Securing Microsoft Azure OpenAI E-Book

Table of Contents

Cover

Table of Contents

Title Page

Introduction

CHAPTER 1: Overview of Generative Artificial Intelligence Security

Common Use Cases for Generative AI in the Enterprise

Shared AI Responsibility Model

Regulation and Control Frameworks

Key Takeaways

References

CHAPTER 2: Security Controls for Azure OpenAI Service

On the Importance of Selecting Appropriate Security Controls

Comparing OpenAI Hosting Models

Evaluating Security Controls with MCSB

Using Azure Policy to Secure Azure OpenAI at Scale

Key Takeaways

References

CHAPTER 3: Implementing Azure OpenAI Security Controls

OWASP Top 10 for LLM Applications

Access Control

Audit Logging

Network Isolation

Encryption at Rest

Content Filtering Controls

Key Takeaways

References

CHAPTER 4: Securing the Entire Application

The Three-Tier LLM Application in Azure

Retrieval-Augmented Generation

Azure Front Door

Azure App Service

API Management

Storage Account

Cosmos DB

Azure AI Search

Key Takeaways

References

CHAPTER 5: Moving to Production

LLM Application Security Lifecycle

AI Security Posture Management

LLM Application in Your Cloud Security Architecture

Key Takeaways

References

Index

Copyright

Dedication

About the Author

About the Technical Editor

Acknowledgments

End User License Agreement

List of Tables

Chapter 2

Table 2.1: Comparison of ChatGPT and Azure OAI Security Controls

Table 2.2: Microsoft Cloud Security Benchmark Control Details for NS-6

Table 2.3: Controls of the Network Security Domain of MCSB

Table 2.4: Controls of the Identity Management Domain of MCSB

Table 2.5: Controls of the Privileged Access Domain of MCSB

Table 2.6: Controls of the Data Protection Domain of MCSB

Table 2.7: Controls of the Asset Management Domain of MCSB

Table 2.8: Controls of the Logging and Threat Detection Domain of MCSB

Table 2.9: Controls of the Incident Response Domain of MCSB

Table 2.10: Controls of the Incident Response Domain of MCSB

Table 2.11: Controls of the Endpoint Security Domain of MCSB

Table 2.12: Controls of the Backup and Recovery Domain of MCSB

Table 2.13: Controls of the DevOps Security Domain of MCSB

Table 2.14: Controls of the Governance and Strategy Domain of MCSB

Table 2.15: Logging and Threat Detection Controls in the Azure OpenAI Securi...

Table 2.16: Identity Management Controls in the Azure OpenAI Security Baseli...

Table 2.17: Logging and Threat Detection Controls in the Azure OpenAI Securi...

Table 2.18: Network Security Controls in the Azure OpenAI Security Baseline...

Table 2.19: Asset Management Controls in the Azure OpenAI Security Baseline...

Table 2.20: Backup and Recovery Controls in the Azure OpenAI Security Baseli...

Table 2.21: Endpoint Security Controls in the Azure OpenAI Security Baseline...

Table 2.22: Posture and Vulnerability Management Controls in the Azure OpenA...

Table 2.23: Privileged Access Controls in the Azure OpenAI Security Baseline...

Table 2.24: Selected Security Controls from the Azure OpenAI Security Baseli...

Table 2.25: MCSB Controls for Azure OAI Mapped to CIS and NIST

Chapter 4

Table 4.1: Threats Related to the Sample Three-Tier Application

Table 4.2: Selected Security Controls from the Azure Front Door Security Bas...

Table 4.3: Selected Security Controls from the Azure App Service Security Ba...

Table 4.4: Selected Security Controls from the Azure API Management Security...

Table 4.5: Selected Security Controls from the Azure Storage Account Securit...

Table 4.6: Selected Security Controls from the Azure Cosmos DB Security Base...

Table 4.7: Selected Security Controls from the Azure AI Search Security Base...

