Ansible on Azure Management Security Controls

Overview

A managed application is a type of deployment that combines the advantages of a self-supported application and a SaaS solution. The customer owns all the infrastructure supporting the application. Red Hat has permission to provide direct support for the application. Azure infrastructure and security controls manage the relationship between customer resources and Red Hat's responsibilities.

Security Controls

The managed application is associated with a sole-purpose Azure tenant under Red Hat's control. This association is created transparently during the deployment of the Marketplace offering. This association is not visible in the Microsoft Azure Portal at this time.

Red Hat restricts accounts in this tenant to a specific team designated to support the application for customers. Team member accounts use SSO and two-factor authentication. Audits are performed regularly to verify access and permissions.

An instance of the Ansible Automation Platform performs maintenance on customer's deployments. These systems have a CIS benchmark policy applied to them. Customer data is neither collected nor stored in the management subscription except for which is necessary to support the maintenance of the platform (e.g. name of the managed application, resource group names)

A custom security policy has been applied to all management subscriptions to evaluate our security posture and remediate issues. Logs are collected and sent to an external logging solution for evaluation.

Security controls are evaluated regularly for improvements.