2022/09/04 Microsoft Cloud Solutions 367 visit(s) 5 min to read
Azure Data Lake is part of the Microsoft Azure public cloud platform, allowing organizations around the world to work with large amounts of data.
However, with such data comes a lot of security concerns, and in this article, we will be discussing the best practices you can follow to keep your data organized, compliant with the laws, and secured in the best way.
Read More: What Is Azure Data Lake?
For Azure Active Directory users, teams, and service principals, Azure Data Lake Storage Gen1 provides POSIX access controls and comprehensive research.
You can add access controls as you desire to existing files and folders.
As for access restrictions, it can be used to automatically set new files and folders as well.
In terms of permissions, they must be distributed repeatedly for each item when they are set to folders that you already have in addition to children’s items.
Instead of assigning individual users to folders and files, you can make use of Azure Active Directory security groups for cases where you're working with large data and other services such as HDInsight being integrated with your Data lake Gen1.
Adding or removing users from the protection group does not require modification of the Data Lake Storage Gen1 if rights are granted.
This ensures that you do not exceed the 32 Access and Default ACL limit as well.
You can divide groups by the following for users who need to access Data Lake Storage Gen1:
However, if there are other users you expect to be added later but have not been identified, you may want to try to create invisible security groups with access to certain folders.
Services such as Azure HDInsight typically use Azure Active Directory service principals to access data in Data Lake Storage Gen1.
However, you'll find some security concerns here within and outside your business, depending on the requirements for access.
For most clients, a single Azure Active Directory service holder with full permissions on a Data Lake Storage Gen1 account may suffice.
But you'll find customers who may request multiple collections with different service principles, such as one with full data access and one with read-only access.
As soon as a Data Lake Storage Gen1 account is created, you can consider creating a principal for each case that you may face.
Data Lake Storage Gen1 permits you to enable a firewall and restrict access to Azure resources only, which is enhanced by a small external vector attack.
How to do it? Simply by following this in settings:
Firewall> Enable Firewall (ON)> Allow access to Azure service
Only Azure services such as HDInsight, Data Factory, Azure Synapse Analytics, and others have access to Data Lake Storage Gen1 after the firewall is opened.
However, the Data Lake Storage Gen1 firewall does not support the blocking of certain services by IP and that is because of the translation of the Azure internal network address that is only ., such as internal.
We are proud to be one of Microsoft Partners in the gulf area, and we're thankful to our team for their efforts in providing various Microsoft Services and solutions for SMBs in Saudi Arabia.
Our qualified team at Ctelecoms is ready to help you at any time whether in implementation or consultation, so don't hesitat to contact our team: https://www.ctelecoms.com.sa/en/Form15/Contact-Us