Sign up to save your podcasts
Or
Share Course 29 - AZ-500 Microsoft Azure Security Technologies | Episode 13: Storage, SQL Databases, and HDInsight
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Course 29 - AZ-500 Microsoft Azure Security Technologies | Episode 13: Storage, SQL Databases, and HDInsight
A summary of the lesson on securing data in Azure Storage, SQL, and HDInsight:Overview
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
- Focus: Implementing defense-in-depth for data protection across Azure Storage, Azure SQL, and HDInsight.
- Combines theoretical concepts with practical labs to secure sensitive information and prevent breaches.
- Use firewalls and Virtual Networks (VNets) to restrict access to:
- Authorized subnets
- Specific IP ranges
- Default deny-all rule blocks unauthorized internet traffic.
- Three container permission levels: Private, Blob, Container
- Risks associated with master storage account keys
- Use Shared Access Signatures (SAS) for time-limited delegated access
- Recommendations:
- Azure AD for centralized access management
- Azure AD Domain Services (Azure ADS) for Kerberos authentication with Azure Files
- In transit: TLS
- At rest:
- Microsoft-managed keys
- Customer-managed keys stored in Azure Key Vault
- Enable Diagnostic Logging v2.0 and Storage Analytics
- Logs can be analyzed via Azure Monitor
- Three main pillars:
- Data Discovery & Classification: Identify and label sensitive information (e.g., GDPR data)
- Vulnerability Assessment: Proactively detect and remediate security gaps
- Advanced Threat Protection: Detect anomalous activity such as:
- SQL injection
- Brute force attacks
- Virtual Networks (VNet): Secure cluster perimeter
- Azure AD Domain Services (Azure ADS): Synchronize identities for authentication
- Apache Ranger: Provides:
- Role-based access control (RBAC)
- Fine-grained data masking and permissions management
- Apply defense-in-depth at multiple layers: network, access, encryption, monitoring
- Centralize identity management with Azure AD / Azure ADS
- Use SAS tokens and customer-managed keys for secure delegation
- Implement monitoring and logging to detect unauthorized access
- Extend best practices to big data platforms like HDInsight with RBAC and data masking
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
View all episodes
By CyberCode AcademyA summary of the lesson on securing data in Azure Storage, SQL, and HDInsight:Overview
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
- Focus: Implementing defense-in-depth for data protection across Azure Storage, Azure SQL, and HDInsight.
- Combines theoretical concepts with practical labs to secure sensitive information and prevent breaches.
- Use firewalls and Virtual Networks (VNets) to restrict access to:
- Authorized subnets
- Specific IP ranges
- Default deny-all rule blocks unauthorized internet traffic.
- Three container permission levels: Private, Blob, Container
- Risks associated with master storage account keys
- Use Shared Access Signatures (SAS) for time-limited delegated access
- Recommendations:
- Azure AD for centralized access management
- Azure AD Domain Services (Azure ADS) for Kerberos authentication with Azure Files
- In transit: TLS
- At rest:
- Microsoft-managed keys
- Customer-managed keys stored in Azure Key Vault
- Enable Diagnostic Logging v2.0 and Storage Analytics
- Logs can be analyzed via Azure Monitor
- Three main pillars:
- Data Discovery & Classification: Identify and label sensitive information (e.g., GDPR data)
- Vulnerability Assessment: Proactively detect and remediate security gaps
- Advanced Threat Protection: Detect anomalous activity such as:
- SQL injection
- Brute force attacks
- Virtual Networks (VNet): Secure cluster perimeter
- Azure AD Domain Services (Azure ADS): Synchronize identities for authentication
- Apache Ranger: Provides:
- Role-based access control (RBAC)
- Fine-grained data masking and permissions management
- Apply defense-in-depth at multiple layers: network, access, encryption, monitoring
- Centralize identity management with Azure AD / Azure ADS
- Use SAS tokens and customer-managed keys for secure delegation
- Implement monitoring and logging to detect unauthorized access
- Extend best practices to big data platforms like HDInsight with RBAC and data masking
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy