From Security Standard Definition to Centralized Posture Management: A Comprehensive Security Framework for Azure Kubernetes Service

In the modern cloud landscape, Kubernetes has emerged as the de facto standard for container orchestration, allowing organizations to deploy, scale, and manage applications in an efficient and automated manner. Among the managed Kubernetes services, Azure Kubernetes Service (AKS) is one of the most widely adopted, thanks to its deep integration with the Microsoft Azure platform and its simplified operational model. As enterprises increasingly rely on AKS for critical workloads, securing these environments has become an increasingly important topic. Protecting Kubernetes clusters on Azure requires more than applying security best practices; it requires continuous compliance, observability, and governance to match enterprise security and regulatory requirements. The challenge becomes even greater for organizations that manage multiple, fully isolated customer environments. In these scenarios, strict isolation often conflicts with Azure’s native management tools, such as Azure Lighthouse, which are designed for centralized multi-tenant administration. While these tools streamline operations, they inherently introduce shared control planes and permission boundaries that are unsuitable for environments requiring strong isolation guarantees. The thesis addresses this challenge directly by performing a thorough analysis of the current state of security in AKS and by translating it into an enterprise security standard applicable to Azure-managed Kubernetes clusters. The research led to the definition of a structured set of technical and organizational requirements aimed at standardizing cluster hardening and governance. Based on that foundation, the work illustrates the design and implementation of a dedicated Azure-based infrastructure for automating the assessment of the defined security posture. The proposed solution allows centralized visibility and compliance monitoring while maintaining the complete isolation of customer environments. Through this architecture, the thesis provides a scalable and auditable model for securing and managing AKS clusters in complex enterprise multi-client scenarios filling the gap between isolated clusters and centralized governance.