{"id":16240,"date":"2019-09-05T09:00:31","date_gmt":"2019-09-05T17:00:31","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/09\/05\/news-9982\/"},"modified":"2019-09-05T09:00:31","modified_gmt":"2019-09-05T17:00:31","slug":"news-9982","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/09\/05\/news-9982\/","title":{"rendered":"Foundations of Microsoft Flow\u2014secure and compliant automation, part 1"},"content":{"rendered":"<p><strong>Credit to Author: Todd VanderArk| Date: Thu, 05 Sep 2019 16:00:59 +0000<\/strong><\/p>\n<p>Automation services are steadily becoming significant drivers of modern IT, helping improve efficiency and cost effectiveness for organizations. A <a href=\"https:\/\/www.mckinsey.com\/business-functions\/operations\/our-insights\/the-automation-imperative\" target=\"_blank\" rel=\"noopener\">recent McKinsey survey<\/a> discovered that \u201cthe majority of all respondents (57 percent) say their organizations are at least piloting the automation of processes in one or more business units or functions. Another 38 percent say their organizations have not begun to <a href=\"https:\/\/www.mckinsey.com\/featured-insights\/digital-disruption\/whats-now-and-next-in-analytics-ai-and-automation\" target=\"_blank\" rel=\"noopener\">automate business processes<\/a>, <em>but nearly half <\/em>of them say their organizations plan to do so within the next year.\u201d<\/p>\n<p>Automation is no longer a theme of the future, but a necessity of the present, playing a key role in a growing number of IT and user scenarios. As security professionals, you\u2019ll need to recommend an automation service that enables your organization to reap its benefits without sacrificing on strict security and compliance standards.<\/p>\n<p>In our two-part series, we share how Microsoft delivers on the promise of empowering a secure, compliant, and automated organization. In part 1, we provide a quick intro into <a href=\"https:\/\/flow.microsoft.com\/en-us\/\" target=\"_blank\" rel=\"noopener\">Microsoft Flow<\/a> and provide an overview into its best-in-class, secure infrastructure. In part 2, we go deeper into how Flow secures your users and data, as well as enhances the IT experience. We also cover Flow\u2019s privacy and certifications to give you a glimpse into the rigorous compliance protocols the service supports. Let\u2019s get started by introducing you to Flow.<\/p>\n<p>To support the need for secure and compliant automation, <a href=\"https:\/\/docs.microsoft.com\/en-us\/flow\/getting-started\" target=\"_blank\" rel=\"noopener\">Microsoft launched Flow<\/a>. With Flow, organizations will experience:<\/p>\n<ul>\n<li>Seamlessly integrated automation at scale.<\/li>\n<li>Accelerated productivity.<\/li>\n<li>Secure and compliant automation.<\/li>\n<\/ul>\n<p>Secure and compliant automation is perhaps the most interesting value of Flow for this audience, but let\u2019s discuss the first two benefits before diving into the third.<\/p>\n<h3>Integrated automation at scale<\/h3>\n<p>Flow is a Software as a Service (SaaS) automation service used by customers ranging from large enterprises, such as <a href=\"https:\/\/customers.microsoft.com\/en-us\/story\/virgin-atlantic-travel-and-transportation-power-apps\" target=\"_blank\" rel=\"noopener\">Virgin Atlantic<\/a>, to smaller organizations, such as <a href=\"https:\/\/customers.microsoft.com\/en-us\/story\/gj-pepsi-consumer-goods-powerapps\" target=\"_blank\" rel=\"noopener\">G&amp;J Pepsi<\/a>. Importantly, Flow serves as a foundational pillar for the <a href=\"https:\/\/cloudblogs.microsoft.com\/dynamics365\/bdm\/2019\/01\/29\/the-microsoft-power-platform-empowering-millions-of-people-to-achieve-more\/\" target=\"_blank\" rel=\"noopener\">Microsoft Power Platform<\/a>, a seamlessly integrated, low-code development platform enabling easier and quicker application development. With Power Platform, organizations analyze data with <a href=\"https:\/\/powerbi.microsoft.com\/en-us\/\" target=\"_blank\" rel=\"noopener\">Power BI<\/a>, act on data through <a href=\"https:\/\/powerapps.microsoft.com\/en-us\/\" target=\"_blank\" rel=\"noopener\">Microsoft PowerApps<\/a>, and automate processes using Flow (Figure 1).<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-1.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89830 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-1.png\" alt=\"Diagram showing app automation driving business processes with Flow. The diagram shows Flow, PowerApps, and Power BI circling CDS, AI Builder, and Data Connectors.\" width=\"1648\" height=\"1059\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-1.png 1648w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-1-300x193.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-1-768x494.png 768w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-1-1024x658.png 1024w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-1-200x130.png 200w\" sizes=\"auto, (max-width: 1648px) 100vw, 1648px\" \/><\/a><\/p>\n<p><em>Figure 1. Power Platform offers a seamless loop to deliver your business goals.<\/em><\/p>\n<p>Low-code platforms can help scale IT capabilities to create a broader range of application developers\u2014from the citizen to pro developer (Figure 2). With growing burdens on IT, scaling IT through citizen developers who design their own business applications, is a tremendous advantage. Flow is also differentiated from all other automated services because of its <em>native integration<\/em> with Microsoft 365, Dynamics 365, and Azure.