Home Blog Azure Data Lake Security Best Practices

Azure Data Lake Security Best Practices

 2022/09/04   Microsoft Cloud Solutions   1232 visit(s)  5 min to read




Azure Data Lake is part of the Microsoft Azure public cloud platform, allowing organizations around the world to work with large amounts of data. 

However, with such data comes a lot of security concerns, and in this article, we will be discussing the best practices you can follow to keep your data organized, compliant with the laws, and secured in the best way.

Read More: What Is Azure Data Lake?

1. Safety first

For Azure Active Directory users, teams, and service principals, Azure Data Lake Storage Gen1 provides POSIX access controls and comprehensive research.

You can add access controls as you desire to existing files and folders.

As for access restrictions, it can be used to automatically set new files and folders as well.

In terms of permissions, they must be distributed repeatedly for each item when they are set to folders that you already have in addition to children’s items.

Read More: Microsoft Active Directories - What They Are & When To Use Each of Them

2. Replace individual users and use security groups

Instead of assigning individual users to folders and files, you can make use of Azure Active Directory security groups for cases where you're working with large data and other services such as HDInsight being integrated with your Data lake Gen1.

Adding or removing users from the protection group does not require modification of the Data Lake Storage Gen1 if rights are granted.

This ensures that you do not exceed the 32 Access and Default ACL limit as well.

3. For groups, security

You can divide groups by the following for users who need to access Data Lake Storage Gen1:

  • ReadOnlyUsers
  • WriteAccessUsers
  • FullAccessUsers of the root account
  • Variations of small key folders

However, if there are other users you expect to be added later but have not been identified, you may want to try to create invisible security groups with access to certain folders.

4. Security for service managers

Services such as Azure HDInsight typically use Azure Active Directory service principals to access data in Data Lake Storage Gen1.

However, you'll find some security concerns here within and outside your business, depending on the requirements for access.

For most clients, a single Azure Active Directory service holder with full permissions on a Data Lake Storage Gen1 account may suffice.

But you'll find customers who may request multiple collections with different service principles, such as one with full data access and one with read-only access.

As soon as a Data Lake Storage Gen1 account is created, you can consider creating a principal for each case that you may face.

5. Enable the Data Lake Storage Gen1 firewall

Data Lake Storage Gen1 permits you to enable a firewall and restrict access to Azure resources only, which is enhanced by a small external vector attack.

How to do it? Simply by following this in settings:

Firewall> Enable Firewall (ON)> Allow access to Azure service

6. Data Lake Storage Gen1 firewall settings

Only Azure services such as HDInsight, Data Factory, Azure Synapse Analytics, and others have access to Data Lake Storage Gen1 after the firewall is opened.

However, the Data Lake Storage Gen1 firewall does not support the blocking of certain services by IP and that is because of the translation of the Azure internal network address that is only ., such as internal.

How about we take the lead for you?

We are proud to be one of Microsoft Partners in the gulf area, and we're thankful to our team for their efforts in providing various Microsoft Services and solutions for SMBs in Saudi Arabia.

Our qualified team at Ctelecoms is ready to help you at any time whether in implementation or consultation, so don't hesitat to contact our team: https://www.ctelecoms.com.sa/en/Form15/Contact-Us

Search the Blog

Subscribe Blog



IT & Cyber-Security Solutions

Best-in-class cyber security solutions to ...


Microsoft Cloud Solutions

Explore Ctelecoms extensive selection of ...


Datacenter Solutions

Solve issues, streamline operations, promote ...


Cloud Backup & Disaster Recovery Solutions

Keep your data, apps, emails and operations ...


Computing & Hyper-converged Infrastructure Solutions

Take your IT infrastructure to the next level ...


Unified Communications & Networking Solutions

Ensure you are securely connected with all ...


Meraki Networking Solutions

Quickly deploy a reliable, secure, cloud-managed ...