Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cosmos DB Security

Muhammad Sajid
June 17, 2020
Technology
0
38

Cosmos DB Security

Muhammad Sajid

June 17, 2020
Tweet

More Decks by Muhammad Sajid

See All by Muhammad Sajid
When Stateful Serverless met Planet-scale Event-sourcing
msajid
0
130
Azure App configuration
msajid
2
620

Other Decks in Technology

See All in Technology
Deep Dive into Jetpack Compose State
jisungbin
0
180
日浅流、 エンジニアリングマネージャーのしごと
takahia1988
0
110
Security-JAWS#29 AWS Summit Tokyo 2023 オンデマンド配信を楽しむためのセキュリティ関連トピックご紹介
kthrtty
1
220
TrivyでAWSセキュリティをシフトレフトしよう
bitkey
PRO
1
540
How to Write Robust Python Code
hayaosuzuki
5
870
SWEBOK V3からV4への改訂に見るソフトウェアエンジニアリングの発展とソフトウェア保守・進化
washizaki
0
340
高さ比べじゃない、キャリアは歩んできた道
dzeyelid
0
210
CyberAgent AI事業本部MLOps研修応用編
nsakki55
36
18k
KEDAで始めるイベント駆動システム #k8snovice / keda-tutorial
chmikata
1
130
Amazon EventBridge Schedulerを用いて Amazon QuickSightの運用を改善した話
shogo452
1
220
監視からオブザーバビリティへ〜オブザーバビリティの成熟度/From Monitoring to Observability - Maturity of Observability
newrelic2023
0
440
Антихрупкость в IT или как полюбить изменения
alexanderbyndyu
0
220

Featured

See All Featured
4 Signs Your Business is Dying
shpigford
171
20k
Bash Introduction
62gerente
602
210k
KATA
mclloyd
13
10k
A Philosophy of Restraint
colly
195
15k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
23
1.8k
Art, The Web, and Tiny UX
lynnandtonic
285
18k
Making the Leap to Tech Lead
cromwellryan
118
7.8k
Web development in the modern age
philhawksworth
197
9.7k
Thoughts on Productivity
jonyablonski
52
2.9k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
46
15k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
3.7k
Scaling GitHub
holman
453
140k

Transcript

  1. #StockholmAzure
    Meetup Sponsors

    View Slide

  2. Hardening Cosmos DB Security
    and Machine Learning In
    Microsoft Eco-System
    Muhammad Sajid
    Mohammed Osman

    View Slide

  3. Vi samarbeta med restaurang
    K-märkt och "Mattillvården". För
    varje anmäld deltagare lagar
    restaurang K-Märkt en härlig
    lunch/middagslåda och levererar
    den till Danderyds Sjukhus.

    View Slide

  4. Muhammad Sajid
    Cloud Solutions Architect with a passion for
    designing and developing cloud-native solutions.
    Interested in DDD, Distributed Event-Driven
    systems, BIG data, and IoT.
    @sajid_nazeer
    linkedin.com/in/musa

    View Slide

  5. View Slide

  6. Hardening Cosmos DB
    Security

    View Slide

  7. Azure Policy support for Azure Cosmos DB

    View Slide

  8. Encryption at Rest (on by default)
    ● Service managed Keys
    ○ 1st layer of encryption
    ● Customer managed Keys
    ○ 2nd layer of encryption

    View Slide

  9. View Slide

  10. Get, Wrap, Unwrap

    View Slide

  11. View Slide

  12. View Slide

  13. IP filter

    View Slide

  14. Minimum TLS version? And Weak ciphers

    View Slide

  15. View Slide

  16. View Slide

  17. View Slide

  18. Network Isolation using Private link
    Private access to Azure PaaS Services

    View Slide

  19. View Slide

  20. Demo

    View Slide

  21. Takeaways
    ● Use Azure policies
    ● Use customer managed keys feature
    only when required
    ● Use Private link feature to reduce
    the attack surface
    ● Contact Microsoft for TLS version
    ● Don’t settle for the right solutions .
    Find new ones, and keep learning.

    View Slide

  22. Questions?

    View Slide

  23. @sajid_nazeer
    linkedin.com/in/musa

    View Slide