SlideShare a Scribd company logo

IT Camp 19: Top Azure security fails and how to avoid them

Karl Ots, profile picture
Karl Ots

The document discusses a conference presentation on Azure security failures and their mitigation strategies by Karl Ots, a cloud and cybersecurity expert. It highlights common security issues such as unprotected public endpoints and insufficient monitoring, along with recommendations for using tools like the Secure DevOps Kit for Azure (AZSK) to assess and improve security posture. Key actions include implementing role-based access control and using Azure Key Vault for secure management of storage access keys.

Technology
1 of 30
Downloaded 12 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
@ITCAMPRO #ITCAMP19Community Conference for IT Professionals Top Azure security fails and how to avoid them Karl Ots
@ITCAMPRO #ITCAMP19Community Conference for IT Professionals Many thanks to our sponsors & partners! GOLD SILVER PARTNERS PLATINUM POWERED BY
@fincooper Karl Ots Chief Consulting Officer karl.ots@zure.com • Cloud & cybersecurity expert • Community leader, speaker, author & patented inventor • Working on Azure since 2011 • Helped to secure 100+ Azure applications, from startups to Fortune 500 enterprises • zure.ly/karl
@fincooper 13,7 100% 4,5 / 5 3 6. 34 / 38 experts years avg. Azure satisfaction Azure MVPs GPTW
@fincooper What to expect in this session • Azure security landscape • Top Azure security fails I have wandered upon in my adventures • Why are they bad? • How to fix them? • Resources to help you secure your Azure environment, regardless of your current status
@fincooper With great power comes great responsibility
@fincooper Secure DevOps kit for Azure (AzSK) • Set of tools for assessing the security posture of your Azure environment • Main toolset includes PowerShell module to scan your Azure platform and resources against best practices from Microsoft Core Services Engineering • Easy to get started with non-intrusive platform scans, expands end-to-end tooling from developer machine to DevSecOps
@fincooper Secure DevOps kit for Azure (AzSK) Run AzSK PowerShell tool Analyze results Improve system security
@fincooper Most fails described in this session can be detected by using AzSK
@fincooper Role Based Access Control AAD Object Role Scope RBAC Assignment
@fincooper Role-Based Access Control Subscription Resource Groups Resources Owner Can perform all management operations for a resource and its child resources including access management and granting access to others. Contributor Can perform all management operations for a resource including create and delete resources. A contributor cannot grant access to other. Reader Has read-only access to a resource and its child resources. A reader cannot read secrets.
@fincooper RBAC Roles • A collection of actions • Microsoft.Compute/virtualMachines/* • Microsoft.Compute/virtualMachines/start/action • Microsoft.Network/virtualNetworks/read • +70 built-in roles for Azure RBAC • e.g. Virtual Machine Contributor, Backup Contributor, Security Reader, etc.
@fincooper Security fail #1 • Unprotected public endpoints • HTTP / RDP / SSH • Mitigation: • Every public IP is a risk and should be carefully reviewed • Use Network Security Groups to control access to / from virtual machines • Use Azure Security Center’s Just-in-time access to dynamically change NSG rules • Use Web Application Firewall to control access to public HTTP endpoints • Configure Service Endpoint Firewalls for PaaS services • AzSK Control ID: • Azure_Subscription_NetSec_Justify_PublicIPs
@fincooper
@fincooper Security fail #2 • Every user is an Owner • …In the Subscription scope • Mitigation: • Default access scope should be Resource Group, not Subscription • Default RBAC access should be Contributor, not Owner • Instead of Owner, use User Access Administrator • AzSK Control ID: • Azure_Subscription_AuthZ_Justify_Admins_Owners
@fincooper Security fail #3 • Untrusted authentication provider being used • (Microsoft Account, Gmail, unmanaged or external Azure AD…) • Mitigation: • Always use trusted Azure AD authentication • Monitor Azure Subscription access using AAD PIM • If necessary, limit AAD Guest user inviting • AzSK control ID: • Azure_Subscription_AuthZ_Dont_Use_NonAD_Identities
@fincooper
@fincooper Security fail #4 • Storage access keys used directly • Mitigation: • Storage Access Keys should be stored in Azure Key Vault and rotated programmatically • Use data pane RBAC roles (new) • Restrict access to Microsoft.Storage/storageAccounts/listkeys/action using RBAC • AzSK control ID: • Azure_Storage_DP_Rotate_Keys
@fincooper Security fail #5 • Insufficient monitoring and alerting • Mitigation: • Configure Activity Log retention, default is only 90 days! • Enable Azure SQL Audit logging • Monitor all HTTP endpoint traffic with Application Gateway / Web Application Firewall • Enable Application Insight Smart Alerts • Enable Advanced Treat Protection for Azure SQL and Storage Accounts • Enable Service Health Alerts • Enable custom Activity Log Alerts • AzSK control ID’s • Azure_AppService_Configure_Important_Alerts • Azure_Subscription_Config_Azure_Security_Center • Azure_SQLDatabase_Audit_Enable_Threat_Detection_Server
@fincooper Storage Advanced Threat Protection Access from unusual location Application Anomaly Anonymous access Data Exfiltration Unexpected delete Upload Azure Cloud Service package Access permission change Access Inspection Data Exploration
@fincooper
@fincooper
@fincooper
@fincooper
@fincooper Security fail #6 • No network controls for PaaS storage • Mitigation: • Enable Firewall for your storage layer services • When using SAS tokens, enable IP restriction • AzSK Control ID’s: • Azure_CosmosDB_AuthZ_Enable_Firewall • Azure_SQLDatabase_AuthN_Dont_Use_SQL_AuthN • Azure_DataLakeStore_AuthZ_Enable_Firewall
@fincooper
@fincooper
@fincooper Secure DevOps kit for Azure (AzSK) • Set of tools for assessing the security posture of your Azure environment • Built by Microsoft Core Services Engineering • Used to secure 1000+ Azure subscriptions at Microsoft • Easy to get started with non-intrusive vulnerability scans, expands end-to- end tooling from developer machine to CI/CD to continuous assurance • Call to action: Use AzSK to scan your environment for security fails!
@fincooper Resources • My slides: zure.ly/karl/slides • Secure DevOps Kit for Azure: • azsk.azurewebsites.net • Microsoft Ignite 2018 session THR2104 Assess your Microsoft Azure security like a pro: • zure.ly/karl/THR2104 • Whitepaper: Develop Secure Applications on Azure: • zure.ly/karl/secureapps
@ITCAMPRO #ITCAMP19Community Conference for IT Professionals Q & A

