Azure SQL Database is a fully-managed relational
cloud database service using the Microsoft SQL Server Engine which supports
structures such as relational data, JSON, spatial, and XML.
Azure SQL Database is a managed database service
to take care of scalability, backup, and high availability of the database. It
is differ from AWS RDS which is a container service.
We know that SQL Database is a high-performance,
reliable, and secure database which can be used to build data-driven
applications and websites in the programming language of our choice, without
needing to manage infrastructure.
SQL Database delivers predictable performance at
multiple service levels which provides the following with near-zero
administration -
1. Dynamic scalability with
no downtime
2. Built-in intelligent
optimization
3. Global scalability and
availability
4. Advanced security
options
Azure SQL Databases is currently in 38 data
centers around the world, with more data centers coming online regularly, which
enable us to run our database in a data center near us.
Scalable
performance and pools
With Azure
SQL Database, each database is isolated from each other and portable, each with
its own service tier with a guaranteed performance level. SQL
Database provides different performance levels for different needs, and enables
databases to be pooled to maximize the use of resources and save money.
Basically, it offers four service tiers to support lightweight to heavyweight
database workloads such as Basic, Standard, Premium, and Premium RS. In
this way, we have an option to adjust performance without downtime to our application
or to our customers. So, dynamic scalability enables our database to
transparently respond to rapidly changing resource requirements and enables us
to only pay for the resources that we need when you need them.
Built-in
intelligence
We have
stated that Azure SQL database is built-in intelligence to protect and optimize
our database to help us dramatically reduce the costs of running and managing
databases and maximizes both performance and security of your application.
Running n number of customer workloads around-the-clock, SQL Database collects
and processes a massive amount of telemetry data, while also fully respecting
customer privacy behind the scenes. Apart from this, various algorithms are
continuously evaluating the telemetry data so that the service can learn and
adapt with our application.
Availability
capabilities
Azure's industry leading
99.99% availability service level agreement (SLA), powered by a global
network of Microsoft-managed datacenters, helps keep our app running 24/7. In
addition, SQL Database provides built-in business
continuity and global scalability features, including Automatic backups, Point-in-time restores, Active geo-replication and Failover groups.
Advanced
security and compliance
Azure SQL Database provides a range of built-in
security and compliance features to help our application meet various security and
compliance requirements such as –
1. Data encryption at rest - all newly created
Azure SQL databases are automatically protected with transparent data
encryption which is SQL’s proven encryption-at-rest
technology that is required by many compliance standards to protect against
theft of storage media
2. Auditing for compliance
and security
– with the help of Azure SQL Database
Auditing tracks database events, writes them to an audit
log in our Azure storage account. In this way, auditing can help us to maintain
regulatory compliance, understand database activity, and gain insight into
discrepancies and anomalies that could indicate business concerns or suspected
security violations.
3. Dynamic data masking - it limits sensitive data exposure by
masking it to non-privileged users and helps prevent unauthorized access to
sensitive data by enabling customers to designate how much of the sensitive
data to reveal with minimal impact on the application layer. It’s a
policy-based security feature that hides the sensitive data in the result set
of a query over designated database fields, while the data in the database is
not changed.
4. Row-level security – It enables
customers to control access to rows in a database table based on the
characteristics of the user executing a query (such as by group membership or
execution context). Row-level security (RLS) simplifies the design and coding
of security in your application.
Questions & Answers
How to secure data and prevent employees to share it with other companies ?
In general, the best way is to protect the data either through encryption (e.g., Always Encrypted) and limit access to the key; or use data masking/row-level security to limit the data employees can access in a db and to obfuscate those data values they can query and access.
How to properly restrict access to Azure SQL to specific Azure Web Site?
There are two scenarios here: 1. If you use Azure SQL Database Managed Instance, you can use VNETs/Subnets to restrict access to your SQL databases to only those Web apps that are in the same VNET or in a subnet in the same VNET. 2. If you use singleton/pools where we don't have VNET/Subnet support yet, you can use AAD with conditional access to limit the users/principles who can access databases (incl. the devices from where they connect).
Conclusion
–
Azure SQL Database includes built-in intelligence that
learns app patterns and adapts to maximize performance, reliability, and data
protection. It
enables us to centrally manage identities of database
user and other Microsoft services with Azure Active Directory integration. Azure
SQL Database participates in regular audits and has been certified against
several compliance standards. It supports building applications
with Python, Java, Node.js, PHP, Ruby, and .NET on the Mac OS, Linux, and Windows.
References- https://docs.microsoft.com/en-in/azure/sql-database/sql-database-technical-overview