Azure SQL Database is a fully-managed relational
cloud database service using the Microsoft SQL Server Engine which supports
structures such as relational data, JSON, spatial, and XML.
Azure SQL Database is a managed database service
to take care of scalability, backup, and high availability of the database. It
is differ from AWS RDS which is a container service.
We know that SQL Database is a high-performance,
reliable, and secure database which can be used to build data-driven
applications and websites in the programming language of our choice, without
needing to manage infrastructure.
SQL Database delivers predictable performance at
multiple service levels which provides the following with near-zero
administration -
1. Dynamic scalability with
no downtime
2. Built-in intelligent
optimization
3. Global scalability and
availability
4. Advanced security
options
Azure SQL Databases is currently in 38 data
centers around the world, with more data centers coming online regularly, which
enable us to run our database in a data center near us.
Scalable
performance and pools
Built-in
intelligence
We have
stated that Azure SQL database is built-in intelligence to protect and optimize
our database to help us dramatically reduce the costs of running and managing
databases and maximizes both performance and security of your application.
Running n number of customer workloads around-the-clock, SQL Database collects
and processes a massive amount of telemetry data, while also fully respecting
customer privacy behind the scenes. Apart from this, various algorithms are
continuously evaluating the telemetry data so that the service can learn and
adapt with our application.
Availability
capabilities
Azure's industry leading
99.99% availability service level agreement (SLA), powered by a global
network of Microsoft-managed datacenters, helps keep our app running 24/7. In
addition, SQL Database provides built-in business
continuity and global scalability features, including Automatic backups, Point-in-time restores, Active geo-replication and Failover groups.
Advanced
security and compliance
Azure SQL Database provides a range of built-in
security and compliance features to help our application meet various security and
compliance requirements such as –
1. Data encryption at rest - all newly created
Azure SQL databases are automatically protected with transparent data
encryption which is SQL’s proven encryption-at-rest
technology that is required by many compliance standards to protect against
theft of storage media
2. Auditing for compliance
and security
– with the help of Azure SQL Database
Auditing tracks database events, writes them to an audit
log in our Azure storage account. In this way, auditing can help us to maintain
regulatory compliance, understand database activity, and gain insight into
discrepancies and anomalies that could indicate business concerns or suspected
security violations.
3. Dynamic data masking - it limits sensitive data exposure by
masking it to non-privileged users and helps prevent unauthorized access to
sensitive data by enabling customers to designate how much of the sensitive
data to reveal with minimal impact on the application layer. It’s a
policy-based security feature that hides the sensitive data in the result set
of a query over designated database fields, while the data in the database is
not changed.
4. Row-level security – It enables
customers to control access to rows in a database table based on the
characteristics of the user executing a query (such as by group membership or
execution context). Row-level security (RLS) simplifies the design and coding
of security in your application.
Questions & Answers
How to secure data and prevent employees to share it with other companies ?
In general, the best way is to protect the data either through encryption (e.g., Always Encrypted) and limit access to the key; or use data masking/row-level security to limit the data employees can access in a db and to obfuscate those data values they can query and access.
How to properly restrict access to Azure SQL to specific Azure Web Site?
There are two scenarios here: 1. If you use Azure SQL Database Managed Instance, you can use VNETs/Subnets to restrict access to your SQL databases to only those Web apps that are in the same VNET or in a subnet in the same VNET. 2. If you use singleton/pools where we don't have VNET/Subnet support yet, you can use AAD with conditional access to limit the users/principles who can access databases (incl. the devices from where they connect).
Conclusion –
How to secure data and prevent employees to share it with other companies ?
In general, the best way is to protect the data either through encryption (e.g., Always Encrypted) and limit access to the key; or use data masking/row-level security to limit the data employees can access in a db and to obfuscate those data values they can query and access.
How to properly restrict access to Azure SQL to specific Azure Web Site?
There are two scenarios here: 1. If you use Azure SQL Database Managed Instance, you can use VNETs/Subnets to restrict access to your SQL databases to only those Web apps that are in the same VNET or in a subnet in the same VNET. 2. If you use singleton/pools where we don't have VNET/Subnet support yet, you can use AAD with conditional access to limit the users/principles who can access databases (incl. the devices from where they connect).
Conclusion –
Azure SQL Database includes built-in intelligence that
learns app patterns and adapts to maximize performance, reliability, and data
protection. It
enables us to centrally manage identities of database
user and other Microsoft services with Azure Active Directory integration. Azure
SQL Database participates in regular audits and has been certified against
several compliance standards. It supports building applications
with Python, Java, Node.js, PHP, Ruby, and .NET on the Mac OS, Linux, and Windows.
References- https://docs.microsoft.com/en-in/azure/sql-database/sql-database-technical-overview
Evolution of DevOps: As organizations look at new technologies to enhance their business agility, speed and competitive edge, they also face new challenges that can't be merely met with traditional, out-of-date and on-premise monitoring tools.Data Analytics Courses
ReplyDeleteAcquire specialised skills with the Certification Programme in Digital Marketing. Learn how to improve the effectiveness of marketing activities and drive greater value for marketing in your organisation.
ReplyDeleteThis would regularly be the obligation of the DBA and on the off chance that your task has the advantage of an information draftsman and a DBA it will be the DBA who introduces the databases. https://onohosting.com/
ReplyDeleteThe focal point of the database overseer is generally speaking strength of the database and the information it contains, including database accessibility, execution, and access.https://hostinglelo.in/
ReplyDelete