Data protection considerations
Classify, protect, and monitor sensitive data assets using access control, encryption, and logging in Azure. Provide controls on data at rest and in transit.
Checklist
How are you managing encryption for this workload?
- Use identity based storage access controls.
- Use built-in features for data encryption for Azure services.
- Classify all stored data and encrypt it.
- Protect data moving over a network through encryption at all points so that it's not accessed unauthorized users.
- Store keys in managed key vault service with identity-based access control and audit policies.
- Rotate keys and other secrets frequently.
Azure security benchmark
The Azure Security Benchmark includes a collection of high-impact security recommendations you can use to help secure the services you use in Azure:
The questions in this section are aligned to the Azure Security Benchmarks Data Protection.
Reference architecture
Here are some reference architectures related to secure storage:
Next steps
We recommend that you review the practices and tools implemented as part of the development cycle.
Related links
Back to the main article: Security
Feedback
Submit and view feedback for