Configuring Data Security Policies in Microsoft Azure CONFIGURING - - PowerPoint PPT Presentation
Configuring Data Security Policies in Microsoft Azure CONFIGURING DATA CLASSIFICATION IN MICROSOFT AZURE Reza Salehi CLOUD CONSULTANT @zaalion linkedin.com/in/rezasalehi2008 t h s Understanding data risks, governance and compliance
@zaalion linkedin.com/in/rezasalehi2008
CLOUD CONSULTANT
t h s
To achieve better ROI on security, the organization needs to first understand its security requirements & priorities
Governance – How is the organization’s security going to be monitored, audited, and reported? Risk – What types of risks does the organization face while trying to protect information? Compliance – Are there specific industry, government, or regulatory requirements?
Public
Internal Confidential Top Secret
Extremely important for cloud data Then, data can be managed to prevent theft or loss Categorizes data by sensitivity and business impact Is a common starting point for governance Allows you to assign metadata to your
Highly confidential
Business data that would cause extensive harm to Microsoft if overshared
Confidential
Business data that could cause harm to Microsoft if
General
Business data that is not meant for a public audience Public
Business data that is freely available and approved for public consumption
Non-business
Data from your personal life that does not belong to Microsoft
Microsoft suggests that any asset in the cloud should have documented metadata
The data classification (public, internal, etc.) Business criticality (non-critical, critical, etc.) Billing responsibility (department, branch name, etc.)
For Microsoft Office documents and emails
e.g. Advanced Data Security for Azure SQL Database
Most resources in Azure support tags
In the case of Azure, resource tags are the suggested approach for metadata storage
These tags can be used to apply data classification information to deployed resources They provide a valuable tool for managing resources and applying policies Can be managed in the portal or programmatically
You can apply tags to your Azure resources to logically organize them into a taxonomy
Each tag consists of a name and a value pair (e.g. department = IT) After you apply tags, you can retrieve all the resources in your subscription with that tag name and value Tags enable you to retrieve related resources from different resource groups
Helps to comply with the expected tags standards for your
You can create a policy that automatically applies tags during resource deployment You can use an Azure Policy to enforce tagging rules and conventions
Resource group tags are not inherited by the children Tags can't be applied to classic resources such as Cloud Services
Tag name 512 characters (128 for storage), value 256 characters
A cloud-based solution that helps an organization to classify and protect its documents and emails by applying labels Labels can be applied automatically by administrators who define rules and conditions Or manually by users, or a combination where users are given recommendations
Labels can include visual markings (header, footer, or watermark)
Prevent data leakage or misuse Track access to documents Detect risky behavior and take corrective measures Analyze data flows to gain insight into your business
Security E3)
Security E5)
Provides discovering, classifying, labeling & protecting the sensitive data in your Azure SQL databases and data warehouse
Business, financial, healthcare, personally identifiable data (PII), and so on Data discovery & classification is part of the Advanced Data Security (ADS) offering Can be accessed and managed via the central SQL ADS in the Azure portal
t h s
t h s
t h s