Chapter 11. Protecting Your Data in Azure

If you built a data pipeline following the lambda architecture guidance in this book, then odds are you view your data as a valuable asset—one that you want to protect.

In this chapter we take a high-level look at the options for protecting your data in Azure.

Identity and Access Management

Controlling who gets access to the resources in your analytics pipeline and what they can do once they have access is the goal of identity and access management. This boils down to these main concepts:


Who are the users or groups?


How do you verify that a user or application is who they say they are?


What do you let the user or application do?

The actual mechanisms provided for defining identities, authenticating identities, and authorizing actions varies by Azure service, but can be distilled to the following, which we’ll call access management mechanisms:

Azure Active Directory identities

Using Azure Active Directory (AAD) to manage user identities, application identities, and group identities.  

Shared keys

Typically a username and password or a key name and secret value. 

Shared access signatures

Cryptographically secured URIs that encapsulate a resource and the permissions allowed on that resource in a convenient URL format. The canonical example of this is Azure Blob Storage, which enables you to manage access to an account, container, or blob and specify what the user is allowed to do with ...

Get Mastering Azure Analytics, 1st Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.