More Related Content

What's hot (20)

PPTX
Get On Top of Azure Resource Security Using Secure DevOps Kit for Azure
Kasun Kodagoda
 
PDF
IglooConf 2019 Secure your Azure applications like a pro
Karl Ots
 
PPTX
Containerization with Azure
Pranav Ainavolu
 
PDF
Azure Low Lands 2018: Monitoring real life Azure applications when to use wha...
Karl Ots
 
PPTX
Build modern and intelligent applications using Azure Database for PostgreSQL
Microsoft Tech Community
 
PDF
Azure Saturday: Security + DevOps + Azure = Awesomeness
Karl Ots
 
PDF
CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
Karl Ots
 
PPTX
Azure Security Center
Udaiappa Ramachandran
 
PPTX
Azure Security Fundamentals
Lorenzo Barbieri
 
PPTX
Remediate and secure your organization with azure sentinel
Samik Roy
 
PPTX
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
Lacework
 
PDF
Recipe for good secrets management
Kevin Gilpin
 
PPTX
Azure governance
Udaiappa Ramachandran
 
PDF
Azure DDoS Protection Standard
arnaudlh
 
PPTX
Jenkins Terraform Vault
Shrivatsa Upadhye
 
PDF
Securing your AWS Deployments with Spinnaker and Armory Enterprise
DevOps.com
 
PDF
Microsoft Azure Security Overview
Alert Logic
 
PDF
Securing aws workloads with embedded application security
John Varghese
 
PDF
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
azuredayit
 
PDF
The Psychology of Security Automation
Jason Chan
 
Get On Top of Azure Resource Security Using Secure DevOps Kit for Azure
Kasun Kodagoda
 
