Chapter 11. Protecting Your Data in Azure
If you built a data pipeline following the lambda architecture guidance in this book, then odds are you view your data as a valuable asset—one that you want to protect.
In this chapter we take a high-level look at the options for protecting your data in Azure.
Identity and Access Management
Controlling who gets access to the resources in your analytics pipeline and what they can do once they have access is the goal of identity and access management. This boils down to these main concepts:
Who are the users or groups?
How do you verify that a user or application is who they say they are?
What do you let the user or application do?
The actual mechanisms provided for defining identities, authenticating identities, and authorizing actions varies by Azure service, but can be distilled to the following, which we’ll call access management mechanisms:
- Azure Active Directory identities
Using Azure Active Directory (AAD) to manage user identities, application identities, and group identities.
- Shared keys
Typically a username and password or a key name and secret value.
- Shared access signatures
Cryptographically secured URIs that encapsulate a resource and the permissions allowed on that resource in a convenient URL format. The canonical example of this is Azure Blob Storage, which enables you to manage access to an account, container, or blob and specify what the user is allowed to do with ...