The popularity of the cloud, while advantageous to many, also carries security risks like data loss and data leaks. Companies storing their data in cloud environments should follow security practices to protect their data. This article provides an overview of Microsoft Azure Storage security services and best practices to protect your data in Azure.
Azure Storage is a Microsoft cloud storage offering. Azure provides storage for data objects, files, messages, and NoSQL databases. Some of the advantages of Azure Storage include:
Azure Storage offers four types of services. Each one of these services is designed for a different type of data.
An object storage solution designed for storing unstructured data. You can use blob storage for serving images to a browser and streaming video. Blob storage is also useful for storing data for backup and restore.
You can use Azure File Storage (AFS) to set up network file shares accessible by the Server Message Block (SMB) protocol. This gives the user the advantage of having multiple VMs with reading and write access sharing the same file.
Unlike an on-premises file-share, AFS enables you to enjoy the accessibility of the cloud. You can access AFS files from anywhere via a URL. Regarding security, the service enables you to create a Shared Access Signature (SAS) token to control access to sensitive assets.
Azure Queue Storage is a service for storing messages through HTTP or HTTPS. A queue message can have up to 64 KB in size, and a queue can store millions of messages. You can use Queue Storage to create a workload for storing and retrieving messages asynchronously. This enables you to store large numbers of messages via authenticated calls.
A Virtual Hard Disk (VHD) service. When using this type of storage you can choose between Solid State Drive (SSD) or Hard Disk Drive (HDD). Azure disk storage provides high availability by replicating the data three times. Disk storage provides scalability by enabling you to create up to 50,000 VM disks per region.
Azure provides a number of security services. One of the offerings is the Azure Security Center—a built-in centralized security management system. It provides threat protection for cloud, hybrid, and on-premises workloads. The Security Center features a Security Advisor that provides recommendations for fixing security vulnerabilities.
Azure provides key features for securing your data in storage. For example, Shared Access Signatures (SAS) enables you to control who can access the data in your storage account. Here are more security features you can take advantage of to secure data stored in Azure:
1. Multi-factor authentication for administrator accounts
Applying Multi-Factor authentication (MFA) in admin accounts ensures that only authorized users can access the admin account. Otherwise, if an admin account is compromised, an attacker can create or delete resources, and steal money or intellectual property.
2. Enable “secure transfer required”
This option only allows requests to the storage account via a secure connection. For example, requiring a connection through HTTPS, instead of HTTP.
3. Storage service encryption
You should enable data encryption at rest for blobs. This feature enables you to encrypt the data as it’s written in the data center. The storage then automatically decrypts it when you access it.
4. SQL database security practices
When using Azure SQL database you should ensure to follow the best practices below:
5. Minimize the number of admins
Since each additional person in the admin role increases the risk of internal threats and compromised credentials it is a good practice to keep admin roles to a minimum.
6. Do not grant permissions to external accounts
External accounts can put your data at risk. These accounts may have different security standards than your company account.
Azure provides a good security base for protecting your data in storage. However, Azure’s shared responsibility model means users need to secure their side by following standard security practices and leveraging the security functions the platform provides. With the right practices, organizations can keep their data secure.