Best Practice for Azure SQL Database
Cloud computing requires new security paradigms that are unfamiliar to many application users, database administrators, and programmers. As a result, some organizations are hesitant to implement a cloud infrastructure for data management due to perceived security risks. However, much of this concern can be alleviated through a better understanding of the control which Intelledox uses to protect the client data in Azure. All these controls utilize the security features built into Microsoft Azure and Microsoft Azure SQL Database.
Intelledox follows the Azure Database Security Best Practices recommended by Microsoft to implement the security controls. You will be able to get the most out of this checklist after you understand the best practices. Intelledox uses this checklist to make sure that we have a security mechanism in place to protect client’s data.
Protect Data
Encryption in Motion/Transit
- Transport Layer Security, for data encryption, when data is moving to the networks.
- The database requires secure communication from clients based on the TDS Tabular Data Stream protocol over TLS (Transport Layer Security).
Encryption at rest
- Transparent Data Encryption, when inactive data is stored physically in any digital form.
Control Access
Database Access
- Authentication, SQL Server authentication is used to manage the user access.
- Authorization, grant users the least privileges necessary.
- Access to all the Azure services is turned off and only the configured whitelist IP can access the database.
Proactive Monitoring
Tracking & Detecting
- Auditing tracks database events and writes them to an Audit log/ Activity log in the Azure Storage account.
- Track Azure Database health using Azure Monitor Activity Logs.
- Threat Detection detects anomalous database activities indicating potential security threats to the database
- Configure alerts for failed connection, DTU utilisation and blocked by the firewall.
Best Practice
It is recommended that you configure DTU utilisation alert at 80 percent of DTU used. This will allow you to monitor the usage of your Azure Database and select the DB tier based on the usage. If you have more than one databases, consider using the elastic database instead of standard databases.
Azure Security Center
- Data Monitoring Use Azure Security Center as a centralized security monitoring solution for SQL and other Azure services.
Azure Database is a robust database platform, with a full range of security features that meet many organizational and regulatory compliance requirements. You can easily protect data by controlling the physical access to your data, and using a variety of options for data security at the file-, column-, or row-level with Transparent Data Encryption, Cell-Level Encryption, or Row-Level Security. Always Encrypted also enables operations against encrypted data, simplifying the process of application updates. In turn, access to auditing logs of SQL Database activity provides you with the information you need, allowing you to know how and when data is accessed.
Intelledox uses all the security features mentioned above to secure the client data in Azure Database.
Updated over 6 years ago