• Dana Epp

Securing your cloud data in Azure Storage

It always amazes me how many IT professionals and business leaders I talk to who believe they can abdicate responsibility of their data security to their cloud vendors. This just isn't true. It is your data. Your responsibility.

Microsoft has recently published the Azure Storage Security Guide which outlines the comprehensive set of security capabilities that you can turn on to build secure applications and protect your data in the cloud. As an example:

  • All data written to Azure Storage is automatically encrypted using Storage Service Encryption (SSE).

  • The storage account itself can be secured using Role-Based Access Control and Azure Active Directory.

  • Data can be secured in transit between an application and Azure by using Client-Side Encryption, HTTPS, or SMB 3.0.

  • OS and data disks used by Azure virtual machines can be encrypted using Azure Disk Encryption.

  • Delegated access to the data objects in Azure Storage can be granted using Shared Access Signatures.

The security guide covers a ton of good content relating to:

  • Management Plane Security – Securing your Storage Account

  • Data Plane Security – Securing Access to Your Data

  • Encryption in Transit

  • Encryption at Rest

  • Storage Analytics

  • Enabling Browser-Based Clients using CORS

If you have data in Azure, you owe it to yourself to get familiar with cloud data security concepts. The Azure Storage Security Guide is a great resource for that.