IglooConf 2019 Secure your Azure applications like a pro
Karl Ots
 
Containerization with Azure
Pranav Ainavolu
 
Azure Low Lands 2018: Monitoring real life Azure applications when to use wha...
Karl Ots
 
Build modern and intelligent applications using Azure Database for PostgreSQL
Microsoft Tech Community
 
Azure Saturday: Security + DevOps + Azure = Awesomeness
Karl Ots
 
CloudBrew 2017 - Security + DevOps + Azure = Awesomeness
Karl Ots
 
Azure Security Center
Udaiappa Ramachandran
 
Azure Security Fundamentals
Lorenzo Barbieri
 
Remediate and secure your organization with azure sentinel
Samik Roy
 
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
Lacework
 
Recipe for good secrets management
Kevin Gilpin
 
Azure governance
Udaiappa Ramachandran
 
Azure DDoS Protection Standard
arnaudlh
 
Jenkins Terraform Vault
Shrivatsa Upadhye
 
Securing your AWS Deployments with Spinnaker and Armory Enterprise
DevOps.com
 
Microsoft Azure Security Overview
Alert Logic
 
Securing aws workloads with embedded application security
John Varghese
 
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
azuredayit
 
The Psychology of Security Automation
Jason Chan
 

Similar to IT Camp 19: Top Azure security fails and how to avoid them (20)

PDF
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
Karl Ots
 
PDF
Top Azure security fails and how to avoid them
Karl Ots
 
PDF
Top 18 azure security fails and how to avoid them
Karl Ots
 
PDF
TechDays Finland 2020: Azuren tietoturva haltuun!
Karl Ots
 
PDF
FAUG #9: Azure security architecture and stories from the trenches
Karl Ots
 
PDF
Azure security architecture
Karl Ots
 
PDF
Experts Live Norway - Azure Infrastructure Security
Tom Janetscheck
 
PDF
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
AzureEzy1
 
PPTX
Cloudbrew 2019 - Azure Security
Tom Janetscheck
 
PDF
Microsoft security compass presentation latest
Kali860857
 
PPTX
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
Lorenzo Barbieri
 
PPTX
Top 10 Azure Security Best Practices (1).pptx
HichamNiamane1
 
PPTX
Shared Security Responsibility for the Azure Cloud
Alert Logic
 
PDF
AZ-900 Summary with all information that
FadiAlkanani1
 
PDF
Azure governance v4.0
Marcos Oikawa
 
PDF
Azure Security Overview
David J Rosenthal
 
PPTX
security-compass-presentation-microsft.pptx
HichamNiamane1
 
PPTX
Azure Fundamentals Part 3
CCG
 
PPTX
Top 13 best security practices for Azure
Radu Vunvulea
 
PDF
Building an Enterprise-Grade Azure Governance Model
Karl Ots
 
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
Karl Ots
 
Top Azure security fails and how to avoid them
Karl Ots
 
Top 18 azure security fails and how to avoid them
Karl Ots
 
TechDays Finland 2020: Azuren tietoturva haltuun!
Karl Ots
 
FAUG #9: Azure security architecture and stories from the trenches
Karl Ots
 
Azure security architecture
Karl Ots
 
Experts Live Norway - Azure Infrastructure Security
Tom Janetscheck
 
Az 900 Session 3 Security, privacy, compliance, trust, pricing, SLA and Lifec...
AzureEzy1
 
Cloudbrew 2019 - Azure Security
Tom Janetscheck
 
Microsoft security compass presentation latest
Kali860857
 
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
Lorenzo Barbieri
 
Top 10 Azure Security Best Practices (1).pptx
HichamNiamane1
 
Shared Security Responsibility for the Azure Cloud
Alert Logic
 
AZ-900 Summary with all information that
FadiAlkanani1
 
Azure governance v4.0
Marcos Oikawa
 
Azure Security Overview
David J Rosenthal
 
security-compass-presentation-microsft.pptx
HichamNiamane1
 
Azure Fundamentals Part 3
CCG
 
Top 13 best security practices for Azure
Radu Vunvulea
 
Building an Enterprise-Grade Azure Governance Model
Karl Ots
 
Ad

More from Karl Ots (11)

