Azure Storage Protection

26 JUL

There are serious and tremendous cloud data leaks every year. Different cloud providers supplies different solutions to protect its storage service. I will compare them in the later article. For today, I will try to introduce the Azure policy to protect Azure storage from public access.

In Azure Storage, for a long period of time, there is no REST ARM API for containers. This means that Azure policy couldn’t do anything on the data plan for Azure containers. Sounds familiar? Yes. Only a few services such as Key Vaults supplies the data plan control on the policy level. But things are changing and getting better now. We will see more controls for the policy to take on the data plan.

Azure Policy

Long term short, there is a new alias for container as following:

Microsoft.Storage/storageAccounts/allowBlobPublicAccess

With this alias, we can audit and prevent the storage in Azure easily. I will take container service as an example here.

This image has an empty alt attribute; its file name is image.png — Policy Rule

Compliance and Control

You can deploy the policy via certain mode to control the storage compliance check and remediation. Here is an example of audit policy which shows the compliance status.

Identity and Access Management blog

Cloud, Mobile and Blockchain IAM and Security Solution

Azure Storage Protection

Azure Policy

Compliance and Control

Leave a comment Cancel reply

Azure Policy

Compliance and Control

Share this:

Leave a comment Cancel reply