HomeGuidesRecipesAPI
HomeGuidesAPILog In
Guides
These docs are for v10. Click to read the latest docs for v31.

Best Practice for Azure SQL Database

Cloud computing requires new security paradigms that are unfamiliar to many application users, database administrators, and programmers. As a result, some organizations are hesitant to implement a cloud infrastructure for data management due to perceived security risks. However, much of this concern can be alleviated through a better understanding of the control which Intelledox uses to protect the client data in Azure. All these controls utilize the security features built into Microsoft Azure and Microsoft Azure SQL Database.

Intelledox follows the Azure Database Security Best Practices recommended by Microsoft to implement the security controls. You will be able to get the most out of this checklist after you understand the best practices. Intelledox uses this checklist to make sure that we have a security mechanism in place to protect client’s data.

Protect Data

Encryption in Motion/Transit

Encryption at rest

Control Access

Database Access

  • Authentication, SQL Server authentication is used to manage the user access.
  • Authorization, grant users the least privileges necessary.
  • Access to all the Azure services is turned off and only the configured whitelist IP can access the database.

Proactive Monitoring

Tracking & Detecting

  • Auditing tracks database events and writes them to an Audit log/ Activity log in the Azure Storage account.
  • Track Azure Database health using Azure Monitor Activity Logs.
  • Threat Detection detects anomalous database activities indicating potential security threats to the database
  • Configure alerts for failed connection, DTU utilisation and blocked by the firewall.

👍

Best Practice

It is recommended that you configure DTU utilisation alert at 80 percent of DTU used. This will allow you to monitor the usage of your Azure Database and select the DB tier based on the usage. If you have more than one databases, consider using the elastic database instead of standard databases.

Azure Security Center

  • Data Monitoring Use Azure Security Center as a centralized security monitoring solution for SQL and other Azure services.

Azure Database is a robust database platform, with a full range of security features that meet many organizational and regulatory compliance requirements. You can easily protect data by controlling the physical access to your data, and using a variety of options for data security at the file-, column-, or row-level with Transparent Data Encryption, Cell-Level Encryption, or Row-Level Security. Always Encrypted also enables operations against encrypted data, simplifying the process of application updates. In turn, access to auditing logs of SQL Database activity provides you with the information you need, allowing you to know how and when data is accessed.

Intelledox uses all the security features mentioned above to secure the client data in Azure Database.