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-2.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89831 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-2.png\" alt=\"Image showing Citizen Developers, IT\/Admins, and Pro Developers.\" width=\"1833\" height=\"546\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-2.png 1833w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-2-300x89.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-2-768x229.png 768w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-2-1024x305.png 1024w\" sizes=\"auto, (max-width: 1833px) 100vw, 1833px\" \/><\/a><\/p>\n<p><em>Figure 2. Low-code development platforms empower everyone to become a developer, from the citizen developer to the pro developer.<\/em><\/p>\n<h3>Accelerated productivity<\/h3>\n<p>Flow accelerates your organization\u2019s productivity. The productivity benefits from Flow were recently quantified in a <a href=\"http:\/\/download.microsoft.com\/documents\/en-us\/dynamics365\/power%20platform\/TEI%20of%20MSFT%20PowerApps%20And%20Flow.pdf\" target=\"_blank\" rel=\"noopener\">Total Economic Impact (TEI)<\/a> study conducted by Forrester Research and commissioned by Microsoft (The Total Economic Impact<img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/11\/72x72\/2122.png\" alt=\"\u2122\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\" \/> Of PowerApps And Microsoft Flow, June 2018). Forrester determined that over a three-year period Flow helped organizations reduce application development and application management costs while saving thousands of employee hours (Figure 3).<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-3.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89832 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-3.png\" alt=\"Image showing 70% for Application development costs, 38% for Application management costs, and +122K for Worker Hours Saved.\" width=\"1587\" height=\"601\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-3.png 1587w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-3-300x114.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-3-768x291.png 768w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-3-1024x388.png 1024w\" sizes=\"auto, (max-width: 1587px) 100vw, 1587px\" \/><\/a><\/p>\n<p><em>Figure 3. Forrester TEI study results on the reduced application development and management costs and total worker hours saved.<\/em><\/p>\n<h3>Built with security and compliance<\/h3>\n<p>Automation will be the backbone for efficiency across much of your IT environment, so choosing the right service can have enormous impact on delivering the best business outcomes. As a security professional, you must ultimately select the service which best balances the benefits from automation with the rigorous security and compliance requirements of your organization. Let\u2019s now dive into how Flow is built on a foundation of security and compliance, so that selecting Flow as your automation service is an easy decision.<\/p>\n<h3>A secure infrastructure<\/h3>\n<p>Comprehensive security accounts for a wide <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2018\/11\/13\/the-evolution-of-microsoft-threat-protection-november-update\/\" target=\"_blank\" rel=\"noopener\">variety of attack vectors<\/a>, and since Flow is a SaaS offering, infrastructure security is an important component and where we\u2019ll start. Flow is a global service deployed in datacenters across the world (Figure 4). Security begins with the physical datacenter, which includes perimeter fencing, video cameras, security personnel, secure entrances, and real-time communications networks\u2014continuing from every area of the facility to each server unit. To learn more about how our datacenters are secured, take a <a href=\"https:\/\/www.microsoft.com\/en-us\/videoplayer\/embed\/RE1Rroc?autoplay=1\" target=\"_blank\" rel=\"noopener\">virtual tour<\/a>.<\/p>\n<p>The physical security is complemented with threat management of our cloud ecosystem. Microsoft security teams leverage sophisticated data analytics and machine learning and continuously pen-test against distributed-denial-of-service (DDoS) attacks and other intrusions.<\/p>\n<p>Flow also has the luxury of being the only automation service natively built on Azure which has an architecture designed to secure and protect data. Each datacenter deployment of Flow consists of two clusters:<\/p>\n<ul>\n<li><strong>Web Front End (WFE) cluster<\/strong>\u2014A user connects to the WFE before accessing any information in Flow. Servers in the WFE cluster authenticate users with Azure Active Directory (Azure AD), which stores user identities and authorizes access to data. <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/traffic-manager\/\" target=\"_blank\" rel=\"noopener\">Azure Traffic Manager<\/a> finds the nearest Flow deployment, and that WFE cluster manages sign-in and authentication.<\/li>\n<li><strong>Backend cluster<\/strong>\u2014All subsequent activity and access to data is handled through the back-end cluster. It manages dashboards, visualizations, datasets, reports, data storage, data connections, and data refresh activities. The backend cluster hosts many roles, including Azure API Management, Gateway, Presentation, Data, Background Job Processing, and Data Movement.