PDF
UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...
Karl Ots
 
PDF
Monitoring real-life Azure applications: When to use what and why
Karl Ots
 
PDF
Navigating in the sea of containers in azure when to choose which service and...
Karl Ots
 
PDF
Kubernetes in Azure
Karl Ots
 
PDF
Azure security architecture / FAUG JKL 15.2.2018
Karl Ots
 
PDF
Securing Azure Infrastructure
Karl Ots
 
PDF
Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
Karl Ots
 
PDF
Building globally scalable media solutions with Azure Media Services part 2
Karl Ots
 
PDF
Security + DevOps + Azure = Awesomeness
Karl Ots
 
PPTX
Sovellusmodernisoinnin webinaarisarja, osa 3: modernisoidun sovelluksen integ...
Karl Ots
 
PPTX
Sovellusmodernisoinnin webinaarisarja, osa 2: liiketoimintasovelluksen modern...
Karl Ots
 
UpdateConf 2018: Monitoring real-life Azure applications: When to use what an...
Karl Ots
 
Monitoring real-life Azure applications: When to use what and why
Karl Ots
 
Navigating in the sea of containers in azure when to choose which service and...
Karl Ots
 
Kubernetes in Azure
Karl Ots
 
Azure security architecture / FAUG JKL 15.2.2018
Karl Ots
 
Securing Azure Infrastructure
Karl Ots
 
Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
Karl Ots
 
Building globally scalable media solutions with Azure Media Services part 2
Karl Ots
 
Security + DevOps + Azure = Awesomeness
Karl Ots
 
Sovellusmodernisoinnin webinaarisarja, osa 3: modernisoidun sovelluksen integ...
Karl Ots
 
Sovellusmodernisoinnin webinaarisarja, osa 2: liiketoimintasovelluksen modern...
Karl Ots
 
Ad

Recently uploaded (20)

PDF
CloudStack GPU Integration - Rohit Yadav
ShapeBlue
 
PDF
Shuen Mei Parth Sharma Boost Productivity, Innovation and Efficiency wit...
AWS Chicago
 
PDF
Empowering Cloud Providers with Apache CloudStack and Stackbill
ShapeBlue
 
PPTX
TYPES OF COMMUNICATION Presentation of ICT
JulieBinwag
 
PDF
OpenInfra ID 2025 - Are Containers Dying? Rethinking Isolation with MicroVMs.pdf
Muhammad Yuga Nugraha
 
PDF
HR agent at Mediq: Lessons learned on Agent Builder & Maestro by Tacstone Tec...
UiPathCommunity
 
PDF
Ampere Offers Energy-Efficient Future For AI And Cloud
ShapeBlue
 
PDF
CIFDAQ'S Token Spotlight for 16th July 2025 - ALGORAND
CIFDAQ
 
PDF
Human-centred design in online workplace learning and relationship to engagem...
Tracy Tang
 
PDF
Rethinking Security Operations - Modern SOC.pdf
Haris Chughtai
 
PDF
Novus-Safe Pro: Brochure-What is Novus Safe Pro?.pdf
Novus Hi-Tech
 
PDF
Productivity Management Software | Workstatus
Lovely Baghel
 
PPTX
Machine Learning Benefits Across Industries
SynapseIndia
 
PPTX
The Yotta x CloudStack Advantage: Scalable, India-First Cloud
ShapeBlue
 
PDF
2025-07-15 EMEA Volledig Inzicht Dutch Webinar
ThousandEyes
 
PDF
Novus Safe Lite- What is Novus Safe Lite.pdf
Novus Hi-Tech
 
PDF
Apache CloudStack 201: Let's Design & Build an IaaS Cloud
ShapeBlue
 
PDF
Upskill to Agentic Automation 2025 - Kickoff Meeting
DianaGray10
 
PDF
"Effect, Fiber & Schema: tactical and technical characteristics of Effect.ts"...
Fwdays
 
PPTX
Lecture 5 - Agentic AI and model context protocol.pptx
Dr. LAM Yat-fai (林日辉)
 
