Protecting Azure Databases

Written By Chauncey JR

In this lab, I will be implementing data encryption on Azure SQL Database, configuring data masking, applying data classification, and turning on database auditing. Data encryption is basically scrambling data that can be unscrambled later. Data masking can hide your data. Personally identifiable information or PII is a data classification. Your social security number and your credit card are PII. Database auditing keeps track of all actions done on a database.

What is an Azure SQL Database?

A database is an organized set of defined information or data. Microsoft Azure SQL Database is a managed cloud database provided as part of Microsoft Azure. A cloud database is a database that runs on a cloud computing platform, and access to it is provided as a service. Managed database services take care of scalability, backup, and high availability of the database.

Quick note

I had to download Azure Data Studio to do this lab.

Implement Customer-Managed Encryption

1.       I navigated to my SQL server.

2.       After I clicked on transparent data encryption, I then selected the customer-managed key.

3.       This is what I saw after I create the key vault and the key.


4.       I have implemented customer-managed encryption.

Implement Data Masking

1.       I navigated to my SQL database and clicked on dynamic data masking.

2.       Then I click on add a masking rule.

3.       Then I saved my new masking rule. See the details of the masking rule below. I have masked the lastname column under the customer table.

4.       I can now see the lastname column is masked.

Apply Data Classification

1.       I navigated to my SQL database and clicked on data discovery & classification.

2.       I added 3 pieces of data to be classified.

Implement a Database Audit

1.       I clicked on auditing in the left-hand menu.

2.       Then I enabled database auditing.

Additional security I could do.

1.       Enabled SQL Vulnerability Assessment (VA) to examine your database for security issues, and to routinely run on your databases.

2.       Make sure that when connecting to Azure SQL Database and SQL Managed Instance I was using the latest Transport Layer Security (TLS) version.

3.       Used Always Encrypted to ensure sensitive data isn't shown in plaintext(unencrypted) in Azure SQL Database or SQL Managed Instance.

What did you learn?

In conclusion, I was able to secure the Azure database. This was my first time implementing a database audit and applying data classification. Data breaches are a serious concern. Securing databases in the cloud or on-prem will always be an important skill to have. Please see the link below to learn more about securing Azure databases.

https://learn.microsoft.com/en-us/azure/azure-sql/database/security-best-practice?view=azuresql

Thank you for visiting my blog.

Chauncey JR
Previous

Using CloudFormation
Next

5 THINGS I LEARNED FROM THE AWS CLOUD PRACTITIONER CERTIFICATION