Azure Storage security feature

High-level security benefits for the data in the cloud:

Protect the data at rest

o All data written to Azure Storage is automatically encrypted by Storage Service Encryption (SSE) with a 256-bit Advanced Encryption Standard (AES) cipher, and is FIPS 140–2 compliant.

o SSE automatically encrypts data when writing it to Azure Storage.

o When you read data from Azure Storage, Azure Storage decrypts the data before returning it.

o This process incurs no additional charges and doesn’t degrade performance. It can’t be disabled.

Protect the data in transit

o Always use HTTPS to secure communication over the public internet

o This flag will also enforce secure transfer over SMB by requiring SMB 3.0 for all file share mounts.

Support browser cross-domain access

o Azure Storage supports cross-domain access through cross-origin resource sharing (CORS).

o CORS uses HTTP headers so that a web application at one domain can access resources from a server at a different domain.

Control who can access data

o Azure Storage supports Azure Active Directory and role-based access control (RBAC) for both resource management and data operations.

·Audit storage access

o You can audit Azure Storage access by using the built-in Storage Analytics service.