Data protection considerations

Is this page helpful?

Any additional feedback?

Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy.

Classify, protect, and monitor sensitive data assets using access control, encryption, and logging in Azure. Provide controls on data at rest and in transit.

Checklist

How are you managing encryption for this workload?

---

• Use identity based storage access controls.
• Use built-in features for data encryption for Azure services.
• Classify all stored data and encrypt it.
• Protect data moving over a network through encryption at all points so that it's not accessed unauthorized users.
• Store keys in managed key vault service with identity-based access control and audit policies.
• Rotate keys and other secrets frequently.

Azure security benchmark

The Azure Security Benchmark includes a collection of high-impact security recommendations you can use to help secure the services you use in Azure:

The questions in this section are aligned to the Azure Security Benchmarks Data Protection.

Reference architecture

Here are some reference architectures related to secure storage:

• Using Azure file shares in a hybrid environment

• DevSecOps in Azure

Next steps

We recommend that you review the practices and tools implemented as part of the development cycle.

Data protection

Related links

Back to the main article: Security