Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cosmos DB Security

Muhammad Sajid
June 17, 2020
Technology
0
52

Cosmos DB Security

Muhammad Sajid

June 17, 2020
Tweet

More Decks by Muhammad Sajid

See All by Muhammad Sajid
When Stateful Serverless met Planet-scale Event-sourcing
msajid
0
140
Azure App configuration
msajid
2
780

Other Decks in Technology

See All in Technology
Security-JAWS【第35回】勉強会クラウドにおけるマルウェアやコンテンツ改ざんへの対策
4su_para
0
200
20241120_JAWS_東京_ランチタイムLT#17_AWS認定全冠の先へ
tsumita
2
320
電話を切らさない技術 電話自動応答サービスを支える フロントエンド
barometrica
2
350
TypeScriptの次なる大進化なるか!? 条件型を返り値とする関数の型推論
uhyo
2
1.8k
OS 標準のデザインシステムを超えて - より柔軟な Flutter テーマ管理 | FlutterKaigi 2024
ronnnnn
1
340
AWS Lambda のトラブルシュートをしていて思うこと
kazzpapa3
2
200
FlutterアプリにおけるSLI/SLOを用いたユーザー体験の可視化と計測基盤構築
ostk0069
0
180
プロダクト活用度で見えた真実 ホリゾンタルSaaSでの顧客解像度の高め方
tadaken3
0
260
SRE×AIOpsを始めよう!GuardDutyによるお手軽脅威検出
amixedcolor
1
230
Making your applications cross-environment - OSCG 2024 NA
salaboy
0
210
The Role of Developer Relations in AI Product Success.
giftojabu1
0
150
iOSチームとAndroidチームでブランチ運用が違ったので整理してます
sansantech
PRO
0
160

Featured

See All Featured
Code Reviewing Like a Champion
maltzj
520
39k
Optimising Largest Contentful Paint
csswizardry
33
2.9k
Bash Introduction
62gerente
608
210k
Building a Scalable Design System with Sketch
lauravandoore
459
33k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.3k
[RailsConf 2023] Rails as a piece of cake
palkan
52
4.9k
A better future with KSS
kneath
238
17k
Measuring & Analyzing Core Web Vitals
bluesmoon
4
140
Into the Great Unknown - MozCon
thekraken
32
1.5k
Navigating Team Friction
lara
183
14k

Transcript

  1. #StockholmAzure Meetup Sponsors

  2. Hardening Cosmos DB Security and Machine Learning In Microsoft Eco-System

    Muhammad Sajid Mohammed Osman

  3. Vi samarbeta med restaurang K-märkt och "Mattillvården". För varje anmäld

    deltagare lagar restaurang K-Märkt en härlig lunch/middagslåda och levererar den till Danderyds Sjukhus.

  4. Muhammad Sajid Cloud Solutions Architect with a passion for designing

    and developing cloud-native solutions. Interested in DDD, Distributed Event-Driven systems, BIG data, and IoT. @sajid_nazeer linkedin.com/in/musa
  5. None

  6. Hardening Cosmos DB Security

  7. Azure Policy support for Azure Cosmos DB

  8. Encryption at Rest (on by default) • Service managed Keys

    ◦ 1st layer of encryption • Customer managed Keys ◦ 2nd layer of encryption
  9. None

  10. Get, Wrap, Unwrap

  11. None
  12. None

  13. IP filter

  14. Minimum TLS version? And Weak ciphers

  15. None
  16. None
  17. None

  18. Network Isolation using Private link Private access to Azure PaaS

    Services
  19. None

  20. Demo

  21. Takeaways • Use Azure policies • Use customer managed keys

    feature only when required • Use Private link feature to reduce the attack surface • Contact Microsoft for TLS version • Don’t settle for the right solutions . Find new ones, and keep learning.

  22. Questions?

  23. @sajid_nazeer linkedin.com/in/musa