5 Securing data in Azure Storage accounts: Azure Key Vault

 

This chapter covers

  • Securing storage accounts
  • Managing storage encryption
  • Securing Azure Key Vault

In 2017, The Economist published an article (http://mng.bz/6Dzp) that asserted that data, not oil, had risen to become the world’s most valuable resource over the previous decade. This notion that data has become the new oil highlights data’s importance to businesses. Similar to how oil is used to power the vehicles that you see on roads (unless you live surrounded by electric vehicles), data is used to power better decision-making in organizations.

If data is indeed the new oil, you can consider Azure as the pipeline through which that new oil flows. As you can imagine, securing that pipeline is pretty darn important. Another way of looking at data is to consider it the crown jewels of an organization—a commonly used phrase to emphasize the importance of data and to position it as one of the most critical assets a business possesses.

Regardless of whether you consider data the crown jewels or the new oil, both comparisons underscore the intrinsic value that data holds to organizations and its importance to their daily operations. How to secure your crown jewels or your oil pipelines against bad actors and the fictitious character Eve is what this chapter teaches you.

5.1 Securing storage accounts

5.1.1 Azure Storage firewall

5.1.2 Authorizing control plane operations

5.1.3 Authorizing data plane operations

5.1.4 SSE

5.1.5 Encryption key management

5.1.6 Encryption using a customer-managed key

5.1.7 Encryption using a customer-managed key in action

5.1.8 Encryption scopes

5.1.9 Infrastructure encryption

5.2 Securing Azure Key Vault

5.2.1 Authorizing control plane operations

5.2.2 Authorizing data plane operations

5.2.3 Azure Key Vault firewall