<\/li>\n<\/ul>\n<p>Users directly interact only with the Gateway role and Azure API Management, which are accessible through the internet. These roles perform authentication, authorization, distributed denial-of-service (DDoS) protection, bandwidth throttling, load balancing, routing, and other security, performance, and availability functions. There is a distinction between roles users can access and roles only accessible by the system.<\/p>\n<p>Stay tuned for part 2 of our series where we\u2019ll go deeper into how Flow further secures authentication of your users and data, and enhances the IT experience, all while aligning to several regulatory frameworks.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-4.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89833 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-4.png\" alt=\"Image showing Microsoft\u2019s global datacenter locations.\" width=\"1362\" height=\"459\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-4.png 1362w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-4-300x101.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-4-768x259.png 768w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/09\/Microsoft-Flow-4-1024x345.png 1024w\" sizes=\"auto, (max-width: 1362px) 100vw, 1362px\" \/><\/a><\/p>\n<p><em>Figure 4. Microsoft\u2019s global datacenter locations.<\/em><\/p>\n<h3>Let Flow enhance your digital transformation<\/h3>\n<p>Let your organization start benefiting from one of the most powerful and secure automation services available on the market. Watch the <a href=\"https:\/\/www.youtube.com\/watch?v=iMteXfAvDSE&amp;feature=youtu.be&amp;list=PL8nfc9haGeb55I9wL9QnWyHp3ctU2_ThF\" target=\"_blank\" rel=\"noopener\">video<\/a> and follow the instructions to get started with Flow. Be sure to join the growing <a href=\"https:\/\/powerusers.microsoft.com\/t5\/Microsoft-Flow-Community\/ct-p\/FlowCommunity\" target=\"_blank\" rel=\"noopener\">Flow community<\/a> and participate in discussions, provide insights, and even influence product roadmap. Also, follow the <a href=\"https:\/\/flow.microsoft.com\/en-us\/blog\/security-governance-strategy\/\" target=\"_blank\" rel=\"noopener\">Flow blog<\/a> to get news on the latest Flow updates and read our <a href=\"https:\/\/powerapps.microsoft.com\/en-us\/blog\/powerapps-enterprise-deployment-whitepaper\/\" target=\"_blank\" rel=\"noopener\">white paper on best practices for deploying Flow in your organization<\/a>. Be sure to check out part 2 where we dive deeper into how Flow offers the best and broadest security and compliance foundation for any automation service available in the market.<\/p>\n<h3>Additional resources<\/h3>\n<ul>\n<li>Sign up for <a href=\"https:\/\/flow.microsoft.com\/\" target=\"_blank\" rel=\"noopener\">Microsoft Flow<\/a>\u2014just click or tap <strong>Sign up free<\/strong> in the upper-right corner.<\/li>\n<li>Visit the <a href=\"https:\/\/powerusers.microsoft.com\/t5\/Microsoft-Flow-Community\/ct-p\/FlowCommunity\" target=\"_blank\" rel=\"noopener\">Flow community to connect with peers, share ideas, and learn from experts<\/a>.<\/li>\n<li>Read the <a href=\"https:\/\/flow.microsoft.com\/en-us\/blog\/\" target=\"_blank\" rel=\"noopener\">Flow blog to get the latest news<\/a>.<\/li>\n<li>Read <a href=\"https:\/\/docs.microsoft.com\/en-us\/power-platform\/admin\/admin-powerapps-enterprise-deployment\" target=\"_blank\" rel=\"noopener\">Administering a PowerApps enterprise deployment technical white paper<\/a>.<\/li>\n<li>Watch the <a href=\"https:\/\/www.youtube.com\/watch?v=iMteXfAvDSE&amp;feature=youtu.be&amp;list=PL8nfc9haGeb55I9wL9QnWyHp3ctU2_ThF\" target=\"_blank\" rel=\"noopener\">Microsoft Flow: Getting Started<\/a> video.<\/li>\n<\/ul>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/09\/05\/foundations-of-microsoft-flow-secure-compliant-automation-part-1\/\">Foundations of Microsoft Flow\u2014secure and compliant automation, part 1<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/\">Microsoft Security<a>.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/09\/05\/foundations-of-microsoft-flow-secure-compliant-automation-part-1\/\" target=\"bwo\" >https:\/\/blogs.technet.microsoft.com\/mmpc\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Todd VanderArk| Date: Thu, 05 Sep 2019 16:00:59 +0000<\/strong><\/p>\n<p>In part 1 of our two-part series, we introduce a security minded audience to Microsoft Flow\u2014an automation service with a strong security and compliance foundation.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/09\/05\/foundations-of-microsoft-flow-secure-compliant-automation-part-1\/\">Foundations of Microsoft Flow\u2014secure and compliant automation, part 1<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/security\/blog\/\">Microsoft Security<a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10759,10378],"tags":[21500,21481],"class_list":["post-16240","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security","tag-azure-security","tag-microsoft-365"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16240","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=16240"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16240\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=16240"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=16240"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=16240"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}