Blog

Azure Security Best Practices | Dreamfactory

Written by Terence Bennett | May 1, 2020

Contents: Azure Security Best Practices

We're exploring Azure Security Best Practices. The American government's annual budget is almost $10 billion regarding cybersecurity, businesses and users must take proactive action, implementing and practicing security best practices.



Azure Best Practices 

It's estimated that in 2023, cybercriminals will steal around 33 billion records. However, that should not deter businesses from optimizing everyday operations, especially in regard to their cloud workloads. Azure is a prime example of a beneficial cloud computing service, particularly in terms of unified API management, storage, and disaster recovery.

If you are moving toward cloud adoption, Azure can be of great assistance when aiming to secure business assets. With that being said, you need to be aware of what you're responsible for to enhance security measures.

Need an API for your Microservice? Did you know you can generate a full-featured, documented, and secure REST API in minutes using DreamFactory? Sign up for our free 14 day hosted trial to learn how! Our guided tour will show you how to create an API using an example MySQL database provided to you as part of the trial!

Connect My Azure Database Now

Azure Database Best Practices

Spending $1 billion per year to protect their customers' data, there's a reason why 95% of Fortune 500 companies trust their business on Azure. With that being said, extra precautions and Azure security best practices need to be considered in order to maximize security efforts.

 

API Authentication

APIs handle an immense amount of data, which is why it's imperative to invest in API security. Think of authentication as an identification card that proves you are who you say you are. Although Azure Database provides a range of security features, end users are required to practice additional security measures. For example, you must manage strong credentials yourself.

Active Directory is the authentication solution of choice for enterprises around the world, and the Azure-hosted version only adds to the attraction as companies continue migrating to the cloud. If you'd like to add Azure Active Directory authentication to your application, you can use DreamFactory's Azure Active Directory OAuth connector to easily do so.

Securing APIs is difficult and time consuming. DreamFactory makes it easy with User Management, SSO Authentication, JSON Web Tokens (JWT), CORS, Role-Based Access Control on API endpoints, record-level permissions on data, OAuth, LDAP, Active Directory, SAML integration, and more. Take steps to automatically generate, publish, and manage REST APIs. Learn more here

 

Be Mindful of Firewall Rules

Firewall rules are put in place to restrict data access. Microsoft Azure SQL Database utilizes these rules to limit connectivity by IP address, in addition to enforcing authentication and authorization measures. Whenever possible, use database IP firewall rules.

DreamFactory can be deployed on premise behind the firewall, in a DreamFactory-hosted environment or on a self-hosted cloud. With this flexibility of deployment and robust security measures, DreamFactory can satisfy and support the most stringent firewall requirements. 

 

Protect Data Using Encryption

Data encryption helps to protect your data on disk while ensuring protection against unauthorized access to hardware. This includes your associated backups. If your organization is not using database-level encryption, you may be more susceptible to attacks.

However, it's important to be mindful of authorized users when practicing best practices. Although the database will be encrypted, it is recommended that you follow these recommendations:

  • Be sure to enable SQL Server authentication at the database level
  • When you use Azure Active Directory authentication, do so using role-based access control (RBAC) roles. This allows you to manage who has access to Azure resources, as well as what they can do with the resources they have access to.
  • Use separate accounts to authenticate unique users and applications.

 

Enable Database Threat Detection and Database Auditing

In terms of threat detection, it's up to you to discover and classify the most sensitive, critical data in your databases. This can be done by enabling Data Discovery and Classification, which will allow you to actively monitor data or access download reports. 

You should also: Track any potential vulnerabilities and enable Threat Detection — which offers security alerts and recommendations.

In terms of auditing, you'll want to track and log events. These audits can be created for server-level events and database-level events based on key specifications. This is key in terms of ongoing compliance. It will also help you better understand database activity, providing insight into any potential security violations or business concerns. 

DreamFactory comes with the popular ELK stack (Elastic, Logstash, and Kibana) for logging and reporting on API traffic. Kibana provides flexible reporting on all API calls with pre-configured dashboards segmented by instance, application, role, user, API endpoint, and more.

From authentication to database, cloud to email tools, DreamFactory is the ultimate REST API management platform. Integrate DreamFactory by starting your free trial today!

Meta description: DreamFactory integration supports Azure Database security best practices, making API management safe and simple.