Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cosmos DB Security

Cosmos DB Security

Muhammad Sajid

June 17, 2020
Tweet

More Decks by Muhammad Sajid

Other Decks in Technology

Transcript

  1. #StockholmAzure
    Meetup Sponsors

    View Slide

  2. Hardening Cosmos DB Security
    and Machine Learning In
    Microsoft Eco-System
    Muhammad Sajid
    Mohammed Osman

    View Slide

  3. Vi samarbeta med restaurang
    K-märkt och "Mattillvården". För
    varje anmäld deltagare lagar
    restaurang K-Märkt en härlig
    lunch/middagslåda och levererar
    den till Danderyds Sjukhus.

    View Slide

  4. Muhammad Sajid
    Cloud Solutions Architect with a passion for
    designing and developing cloud-native solutions.
    Interested in DDD, Distributed Event-Driven
    systems, BIG data, and IoT.
    @sajid_nazeer
    linkedin.com/in/musa

    View Slide

  5. View Slide

  6. Hardening Cosmos DB
    Security

    View Slide

  7. Azure Policy support for Azure Cosmos DB

    View Slide

  8. Encryption at Rest (on by default)
    ● Service managed Keys
    ○ 1st layer of encryption
    ● Customer managed Keys
    ○ 2nd layer of encryption

    View Slide

  9. View Slide

  10. Get, Wrap, Unwrap

    View Slide

  11. View Slide

  12. View Slide

  13. IP filter

    View Slide

  14. Minimum TLS version? And Weak ciphers

    View Slide

  15. View Slide

  16. View Slide

  17. View Slide

  18. Network Isolation using Private link
    Private access to Azure PaaS Services

    View Slide

  19. View Slide

  20. Demo

    View Slide

  21. Takeaways
    ● Use Azure policies
    ● Use customer managed keys feature
    only when required
    ● Use Private link feature to reduce
    the attack surface
    ● Contact Microsoft for TLS version
    ● Don’t settle for the right solutions .
    Find new ones, and keep learning.

    View Slide

  22. Questions?

    View Slide

  23. @sajid_nazeer
    linkedin.com/in/musa

    View Slide