Azure Hybrid and Security

Data Security. These words are in the forefront of many people’s minds and just hearing them may bring on an instant tension headache. Whether you’re in Europe dealing with the GDPR (General Data Protection Regulation) that went into effect in May, or here in the US, security and compliance is a hot topic today.

The GDPR handles privacy much differently than before and, yes, if you’re in the US but have business or clients in the UK, you need to be ready as well. With these added regulations, many people are talking about the cloud or hybrid scenario.

Many of us are more comfortable with our data being handled locally, but that does not mean it’s more secure. Location is only one aspect of compliance. Today, I’d like to tell you 4 ways to take advantage of the cloud to help you become more secure.

1. Every time you provision a new service or add more business value, you need to take care of security.

Cloud providers take care of this for you. They have a vested interest in making sure the security of their platform is in place for you. As these platforms add new value-added resources, you can continue to grow your business with security taken care of.

2. Cloud facilities are physically more secure.

Cloud providers, with their multiple layers of security, processes and constant auditing and regulations, provide more security than your own data center–period.

3. Patching.

Cloud providers have very specific requirements to patch on a regular basis and to maintain their security, as well as be compliant with the numerous regulations in the industry, therefore, taking this responsibility off your team.

4. Cloud providers hire the best in the business.

They invest money to have the best and brightest specialists to ensure your environment is secure. They want to be sure you have everything you need to be secure and compliant.

If you are serious about security in your environment and your data, you should be considering the cloud. They are likely doing it better than you can and they are constantly improving.

External Access to Azure Storage

There are multiple ways to allow external access to Azure storage accounts, some better (and more secure) than others. Today, I’d like to share with you 3 methods to access your storage accounts externally, as well as the preferred methods for doing so.

1.  Access Keys

This is one way to allow access, but I don’t highly recommend using it. Why? There are only 2 access keys that exist for your storage account. If you use one, it will be a problem later, since when you have to change it, you’ll have to change everything referring to that storage account. These keys should be used for applications or special use cases that you can manage accordingly.

If you share these access keys outside of the organization, this could create problem, as you don’t want to have to go in and change them if you feel that the key has been violated in some way.

2.  Share Access Signatures (SAS)

This is a much better option than sharing the keys. This is designed to limit access to your storage account and the containers they are involved in. They allow you to establish security at a more granular level than access keys. With this method, you can use one storage account and create multiple signatures and allow for specific security access.

This works great for when a company is sending you data and you want to store it somewhere and then give them secure access to your Azure environment. There are expiration properties, so you can allow access for a designated amount of time or if things change, it’s easy to kill the key and stop access.

3.  Share Access Policies

This is your best option for supporting access for external entities to get the data into the storage account and is the easiest to manage. Shared access policies leverage shared access signatures and must be created with PowerShell. They are easily managed without creating a new SAS every time.