What is a Cloud Adoption Security Review?

What is a Cloud Adoption Security Review?

The Cloud Adoption Security Review (CASR) is aimed to self-assess an Azure landing zone (ALZ) environment that has achieved baseline security against the Secure Methodology of the Cloud Adoption Framework (CAF).

Security is an ongoing journey of incremental progress and maturity, and not a static destination. The Cloud Adoption Framework provides security guidance for this journey by providing clarity to the processes and best practices. This guidance is based on real world experiences of our customers, of Microsoft's own security journey and lessons learned, and the work with other organizations like NIST (National Institute of Standards and Technology) or CIS (Center for Internet Security).

The outcome is manifested in the Cloud Adoption Framework Secure Methodology which provides a vision of the complete end state of your security journey and follows the Zero Trust principle (assume breach, verify explicitly, use least privilege access).

This assessment gives you the opportunity to self-assess your security journey of your cloud adoption against this secure methodology.

What are the areas we are addressing with this assessment?

This assessment targets the CAF secure methodology. This methodology provides guidance on the integration of security with business processes (also called business alignment) and security disciplines. The following domain areas are covered in the Cloud Adoption Security Review:

• Business Alignment
• Risk insights
• Security integration
• Business resilience
• Security Disciplines
• Access control
• Security operations
• Asset protection
• Security governance
• Innovation security

When should you do a Cloud Adoption Security Review?

Before cloud adoption can begin you need to have Azure landing zones created which will host the workloads. Within CAF this is called the Ready phase. At this phase or stage, you should already have designed your Azure landing zones and you should know about your cloud operation model because security is critical here. You should have a secure design or plan before you are going to the next phases and deploy your workload resources into your landing zones. 

What are the benefits of doing a Cloud Adoption Security Review?

It will help you to identify opportunities for critical security optimizations to better align to the secure methodology of CAF and improve your Azure landing zone security. At the end of this assessment, you will receive actionable recommendations to incrementally improve your security. Actionable means that you can import those recommendations into your Azure DevOps or GitHub project and are able to track the implementation progress through standard project management processes and tasks. You can create multiple versions (Milestones) of the assessment and track your progress over time.

More Information

• Watch the corresponding Azure Enablement Show video about this Cloud Adoption Security Review

• Cloud Adoption Security Review on Microsoft Assessments
• DevOps Reporting Scripts on GitHub
• What is the Microsoft Cloud Adoption Framework for Azure on Microsoft Learn.
• Security in the Microsoft Cloud Adoption Framework for Azure on Microsoft Learn 
• Contact your Microsoft account manager (CSAM) about our Cloud Adoption Security Review offering if you wish to execute this assessment against your environment together with a Microsoft architect as part of your existing support contract.