SlideShare uma empresa Scribd logo

Data Security - Storage Security

Eng Teong Cheah
Eng Teong Cheah

Implement storage security strategies including shared access signatures, blob retention policies, and Azure Files authentication.

Tecnologia
1 de 14
Baixar para ler offline
Data Security Storage Security
Hello! I am Eng Teong Cheah Microsoft MVP 2
Data Security 3
Data Sovereignty 4 ◎ The concept that information which has been converted and stored in binary digital form is subject to the laws of the country or region in which it is located. ◎ In Azure, customer data might be replicated within a selected geographic area for enhanced data durability in case of a major data center disaster, and in some cases will not be replicated outside it.
Azure Storage Access 5 Storage Storage Account Share Key Shared access signature Azure Active Directory Active Directory (preview) Anonymo us public read access Azure Blobs Supported Supported Supported Not Supported Supported Azure Files (SMB) Supported Not supported Supported, only with Azure AD Domain Services Supported, credentials must be synced to Azure AD Not Supported Azure Files (REST) Supported Supported Not Supported Not supported Not supported
Shared Access Signatures 6 ◎ Digitally signed URIs of target storage resources ◎ Grants access to clients without sharing your storage account keys ◎ Two SAS types: Account and Service ◎ Configure permissions, start/expiry times, IP address, and allowed protocols
Azure AD Storage Authentication 7 ◎ Authorization with Azure AD is available for all general-purpose and Blob storage accounts in all public regions and national clouds. ◎ Built-in storage roles are provided including Owner, Contributor, and Reader. ◎ The role can be scoped from Management Group to individual blob or queue. Best practices dictate granting only the narrowest possible scope.
Azure AD Storage Authentication 8 ◎ RBAC role assignments may take up to five minutes to propagate.
Blob Data Retention Policies 9 ◎ Data recovery and disposal rules ◎ Time-based retention for a specified interval (days) ◎ Legal-hold retention based on tags – no editing or deleting of the content ◎ Container policies apply to all existing and new content ◎ Supports audit logging
Azure Files Authentication 10 ◎ Enable identity-based authentication ◎ Use Azure AD DS or on-premises AD DS (preview) ◎ Use RBAC roles to assign access rights to the file shares ◎ Enforces standard Windows file permissions at both the directory and file level
Secure Transfer Required 11 ◎ Storage account connections must be secure (HTTPs) ◎ HTTPs for custom domain names not supported ◎ Azure Files connections require encryption (SMB)
Demostrations Service Endpoints and Securing Storage 20
Thanks! Any questions? You can find me at: @walkercet 21
References ◎ https://docs.microsoft.com/en-us/ 22

Recomendados

Application Security - Key Vault
Application Security - Key VaultApplication Security - Key Vault
Application Security - Key Vault
Eng Teong Cheah
 
Access Security - Hybrid Identity
Access Security - Hybrid IdentityAccess Security - Hybrid Identity
Access Security - Hybrid Identity
Eng Teong Cheah
 
Compute Security - Host Security
Compute Security - Host SecurityCompute Security - Host Security
Compute Security - Host Security
Eng Teong Cheah
 
Active Directory & LDAP | Security for Elasticsearch
Active Directory & LDAP | Security for ElasticsearchActive Directory & LDAP | Security for Elasticsearch
Active Directory & LDAP | Security for Elasticsearch
Jochen Kressin
 
Consolidating Infrastructure with Azure Kubernetes Service
Consolidating Infrastructure with Azure Kubernetes ServiceConsolidating Infrastructure with Azure Kubernetes Service
Consolidating Infrastructure with Azure Kubernetes Service
Eng Teong Cheah
 
Assessing security of your Active Directory
Assessing security of your Active DirectoryAssessing security of your Active Directory
Assessing security of your Active Directory
Aldo Elam Majiah
 
10 tips to improve your website security
10 tips to improve your website security10 tips to improve your website security
10 tips to improve your website security
Sucuri
 
The benefits of My sql
The benefits of My sqlThe benefits of My sql
The benefits of My sql
CacheWorks©
 

Recomendados

Application Security - Key Vault
Application Security - Key VaultApplication Security - Key Vault
Application Security - Key Vault
Eng Teong Cheah
 
Access Security - Hybrid Identity
Access Security - Hybrid IdentityAccess Security - Hybrid Identity
Access Security - Hybrid Identity
Eng Teong Cheah
 
Compute Security - Host Security
Compute Security - Host SecurityCompute Security - Host Security
Compute Security - Host Security
Eng Teong Cheah
 