Chapter 5

Table 5.1: Asset Management Control Domain of MCSB

Table 5.2: Incident Response Control Domain of MCSB

Table 5.3: Privileged Access Control Domain of MCSB

Table 5.4: Posture and Vulnerability Management Control Domain of MCSB

List of Illustrations

Chapter 1

Figure 1.1: A representative three-tier generative AI application

Figure 1.2: Shared responsibility model for cloud computing

Figure 1.3: Shared responsibility model for AI

Figure 1.4: Classification of AI risk in the EU AI Act

Figure 1.5: NIST AI RMF core

Chapter 2

Figure 2.1: Microsoft Cloud Security Benchmark in Defender for Cloud

Figure 2.2: Azure Policy evaluation flow

Figure 2.3: Azure Policy noncompliance evidence

Chapter 3

Figure 3.1: OWASP Top 10 for LLM applications

Figure 3.2: Activity log event details

Figure 3.3: Inbound network control

Figure 3.4: Outbound network controls

Figure 3.5: Generating an encryption key in Azure Key Vault

Figure 3.6: Creating a custom content filter

Chapter 4

Figure 4.1: Three-tier LLM application in Azure

Figure 4.2: Threat model of the three-tier sample application

Figure 4.3: Sample application with revised Azure services

Figure 4.4: Azure options for RAG

Figure 4.5: Revised application architecture with RAG

Figure 4.6: Configuring resource logs for Azure Front Door

Figure 4.7: Configuring the Front Door log scrubbing feature

Figure 4.8: Microsoft-managed rules of Front Door WAF

Figure 4.9: Creating a custom Front Door WAF rule

Figure 4.10: Enforcing the built-in authentication in App Service

Figure 4.11: Network isolation of Azure App Service

Figure 4.12: API Management access and network controls

Figure 4.13: Configuring allowed resource instances for Storage Account

Figure 4.14: Configuring encryption scopes for Storage Account encryption at...

Figure 4.15: Configuring periodic backups for Cosmos DB

Figure 4.16: Resource firewall of Azure AI Search

Figure 4.17: Configuring CMK encryption for AI Search index

Chapter 5

Figure 5.1: Security-scanned Meta Llama model in the AI Studio model catalog...

Figure 5.2: AI-generated image verified using Content Credentials

Figure 5.3: Cloud discovery

Figure 5.4: A sample graph from the executive report

Figure 5.5: Discovered apps

Figure 5.6: Viewing the details of a discovered application (ChatGPT)

Figure 5.7: Customizing the Defender for Cloud Apps risk score metrics

Figure 5.8: Manage application

Figure 5.9: Customizing an alert in Defender for Cloud Apps

Figure 5.10: Security recommendation details for Defender for Cloud AI workl...

Figure 5.11: Creating an exemption for a Defender recommendation

Figure 5.12: Security alert details page in Defender for Cloud

Figure 5.13: Supporting evidence for the alert

Figure 5.14: Take action on an alert

Figure 5.15: Inspecting of resource logs from the alert

Figure 5.16: Incident view

Figure 5.17: Prompt evidence setting

Figure 5.18: The subscription hierarchy of Microsoft Enterprise-Scale landin...

Figure 5.19: Our LLM application deployed to an Azure landing zone

Guide

Cover

Title Page

Copyright

Dedication

About the Author

About the Technical Editor

Acknowledgments

Introduction

Table of Contents

Begin Reading

Index

End User License Agreement

Pages

iii

xxiii

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

iv

v

vii

ix

xi

361

Securing Microsoft Azure OpenAI

Introduction

Even for an industry that never seems to sit still, the massive surge in generative AI adoption that followed the launch of ChatGPT in November 2022 felt breathtaking. Two months and 100 million users later, it had become the most popular piece of software ever used. The commercial success of this consumer product ushered in a new era of hopes and dreams for AI, which had been reduced to somewhat of a niche for decades.

Fast-forward to today. While some of these hopes and dreams have certainly come true, we have also learned the harsh truths of what it means to apply this new technology to practice. To get the most value out of these systems, we need to ground these models with our own data from our crown jewel data sources and apply at least all the security controls we would for our other cloud applications. While some may see this as disillusionment, I see this as maturity. Instead of talking in ifs, buts, and hencewiths, we are asking the crucial question: how do we secure generative AI applications?

This book is my personal attempt at answering the how of generative AI security, specifically in the context of Azure OpenAI. To write this book, I have drawn from my experience as a consultant working with many different companies across the world, all of them with a different set of requirements, capabilities, and digital maturity.

I hope you will take to heart the security methodologies and implementation details described in this book. We do not yet know whether all companies will become AI companies in the same way all companies are becoming software companies. But what is already certain is that if yours is on the way to doing so, you have taken a significant leap in securing that future by deciding to read this book.