Use encryption to protect your data, whether it’s in storage, moving across the network, or being processed. Base your encryption strategy on how sensitive the data is.
By following this approach, even if someone manages to get access, they can’t read anything without the right keys.
Sensitive data includes configuration information that’s used to gain further access inside the system. Data encryption can help you contain risks.
Contoso’s challenge
- Contoso Rise Up backs up each PostgreSQL database by using the built-in point-in-time restores. To be safe, they also make a daily backup that’s consistent and store it separately in a storage account.
- The disaster recovery storage account is restricted with just-in-time access and only a few Microsoft Entra ID accounts can access it.
- During a recovery drill, an employee tried to access a backup and accidentally copied the backup to network share in the Contoso organization.
- A few months later, this backup was discovered and reported to Contoso’s privacy team. They did a full investigation into how it was accessed and what happened to it up to the time when the incident was discovered. Luckily, no sensitive information was exposed, and the file was deleted after they finished their investigation and audit.
Applying the approach and outcomes
- The team now has a clear rule that all backups must be encrypted at rest by using Azure Storage Service Encryption. And the encryption keys must be secured in Azure Key Vault.
- Even if a backup ends up somewhere it shouldn’t, the data inside it is useless without the decryption key. So a privacy breach is much less likely.
- The disaster recovery plan now includes standard guidance about how to properly handle backups, including how and when to safely decrypt a backup.
Leave a Reply