Active Directory & LDAP | Security for Elasticsearch
Active Directory & LDAP | Security for ElasticsearchActive Directory & LDAP | Security for Elasticsearch
Active Directory & LDAP | Security for Elasticsearch
Jochen Kressin
 
Consolidating Infrastructure with Azure Kubernetes Service
Consolidating Infrastructure with Azure Kubernetes ServiceConsolidating Infrastructure with Azure Kubernetes Service
Consolidating Infrastructure with Azure Kubernetes Service
Eng Teong Cheah
 
Assessing security of your Active Directory
Assessing security of your Active DirectoryAssessing security of your Active Directory
Assessing security of your Active Directory
Aldo Elam Majiah
 
10 tips to improve your website security
10 tips to improve your website security10 tips to improve your website security
10 tips to improve your website security
Sucuri
 
The benefits of My sql
The benefits of My sqlThe benefits of My sql
The benefits of My sql
CacheWorks©
 
Access Security - Enterprise governance
Access Security - Enterprise governanceAccess Security - Enterprise governance
Access Security - Enterprise governance
Eng Teong Cheah
 
Microsoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure Security Infographic
Microsoft Azure Security Infographic
Microsoft Azure
 
Qsan unified storage (nas + san)
Qsan unified storage (nas + san)Qsan unified storage (nas + san)
Qsan unified storage (nas + san)
qsantechnology
 
Security on Windows Azure
Security on Windows AzureSecurity on Windows Azure
Security on Windows Azure
Haddy El-Haggan
 
Buy Rapid SSL Certificate & RapidSSL Wildcard At Discount Price From The SSL ...
Buy Rapid SSL Certificate & RapidSSL Wildcard At Discount Price From The SSL ...Buy Rapid SSL Certificate & RapidSSL Wildcard At Discount Price From The SSL ...
Buy Rapid SSL Certificate & RapidSSL Wildcard At Discount Price From The SSL ...
The SSL Store™
 
Securing data in the cloud
Securing data in the cloudSecuring data in the cloud
Securing data in the cloud
Eyal Estrin
 
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Private Cloud
 
A Complete Guide to VPS Hosting
A Complete Guide to VPS HostingA Complete Guide to VPS Hosting
A Complete Guide to VPS Hosting
Anurag Sharma
 
How Secure is Azure?
How Secure is Azure?How Secure is Azure?
How Secure is Azure?
Lai Yoong Seng
 
Azure key vault - Brisbane User Group
Azure key vault - Brisbane User GroupAzure key vault - Brisbane User Group
Azure key vault - Brisbane User Group
Rahul Nath
 
The Key to Strong Cloud Security
The Key to Strong Cloud SecurityThe Key to Strong Cloud Security
The Key to Strong Cloud Security
Akeyless
 
The Most Frequently Used Caching Headers
The Most Frequently Used Caching HeadersThe Most Frequently Used Caching Headers
The Most Frequently Used Caching Headers
HTS Hosting
 
Barracuda Message Archiver presentatie bij ActiveView
Barracuda Message Archiver presentatie bij ActiveViewBarracuda Message Archiver presentatie bij ActiveView
Barracuda Message Archiver presentatie bij ActiveView
ActiveView Connect Groep
 
Implementing a Container Strategy
Implementing a Container StrategyImplementing a Container Strategy
Implementing a Container Strategy
Eng Teong Cheah
 
Citrix vs. ransomware
Citrix vs. ransomwareCitrix vs. ransomware
Citrix vs. ransomware
MarketingArrowECS_CZ
 
Enabling Access to Web Resources through SecPODE-based Annotations
Enabling Access to Web Resources through SecPODE-based AnnotationsEnabling Access to Web Resources through SecPODE-based Annotations
Enabling Access to Web Resources through SecPODE-based Annotations
Quentin Reul
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...
MongoDB
 
Enforce Your Application Security
Enforce Your Application SecurityEnforce Your Application Security
Enforce Your Application Security
Nuxeo
 
Stable proxies it's type and advantages
Stable proxies it's type and advantagesStable proxies it's type and advantages
Stable proxies it's type and advantages
stableproxies
 
Vault with aks pod identity
Vault with aks pod identityVault with aks pod identity
Vault with aks pod identity
Ned Bellavance
 
Identity Security - Azure Active Directory
Identity Security - Azure Active DirectoryIdentity Security - Azure Active Directory
Identity Security - Azure Active Directory
Eng Teong Cheah
 
Day1_Data Lake_v2.pdf
Day1_Data Lake_v2.pdfDay1_Data Lake_v2.pdf
Day1_Data Lake_v2.pdf
JyotiMishra985288
 

