New Training: Configure Security for Storage
In this 8-video skill, CBT Nuggets trainer Daniel Sasse talks about these security decisions as well as best practices and good Azure storage design. Watch this new Azure training.
Watch the full course: Microsoft Certified: Azure Security Engineer Associate
This training includes:
53 minutes of training
You’ll learn these topics in this skill:
Configure Access Control for Storage Accounts
Configure Key Management for Storage Accounts
Configure Azure AD Authentication for Azure Storage
Configure Azure AD Domain Services Authentication for Azure Files
Create and Manage Shared Access Signatures (SAS)
Create a Shared Access Policy for a Blob or Blob Container
Configure Storage Service Encryption
Configure Azure Defender for Storage
What are the Best Means for Securing Data When Using Azure Storage?
When using Azure Storage, there are a number of things that you can do to secure your data.
To prevent accidental data deletion in blobs, either through human error or errors in applications, you should use the soft delete feature. This allows you to restore data that has been deleted within a certain period of time.
Next, consider storing mission-critical data in Write Once, Read Many (WORM) state, to prevent the malicious tampering of it. You can configure this for a specific period of time or until you manually lift the hold that you've placed.
Shared Access Signature (SAS) is another security feature to consider. It restricts access to data through the use of security tokens. You can configure these tokens for a specific period of time or to specific resources.
Finally, you can use service endpoints to restrict network access to resources. With service endpoints, you configure a private IP, which resources in a VNet can then use to access data.