Cosmos DB Security

Transcript

1. #StockholmAzure Meetup Sponsors

2. Hardening Cosmos DB Security and Machine Learning In Microsoft Eco-System

   Muhammad Sajid Mohammed Osman

3. Vi samarbeta med restaurang K-märkt och "Mattillvården". För varje anmäld

   deltagare lagar restaurang K-Märkt en härlig lunch/middagslåda och levererar den till Danderyds Sjukhus.

4. Muhammad Sajid Cloud Solutions Architect with a passion for designing

   and developing cloud-native solutions. Interested in DDD, Distributed Event-Driven systems, BIG data, and IoT. @sajid_nazeer linkedin.com/in/musa
5. None

6. Hardening Cosmos DB Security

7. Azure Policy support for Azure Cosmos DB

8. Encryption at Rest (on by default) • Service managed Keys

   ◦ 1st layer of encryption • Customer managed Keys ◦ 2nd layer of encryption
9. None

10. Get, Wrap, Unwrap

11. None
12. None

13. IP filter

14. Minimum TLS version? And Weak ciphers

15. None
16. None
17. None

18. Network Isolation using Private link Private access to Azure PaaS

    Services
19. None

20. Demo

21. Takeaways • Use Azure policies • Use customer managed keys

    feature only when required • Use Private link feature to reduce the attack surface • Contact Microsoft for TLS version • Don’t settle for the right solutions . Find new ones, and keep learning.

22. Questions?

23. @sajid_nazeer linkedin.com/in/musa