Mais conteúdo relacionado

Mais procurados

Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Private Cloud
 
The Key to Strong Cloud Security
The Key to Strong Cloud SecurityThe Key to Strong Cloud Security
The Key to Strong Cloud Security
Akeyless
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...
MongoDB
 

Mais procurados (20)

Access Security - Enterprise governance
Access Security - Enterprise governanceAccess Security - Enterprise governance
Access Security - Enterprise governance
 
Microsoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure Security Infographic
Microsoft Azure Security Infographic
 
Qsan unified storage (nas + san)
Qsan unified storage (nas + san)Qsan unified storage (nas + san)
Qsan unified storage (nas + san)
 
Security on Windows Azure
Security on Windows AzureSecurity on Windows Azure
Security on Windows Azure
 
Buy Rapid SSL Certificate & RapidSSL Wildcard At Discount Price From The SSL ...
Buy Rapid SSL Certificate & RapidSSL Wildcard At Discount Price From The SSL ...Buy Rapid SSL Certificate & RapidSSL Wildcard At Discount Price From The SSL ...
Buy Rapid SSL Certificate & RapidSSL Wildcard At Discount Price From The SSL ...
 
Securing data in the cloud
Securing data in the cloudSecuring data in the cloud
Securing data in the cloud
 
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
 
A Complete Guide to VPS Hosting
A Complete Guide to VPS HostingA Complete Guide to VPS Hosting
A Complete Guide to VPS Hosting
 
How Secure is Azure?
How Secure is Azure?How Secure is Azure?
How Secure is Azure?
 
Azure key vault - Brisbane User Group
Azure key vault - Brisbane User GroupAzure key vault - Brisbane User Group
Azure key vault - Brisbane User Group
 
The Key to Strong Cloud Security
The Key to Strong Cloud SecurityThe Key to Strong Cloud Security
The Key to Strong Cloud Security
 
The Most Frequently Used Caching Headers
The Most Frequently Used Caching HeadersThe Most Frequently Used Caching Headers
The Most Frequently Used Caching Headers
 
Barracuda Message Archiver presentatie bij ActiveView
Barracuda Message Archiver presentatie bij ActiveViewBarracuda Message Archiver presentatie bij ActiveView
Barracuda Message Archiver presentatie bij ActiveView
 
Implementing a Container Strategy
Implementing a Container StrategyImplementing a Container Strategy
Implementing a Container Strategy
 
Citrix vs. ransomware
Citrix vs. ransomwareCitrix vs. ransomware
Citrix vs. ransomware
 
Enabling Access to Web Resources through SecPODE-based Annotations
Enabling Access to Web Resources through SecPODE-based AnnotationsEnabling Access to Web Resources through SecPODE-based Annotations
Enabling Access to Web Resources through SecPODE-based Annotations
 
Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...Understanding Database Encryption & Protecting Against the Insider Threat wit...
Understanding Database Encryption & Protecting Against the Insider Threat wit...
 
Enforce Your Application Security
Enforce Your Application SecurityEnforce Your Application Security
Enforce Your Application Security
 
Stable proxies it's type and advantages
Stable proxies it's type and advantagesStable proxies it's type and advantages
Stable proxies it's type and advantages
 
Vault with aks pod identity
Vault with aks pod identityVault with aks pod identity
Vault with aks pod identity
 

Semelhante a Data Security - Storage Security

Az 104 session 4: azure storage
Az 104 session 4: azure storageAz 104 session 4: azure storage
Az 104 session 4: azure storage
AzureEzy1
 
Discover Aura Workshop (12.5.23).pdf
Discover Aura Workshop (12.5.23).pdfDiscover Aura Workshop (12.5.23).pdf
Discover Aura Workshop (12.5.23).pdf
Neo4j
 
Transparent Data Encryption for SharePoint Content Databases
Transparent Data Encryption for SharePoint Content DatabasesTransparent Data Encryption for SharePoint Content Databases
Transparent Data Encryption for SharePoint Content Databases
Michael Noel
 
IDT Replaces On-Premises Appliances with Primary Backup on AWS
IDT Replaces On-Premises Appliances with Primary Backup on AWS IDT Replaces On-Premises Appliances with Primary Backup on AWS
IDT Replaces On-Premises Appliances with Primary Backup on AWS
Amazon Web Services
 
Efficient Backup and Archiving with StoneFly Smart Cloud Gateway in a Hybrid ...
Efficient Backup and Archiving with StoneFly Smart Cloud Gateway in a Hybrid ...Efficient Backup and Archiving with StoneFly Smart Cloud Gateway in a Hybrid ...
Efficient Backup and Archiving with StoneFly Smart Cloud Gateway in a Hybrid ...
MaryJWilliams2
 

