Digital data always exists in one of three states: at rest, in process, and in transit.
Apply disk encryption (Azure Disk Encryption) Use encryption - encrypt drives before writing data
On Prem multiple workstations -> Azure network: Use site to site VPN On prem single workstation -> Az network: Use point to site VPN Moving large data sets: Azure exppress route, with SSL / TLS Interact with AZ storage: always use HTTPS
Advanced Data Security classifies you data based a database scan and column contents labels - applied to DB columns query results - sensitivity is calc'd in real time visibility - provides a dashboard
- labels are the main classification attributes to define the sensitivvity
- information types provide granularity
- Azure sql auditing
- Data discovery and classification - helps identify sensitive data
- Dynamic data masking -limits exposure of sensitive data
- Security center - scans db and makes recommendations
- TDE - encrypts database, backups and logs at rest
A data retention policy should address the required regulatory and compliance requirements and corporate legal retention requirements
AZ blob storage allows for Write Once Read Many
- time base retention policies
- legal hold policies
- works on all blob tiers (hot, cool, archive)
- configured at the container level
- audit logging (for lifetime of the container)
- retention policy is based on the rules when you create the blob
blob will not be deleted if it is on legal hold.
Digital information is always subject to the laws of the country or region where it's stored
Each AZ region is paired with another region in the same geography.
summary: you need to set up your resources to fail over if something happens
what is number key?
- 300 miles between centers is preferred in case of something happening
- some services provide automatic replication
- recovery of one region will be prioritized out of every pair
- Updates are rolled out to paired regions one at a time
- A region is in the same geography for data residency (except Brazil South)