Storage (user-profiles and security of files)
Azure Storage is a part of Microsoft’s cloud storage solution. Azure Storage offers a massively scalable object store for data objects, a file system service for the cloud. Azure Storage is durable and highly available and is available of two types Standard and Premium.
The Windows Azure Storage component represents a durable service in the cloud. Azure allows developers to store tables, blobs and message queues. The storage can be accessed through HTTP and windows storage explorer (Desktop tool). You can also create own clients although Windows Azure SDK provides a client library for accessing the Storage too.
Storage Account Security:
Azure Storage is a versatile service and because of its low cost and high elasticity, it is one of the best ways to store many types of structured and unstructured data (BLOBs, tables and files) in the Cloud. However, the one aspect that is usually overlooked when setting up a system using Azure Storage is security
Protecting the storage account (Managed disk storage and traditional storage account), Binary Large Object (Blobs) i.e Unstructured file data, Files (SMB file shares), Queues (Messaging Data), Tables (NoSQL semi-structured data).
Azure VM disks: OS Disk and Data Disk
RBAC: Role-based resource access to user, groups and applications which allow us to better control over the resources.
To begin with, there are two types of access, public and private, that apply to either containers or BLOBs that can be defined when they are created.
Public access to BLOB and containers is usually configured for resources that need to be publicly accessible and don’t require any protection.
Private access means that resources can only be accessed using either the Master or Secondary Storage Account Keys.
You could, therefore, use the “private access” model to secure access to your storage account using these “512-bit strings, key rollover, Azure key Vault”
Encryption at Rest and in Transit
Every communication with Azure Storage should be based on connection strings and enforcing the use of HTTPS for BLOB URLs, which in turns provides Encryption in Transit.
Azure Storage Analytics can be used for logging and for storing data about metrics. Performance metrics of a storage account are important, especially when used in conjunction with Virtual Machines (VMs). Further, you can use this data to trace requests, analyze usage trends and diagnose issues with your storage account.