Semelhante a Data Security - Storage Security (20)

Identity Security - Azure Active Directory
Identity Security - Azure Active DirectoryIdentity Security - Azure Active Directory
Identity Security - Azure Active Directory
 
Day1_Data Lake_v2.pdf
Day1_Data Lake_v2.pdfDay1_Data Lake_v2.pdf
Day1_Data Lake_v2.pdf
 
Compute Security - Container Security
Compute Security - Container SecurityCompute Security - Container Security
Compute Security - Container Security
 
Az 104 session 4: azure storage
Az 104 session 4: azure storageAz 104 session 4: azure storage
Az 104 session 4: azure storage
 
Azure Storage Account ve Microsoft Azure Data Lake Storage.pptx
Azure Storage Account ve Microsoft Azure Data Lake Storage.pptxAzure Storage Account ve Microsoft Azure Data Lake Storage.pptx
Azure Storage Account ve Microsoft Azure Data Lake Storage.pptx
 
CIO Cloud Security Checklist
CIO Cloud Security ChecklistCIO Cloud Security Checklist
CIO Cloud Security Checklist
 
Azure Storage – Foundation for Building Secure, Scalable Cloud Applications
Azure Storage – Foundation for Building Secure, Scalable Cloud ApplicationsAzure Storage – Foundation for Building Secure, Scalable Cloud Applications
Azure Storage – Foundation for Building Secure, Scalable Cloud Applications
 
Azure data store with storage and cosmo db
Azure data store with storage and cosmo dbAzure data store with storage and cosmo db
Azure data store with storage and cosmo db
 
Backup multi-cloud solution based on named pipes
Backup multi-cloud solution based on named pipesBackup multi-cloud solution based on named pipes
Backup multi-cloud solution based on named pipes
 
Cloud Data Warehousing with Cloudera Altus 7.24.18
Cloud Data Warehousing with Cloudera Altus 7.24.18Cloud Data Warehousing with Cloudera Altus 7.24.18
Cloud Data Warehousing with Cloudera Altus 7.24.18
 
04 Azure IAAS 101
04 Azure IAAS 10104 Azure IAAS 101
04 Azure IAAS 101
 
Azure data store with storage and cosmo db
Azure data store with storage and cosmo dbAzure data store with storage and cosmo db
Azure data store with storage and cosmo db
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key Vault
 
Discover Aura Workshop (12.5.23).pdf
Discover Aura Workshop (12.5.23).pdfDiscover Aura Workshop (12.5.23).pdf
Discover Aura Workshop (12.5.23).pdf
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
 
Transparent Data Encryption for SharePoint Content Databases
Transparent Data Encryption for SharePoint Content DatabasesTransparent Data Encryption for SharePoint Content Databases
Transparent Data Encryption for SharePoint Content Databases
 
Saa c02 study notes 2022
Saa c02 study notes 2022Saa c02 study notes 2022
Saa c02 study notes 2022
 
IDT Replaces On-Premises Appliances with Primary Backup on AWS
IDT Replaces On-Premises Appliances with Primary Backup on AWS IDT Replaces On-Premises Appliances with Primary Backup on AWS
IDT Replaces On-Premises Appliances with Primary Backup on AWS
 
Efficient Backup and Archiving with StoneFly Smart Cloud Gateway in a Hybrid ...
Efficient Backup and Archiving with StoneFly Smart Cloud Gateway in a Hybrid ...Efficient Backup and Archiving with StoneFly Smart Cloud Gateway in a Hybrid ...
Efficient Backup and Archiving with StoneFly Smart Cloud Gateway in a Hybrid ...
 
Cloudian HyperStore Features and Benefits
Cloudian HyperStore Features and BenefitsCloudian HyperStore Features and Benefits
Cloudian HyperStore Features and Benefits
 

Mais de Eng Teong Cheah

Mais de Eng Teong Cheah (20)

Monitoring Models
Monitoring ModelsMonitoring Models
Monitoring Models
 
Responsible Machine Learning
Responsible Machine LearningResponsible Machine Learning
Responsible Machine Learning
 
Training Optimal Models
Training Optimal ModelsTraining Optimal Models
Training Optimal Models
 
Deploying Models
Deploying ModelsDeploying Models
Deploying Models
 
Machine Learning Workflows
Machine Learning WorkflowsMachine Learning Workflows
Machine Learning Workflows
 