CloudStack GPU Integration - Rohit Yadav
ShapeBlue
 
Shuen Mei Parth Sharma Boost Productivity, Innovation and Efficiency wit...
AWS Chicago
 
Empowering Cloud Providers with Apache CloudStack and Stackbill
ShapeBlue
 
TYPES OF COMMUNICATION Presentation of ICT
JulieBinwag
 
OpenInfra ID 2025 - Are Containers Dying? Rethinking Isolation with MicroVMs.pdf
Muhammad Yuga Nugraha
 
HR agent at Mediq: Lessons learned on Agent Builder & Maestro by Tacstone Tec...
UiPathCommunity
 
Ampere Offers Energy-Efficient Future For AI And Cloud
ShapeBlue
 
CIFDAQ'S Token Spotlight for 16th July 2025 - ALGORAND
CIFDAQ
 
Human-centred design in online workplace learning and relationship to engagem...
Tracy Tang
 
Rethinking Security Operations - Modern SOC.pdf
Haris Chughtai
 
Novus-Safe Pro: Brochure-What is Novus Safe Pro?.pdf
Novus Hi-Tech
 
Productivity Management Software | Workstatus
Lovely Baghel
 
Machine Learning Benefits Across Industries
SynapseIndia
 
The Yotta x CloudStack Advantage: Scalable, India-First Cloud
ShapeBlue
 
2025-07-15 EMEA Volledig Inzicht Dutch Webinar
ThousandEyes
 
Novus Safe Lite- What is Novus Safe Lite.pdf
Novus Hi-Tech
 
Apache CloudStack 201: Let's Design & Build an IaaS Cloud
ShapeBlue
 
Upskill to Agentic Automation 2025 - Kickoff Meeting
DianaGray10
 
"Effect, Fiber & Schema: tactical and technical characteristics of Effect.ts"...
Fwdays
 
Lecture 5 - Agentic AI and model context protocol.pptx
Dr. LAM Yat-fai (林日辉)
 

