Data Classification & Protection
Data Retention & Storage
Access to Storage
Metrics and Risk
The course is part of this learning path
- Configure security policies to classify, protect, and manage data
- Configure data retention for storage and databases
- Set up Azure SQL security features and auditing
- Learn how to configure storage account security and access
- Learn how to secure HDInsight clusters
- Configure Cosmos DB security
- Configure Data Lake security
- Learn good design features of an Azure application
- See how Azure App Services can secure your app
- See how a governance policy can help formalize security requirements
- People preparing for Microsoft’s AZ-500 exam
- System administrators
- App developers
- Experience with Microsoft Azure
- Experience with Office 365
- Basic knowledge of computer security principles
- Basic networking knowledge
In this course, we've covered a lot of ground very quickly. I see the content as falling into broad categories of protection, retention, security, monitoring, and governance. Let's review these and see how Azure's security features can be applied.
While we covered governance at the end, it's actually not a bad place to start. You can use a structured framework of risk assessment, policy action, and technical solution options to establish a current data security benchmark. Having done this, you can objectively assess your current status, fix the holes, and use those benchmarks to validate future scenarios and actions.
Data protection is counterproductive if the data is so secure it's unusable. Data labeling and protection that is available in Office 365 and Azure SQL with Azure Rights Management allows you to configure protection in terms of availability and distribution. Too much of the time, we focus on external threats when it is not unheard of for disgruntled or sales staff to use client information to enrich themselves. These tools go some way to mitigating that threat.
Speaking of threats, the Azure SQL Threat Detection is a quick and easy-to-implement out-of-the-box feature.
Not only can users steal data, they can also destroy it, intentionally or accidentally. Retention policies by way of Soft Delete Period and Recoverability can prevent irretrievable problems. We saw how database backup retention can be automated and configured.
Azure provides a multitude of ways to configure authentication and authorization. These range from Active Directory authentication to Azure SQL, and Role-Based Access Control to storage accounts, through to limited access via Shared Access Signatures to resources. Many Azure resources make use of keys to grant access, and Azure makes it easy to generate and manage keys or import your own keys.
In terms of infrastructure, you can set up virtual networks within Azure to add another level of defense to your systems.
All of these features are built in, but what security support do you get when deploying your own custom apps? Azure can only do so much, so we looked at best practice app design principles. This involves minimizing the risk of your app becoming the attack vector. Securely store secrets and connection strings in environment variables that Azure will manage. Use tools to assess your app's security profile, and we touched on tests within Azure to evaluate website availability.
As well as all of these preventative measures, Azure also records a myriad of metrics that will notify you of breaches - potential or actual. Analyzing metric data will highlight potential risks and allow you to address them before they become a problem. There is no doubt that Azure provides a vast array of tools and features to assist you in securing your data and infrastructure. While very few will find all of what we have touched on applicable, I'm sure most of you will see the benefits of some of these features in your organization. Most security or data breaches are due to human error; it is up to you to implement the appropriate safeguards. Let's face it, no one wants to be that person on the evening news.
About the Author
Hallam is a software architect with over 20 years experience across a wide range of industries. He began his software career as a Delphi/Interbase disciple but changed his allegiance to Microsoft with its deep and broad ecosystem. While Hallam has designed and crafted custom software utilizing web, mobile and desktop technologies, good quality reliable data is the key to a successful solution. The challenge of quickly turning data into useful information for digestion by humans and machines has led Hallam to specialize in database design and process automation. Showing customers how leverage new technology to change and improve their business processes is one of the key drivers keeping Hallam coming back to the keyboard.