Data protection considerations

Classify, protect, and monitor sensitive data assets using access control, encryption, and logging in Azure. Provide controls on data at rest and in transit.

Checklist

How are you managing encryption for this workload?


  • Use identity based storage access controls.
  • Use built-in features for data encryption for Azure services.
  • Classify all stored data and encrypt it.
  • Protect data moving over a network through encryption at all points so that it's not accessed unauthorized users.
  • Store keys in managed key vault service with identity-based access control and audit policies.
  • Rotate keys and other secrets frequently.

Azure security benchmark

The Azure Security Benchmark includes a collection of high-impact security recommendations you can use to help secure the services you use in Azure:

GitHub logo The questions in this section are aligned to the Azure Security Benchmarks Data Protection.

Reference architecture

Here are some reference architectures related to secure storage:

Next steps

We recommend that you review the practices and tools implemented as part of the development cycle.

Back to the main article: Security