Database Security on Azure

In the previous post we discussed Azure security in general. This post is going to discuss the security features for databases on Azure. Let’s have a look:

  1. Azure SQL Firewall Rules: When it comes to firewall rules, Azure provides two levels of security. There are server level firewall rules which are stored in the SQL Master database. Server level firewall rules determine the access to the Azure database server. Users can also create database level firewall rules which govern the access to the individual databases.
  2. Azure SQL Always Encrypted:  Always encrypted feature is designed to protect sensitive data such as credit card numbers, stored in the Azure SQL database. With Always Encrypted, data is encrypted within the client applications itself using the Always Encrypted-enabled driver. The encryption keys are not shared with Azure SQL Database, which means that database admins do not have access to sensitive data.
  3. Azure SQL Transparent Data Encryption (TDE): TDE is the technology used to encrypt stored data in Azure SQL Database. TDE is also available for Azure SQL Managed Instances and Azure Synapse Analytics. With TDE, the encryption and decryption of database, backups and transaction log files, happens in real time.
  4. Azure SQL Database Auditing: Azure provides comprehensive auditing capabilities within the SQL Database service. Audit policies can be applied at the Database server level, which gets cascaded to all the databases within the server. It is also possible to define the audit policy at the individual database level, giving users the flexibility to choose based on the requirements.

One thought on “Database Security on Azure

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: