Microsoft Azure Storage Security

I am studying the Microsoft Azure Administrator modules off of the Microsoft “Learn” website. It is a great free resource to learn some of the hottest and most relevant modern Cloud technologies. This one particular area piqued my interest: data storage security. I know that many businesses and various leaders are pessimistic about the protection of their Cloud data. It makes sense. Why would any leader not think about the way in which their organization’s data is stored in the Cloud? To many leaders, the notion of their valuable data being moved to and handled in the Cloud does not necessarily make them feel warm and fuzzy [as we may see in the commercials ;> ]. Instead they have a healthy cynicism of their data handling. I agree with the healthy cynicism.

But Microsoft Azure has many ways in which to secure data. These include, but are not limited to, proper network security rules to block out most or all traffic; access control lists; strict internal roles based access; and good old-fashioned data encryption.

Azure automatically encrypts all data as it is stored or written to the cloud, i.e. is stored “at rest” [meaning, it is sitting on the disk, so to speak]. Any file that is written to Azure storage is encrypted with Storage Service Encryption (SSE). It is 256-bit AES encryption. This is very powerful encryption and is an industry standard. My favorite part of the SSE is that this encryption of the data that gets stored to disk does NOT affect performance. So, there is no degradation whatsoever to services. Encryption involves scrambling of bits and bytes and generally takes some resources, but Microsoft accomplishes this with no hit to resources.

Of course, in addition to the SSE security, the actual virtual disks themselves, if applicable, can be encrypted as well with ‘BitLocker’ for Windows or ‘dm-crypt’ for Linux . But I wanted to focus only on the Storage Security Encryption at this point. And this SSE should help any leader breathe a sigh of relief when thinking about their data security.

Microsoft Learn can be reached here

Microsoft Azure Archive Storage

Azure Archive Storage is perfect for rarely referenced or used data. Whether the data is archived health, government, business, or any type of data, the data may nonetheless need a place to be stored, ‘just in case’ … Or it may be a legal or organizational requirement that mandates all the data be stored away. Azure archive storage is low cost storage for just this purpose. In other words, this data simply needs to be securely stored away, preferably at a low cost.

This Azure archive storage is perfectly suited for any organization tired of using old tape back ups as well as for aging video and other multimedia content. It is also perfect for corporate or governmental requirements mandating data be kept for say, 7-14 years. In addition, the data storage is automatically encrypted after transfer.

General Azure storage pricing is available in tiered pricing, with Archive Storage having the “lowest storage cost and higher data retrieval costs”. In other words, if truly rarely accessed and destined for long-term storage, data stored at this tier is a very good deal.

Further information on Azure Archive, Blob and General Storage.