A major concern when moving to the cloud is data security. It’s a touchy subject for companies, especially when they are dealing with sensitive data. To combat the skepticism around the cloud, Microsoft is rolling out major security updates to the Azure SQL database functionality. Let us here at Beringer be your guide through the 5 major areas of database security: Connection security, Authentication, Authorization, Encryption, and Auditing.
Azure SQL Database Firewall
As opposed to SQL Server which relies on Windows Firewall, Azure SQL uses an integrated Firewall. Recent updates to the Firewall allow for Azure SQL Service Firewall Settings to create rules that cover the entire set of Databases, or just set Firewall rules for individual Databases. As with any SaaS offering from Microsoft, you can be sure that your Firewall software will be up to date with the latest security enhancements.
Azure SQL offers two types of Authentication, SQL Authentication and Azure Active Directory Authentication. SQL Authentication is your standard SQL access with username and password credentials. For higher security, I recommend using the Azure Active Directory as it can utilize Microsoft's Multi-factor Authentication model, as well as its constant evolving nature for security as it is at the center of authentication for Microsoft's online services.
As with SQL Server, you are able to create roles and account permissions to govern data access. You are able to use these same features along with some new ones in Azure SQL. Azure offers Row-level Security rules to limit exposure of data to certain user roles, as well as Data Masking, which can be implemented on certain columns containing credit card or social security numbers. Click the link below for more information on Row-level security and Data masking for Azure SQL and SQL Server 2016 Preview.
Azure SQL Database can also encrypt your data when it is stored. Azure uses Transparent Data Encryption to keep sensitive data safe. You can set rules for encryption by the Column, or even down to the individual cell in Azure SQL, using individual encryption keys per cell if you wanted.
Auditing keeps track of all transactions to your database and different database events. You can record these events to an audit log which integrates with Microsoft Power BI to utilize its Drill-down reports for deep analysis of your Azure SQL Database activity.
BONUS! Use Auditing Data and Machine Learning to monitor your SQL DB for irregular behavior and alert when security has been compromised. Microsoft's already doing it for its Microsoft Accounts to make sure your user accounts are secure.
I hope this article was able to raise your confidence in Microsoft for protecting your cloud data. Now that the data is safe, we can ask, "Is the Microsoft Cloud safe?" They'll tell you themselves in a tour of one of their Microsoft Data-centers. Take the virtual tour below!
Beringer Associates, a Microsoft Gold Certified Partner, is always here to provide expert knowledge in topics like these. Please contact us with any questions you may have.