage multiple
environment definitions

Deploy Perimeter Server, VM for virtualization

Deploy PaaS SQL database

Implement Automation rules for resource shutdown when not needed

Verify the deployment of CSP resources

Test on premise Cloud/VPC connectivity

Create stop and startup process for system failures

Create multiple regional zones for web & database traffic

Security Review/Setup

Configure Internal firewalls for threat protection

Configure vulnerability assessment tool like NeuVector or ExtraHop

Install Trend-Micro deep Security/Antivirus system

Configure Cloud security
center policies with
“Just-In-Time access

Setup Key-Vault for storing database connection strings

Setup data encryption and data masking for CSP SQL DB

Configure access keys for global storage

Implement SIEM, NAC, IPS/IDS, and NMS tools for centralized data collection