Working with Compute
Working with ComputeWorking with Compute
Working with Compute
 
Working with Data
Working with DataWorking with Data
Working with Data
 
Experiments & TrainingModels
Experiments & TrainingModelsExperiments & TrainingModels
Experiments & TrainingModels
 
Automated Machine Learning
Automated Machine LearningAutomated Machine Learning
Automated Machine Learning
 
Getting Started with Azure Machine Learning
Getting Started with Azure Machine LearningGetting Started with Azure Machine Learning
Getting Started with Azure Machine Learning
 
Hacking Containers - Container Storage
Hacking Containers - Container StorageHacking Containers - Container Storage
Hacking Containers - Container Storage
 
Hacking Containers - Looking at Cgroups
Hacking Containers - Looking at CgroupsHacking Containers - Looking at Cgroups
Hacking Containers - Looking at Cgroups
 
Hacking Containers - Linux Containers
Hacking Containers - Linux ContainersHacking Containers - Linux Containers
Hacking Containers - Linux Containers
 
Application Security- App security
Application Security- App securityApplication Security- App security
Application Security- App security
 
Virtual Networking Security - Network Security
Virtual Networking Security - Network SecurityVirtual Networking Security - Network Security
Virtual Networking Security - Network Security
 
Virtual Networking Security - Perimeter Security
Virtual Networking Security - Perimeter SecurityVirtual Networking Security - Perimeter Security
Virtual Networking Security - Perimeter Security
 
Access Security - Privileged Identity Management
Access Security - Privileged Identity ManagementAccess Security - Privileged Identity Management
Access Security - Privileged Identity Management
 
Identity Security - Azure Identity Protection
Identity Security - Azure Identity ProtectionIdentity Security - Azure Identity Protection
Identity Security - Azure Identity Protection
 
Managing Application Config and Secrets
Managing Application Config and SecretsManaging Application Config and Secrets
Managing Application Config and Secrets
 
Manage Artifact Versioning, Security and Compliance
Manage Artifact Versioning, Security and ComplianceManage Artifact Versioning, Security and Compliance
Manage Artifact Versioning, Security and Compliance
 

Último

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Último (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Data Security - Storage Security

  • 2. Hello! I am Eng Teong Cheah Microsoft MVP 2
  • 4. Data Sovereignty 4 ◎ The concept that information which has been converted and stored in binary digital form is subject to the laws of the country or region in which it is located. ◎ In Azure, customer data might be replicated within a selected geographic area for enhanced data durability in case of a major data center disaster, and in some cases will not be replicated outside it.
  • 5. Azure Storage Access 5 Storage Storage Account Share Key Shared access signature Azure Active Directory Active Directory (preview) Anonymo us public read access Azure Blobs Supported Supported Supported Not Supported Supported Azure Files (SMB) Supported Not supported Supported, only with Azure AD Domain Services Supported, credentials must be synced to Azure AD Not Supported Azure Files (REST) Supported Supported Not Supported Not supported Not supported
  • 6. Shared Access Signatures 6 ◎ Digitally signed URIs of target storage resources ◎ Grants access to clients without sharing your storage account keys ◎ Two SAS types: Account and Service ◎ Configure permissions, start/expiry times, IP address, and allowed protocols
  • 7. Azure AD Storage Authentication 7 ◎ Authorization with Azure AD is available for all general-purpose and Blob storage accounts in all public regions and national clouds. ◎ Built-in storage roles are provided including Owner, Contributor, and Reader. ◎ The role can be scoped from Management Group to individual blob or queue. Best practices dictate granting only the narrowest possible scope.
  • 8. Azure AD Storage Authentication 8 ◎ RBAC role assignments may take up to five minutes to propagate.
  • 9. Blob Data Retention Policies 9 ◎ Data recovery and disposal rules ◎ Time-based retention for a specified interval (days) ◎ Legal-hold retention based on tags – no editing or deleting of the content ◎ Container policies apply to all existing and new content ◎ Supports audit logging
  • 10. Azure Files Authentication 10 ◎ Enable identity-based authentication ◎ Use Azure AD DS or on-premises AD DS (preview) ◎ Use RBAC roles to assign access rights to the file shares ◎ Enforces standard Windows file permissions at both the directory and file level
  • 11. Secure Transfer Required 11 ◎ Storage account connections must be secure (HTTPs) ◎ HTTPs for custom domain names not supported ◎ Azure Files connections require encryption (SMB)
  • 12. Demostrations Service Endpoints and Securing Storage 20
  • 13. Thanks! Any questions? You can find me at: @walkercet 21