When banks need to protect their customers’ valuable belongings, they place them into a vault. No single component of a vault could, however, adequately secure anyone’s prized possessions by itself. A lock without a solid door would have nothing to seal; a room without the proper climate conditions would lead to decay. It is the combination of security features that makes a safe truly safe.
Azure SQL Database is like a heavy-duty safe for data, and it incorporates layers of essential functionality to protect the privacy of your sensitive information. These features include encryption, user rights management, authentication and network security. Each one performs an essential role in protecting the data you use to run your business.
The desire to protect your data is well founded, but the interconnectedness of systems throughout your business and even externally often necessitates data transfers from one system to another. Azure SQL Database always encrypts data traveling through a connection, without exception. For an added layer of safety, data residing in your database are encrypted by default to prevent extraction, for example, through hardware theft.
You can even hide highly sensitive data from specific users altogether by properly controlling their access through user rights management.
User Rights Management
Azure SQL Database enables you to group users by role and assign specific access rights to each group. This feature is common throughout enterprise software applications, but critical in terms of data privacy.
For instance, an HR Director should be able to see system information that an HR Recruiter should not be able to see, and a straightforward way to manage this would be by applying a distinct user group for each role.
Correctly defining the rights for your user groups and appropriately assigning personnel to those groups will go a long way in reducing the chances of exposure of private data.
As hacking methods rise in sophistication almost in pace with the evolution of the technologies being hacked, it has become crucial for systems to be able to verify the true identity of users requesting access to data. This is the objective of the authentication process, and Azure SQL Database offers two options:
- SQL database authentication resembles the most common everyday authentication experience, in which users must enter their usernames and passwords before gaining access, and user logins must be managed by an administrator
- Azure Active Directory authentication, on the other hand, refers to centrally managed authentication for a whole suite of databases, apps and/or systems
With SQL database authentication, users must be independently authenticated by the database and with each sign in, whereas with Azure Active Directory authentication, a single sign in on any of the connected apps grants access to all connected apps at once. Both options provide excellent security, but the second option tends to be more convenient for users.
In Azure SQL Database, network security is based primarily upon configurable firewall rules. These are divided between IP and virtual networks:
- IP firewall rules control access by checking the requestor’s IP address
- Virtual network firewall rules control access by checking the origin of traffic within your virtual network
While these features can automatically validate the origin of a request, it is entirely up to your database administrator to define which IP addresses or subnetworks will or will not be granted access to the data in your database.
Partnering with Trianz for Successful Data Migration
Reassuring as it is to know how much Azure SQL Database does to keep your data safe, it should be equally encouraging to know that Trianz has a team of seasoned experts who can help you migrate your data, apps and servers to Azure.
Our experience helping Fortune 1000 companies with their migrations has helped us refine a streamlined approach to meeting the needs of large organizations. If you are planning to migrate to Azure, contact one of our specialists today to schedule a consultation.