IT Camp 19: Top Azure security fails and how to avoid them

  • 1. @ITCAMPRO #ITCAMP19Community Conference for IT Professionals Top Azure security fails and how to avoid them Karl Ots
  • 2. @ITCAMPRO #ITCAMP19Community Conference for IT Professionals Many thanks to our sponsors & partners! GOLD SILVER PARTNERS PLATINUM POWERED BY
  • 3. @fincooper Karl Ots Chief Consulting Officer [email protected] • Cloud & cybersecurity expert • Community leader, speaker, author & patented inventor • Working on Azure since 2011 • Helped to secure 100+ Azure applications, from startups to Fortune 500 enterprises • zure.ly/karl
  • 4. @fincooper 13,7 100% 4,5 / 5 3 6. 34 / 38 experts years avg. Azure satisfaction Azure MVPs GPTW
  • 5. @fincooper What to expect in this session • Azure security landscape • Top Azure security fails I have wandered upon in my adventures • Why are they bad? • How to fix them? • Resources to help you secure your Azure environment, regardless of your current status
  • 6. @fincooper With great power comes great responsibility
  • 7. @fincooper Secure DevOps kit for Azure (AzSK) • Set of tools for assessing the security posture of your Azure environment • Main toolset includes PowerShell module to scan your Azure platform and resources against best practices from Microsoft Core Services Engineering • Easy to get started with non-intrusive platform scans, expands end-to-end tooling from developer machine to DevSecOps
  • 8. @fincooper Secure DevOps kit for Azure (AzSK) Run AzSK PowerShell tool Analyze results Improve system security
  • 9. @fincooper Most fails described in this session can be detected by using AzSK
  • 10. @fincooper Role Based Access Control AAD Object Role Scope RBAC Assignment
  • 11. @fincooper Role-Based Access Control Subscription Resource Groups Resources Owner Can perform all management operations for a resource and its child resources including access management and granting access to others. Contributor Can perform all management operations for a resource including create and delete resources. A contributor cannot grant access to other. Reader Has read-only access to a resource and its child resources. A reader cannot read secrets.
  • 12. @fincooper RBAC Roles • A collection of actions • Microsoft.Compute/virtualMachines/* • Microsoft.Compute/virtualMachines/start/action • Microsoft.Network/virtualNetworks/read • +70 built-in roles for Azure RBAC • e.g. Virtual Machine Contributor, Backup Contributor, Security Reader, etc.
  • 13. @fincooper Security fail #1 • Unprotected public endpoints • HTTP / RDP / SSH • Mitigation: • Every public IP is a risk and should be carefully reviewed • Use Network Security Groups to control access to / from virtual machines • Use Azure Security Center’s Just-in-time access to dynamically change NSG rules • Use Web Application Firewall to control access to public HTTP endpoints • Configure Service Endpoint Firewalls for PaaS services • AzSK Control ID: • Azure_Subscription_NetSec_Justify_PublicIPs
  • 15. @fincooper Security fail #2 • Every user is an Owner • …In the Subscription scope • Mitigation: • Default access scope should be Resource Group, not Subscription • Default RBAC access should be Contributor, not Owner • Instead of Owner, use User Access Administrator • AzSK Control ID: • Azure_Subscription_AuthZ_Justify_Admins_Owners
  • 16. @fincooper Security fail #3 • Untrusted authentication provider being used • (Microsoft Account, Gmail, unmanaged or external Azure AD…) • Mitigation: • Always use trusted Azure AD authentication • Monitor Azure Subscription access using AAD PIM • If necessary, limit AAD Guest user inviting • AzSK control ID: • Azure_Subscription_AuthZ_Dont_Use_NonAD_Identities
  • 18. @fincooper Security fail #4 • Storage access keys used directly • Mitigation: • Storage Access Keys should be stored in Azure Key Vault and rotated programmatically • Use data pane RBAC roles (new) • Restrict access to Microsoft.Storage/storageAccounts/listkeys/action using RBAC • AzSK control ID: • Azure_Storage_DP_Rotate_Keys
  • 19. @fincooper Security fail #5 • Insufficient monitoring and alerting • Mitigation: • Configure Activity Log retention, default is only 90 days! • Enable Azure SQL Audit logging • Monitor all HTTP endpoint traffic with Application Gateway / Web Application Firewall • Enable Application Insight Smart Alerts • Enable Advanced Treat Protection for Azure SQL and Storage Accounts • Enable Service Health Alerts • Enable custom Activity Log Alerts • AzSK control ID’s • Azure_AppService_Configure_Important_Alerts • Azure_Subscription_Config_Azure_Security_Center • Azure_SQLDatabase_Audit_Enable_Threat_Detection_Server
  • 20. @fincooper Storage Advanced Threat Protection Access from unusual location Application Anomaly Anonymous access Data Exfiltration Unexpected delete Upload Azure Cloud Service package Access permission change Access Inspection Data Exploration
  • 25. @fincooper Security fail #6 • No network controls for PaaS storage • Mitigation: • Enable Firewall for your storage layer services • When using SAS tokens, enable IP restriction • AzSK Control ID’s: • Azure_CosmosDB_AuthZ_Enable_Firewall • Azure_SQLDatabase_AuthN_Dont_Use_SQL_AuthN • Azure_DataLakeStore_AuthZ_Enable_Firewall
  • 28. @fincooper Secure DevOps kit for Azure (AzSK) • Set of tools for assessing the security posture of your Azure environment • Built by Microsoft Core Services Engineering • Used to secure 1000+ Azure subscriptions at Microsoft • Easy to get started with non-intrusive vulnerability scans, expands end-to- end tooling from developer machine to CI/CD to continuous assurance • Call to action: Use AzSK to scan your environment for security fails!
  • 29. @fincooper Resources • My slides: zure.ly/karl/slides • Secure DevOps Kit for Azure: • azsk.azurewebsites.net • Microsoft Ignite 2018 session THR2104 Assess your Microsoft Azure security like a pro: • zure.ly/karl/THR2104 • Whitepaper: Develop Secure Applications on Azure: • zure.ly/karl/secureapps
  • 30. @ITCAMPRO #ITCAMP19Community Conference for IT Professionals Q & A