Day 10 - Azure SQL Database

/azure/sql-database/cover-image.png

Azure SQL Database is a fully managed platform as a service (PaaS) database engine that handles most of the database management functions such as upgrading, patching, backups, and monitoring without user involvement.

Azure SQL Database is always running on the latest stable version of the Microsoft SQL Server database engine and patched OS with 99.99% availability.

(Hold on, the names can get somewhat confusing.)

There are 3 offerings under Azure SQL family:

  1. Azure SQL Database - Fully managed PaaS database engine
  2. Azure SQL Managed Instance (SQL MI) - Also a PaaS database engine with additional SQL Server features like SQL Server Agent, Service Broker, etc
  3. SQL Server on Azure VMs - An IaaS offering - much like running Microsoft SQL Server on a VM

So in this post I’m talking specifically about Azure SQL Database and not the other two.

Azure SQL Database offers robust security features to protect data:

  • Network Security: Uses firewalls and virtual networks to control access.
  • Authentication and Authorization: Supports Azure Active Directory authentication and role-based access control.
  • Data Protection: Includes encryption for data at rest and in transit.
  • Threat Detection: Monitors for unusual activities indicating potential security threats.
  • Compliance: Adheres to compliance standards for data security.

For securing Azure SQL Databases, it’s crucial to configure firewall rules correctly, use strong authentication methods, enable data encryption, regularly update security policies, and monitor for any unusual database activities.

You can check out the docs for detailed overview of Azure SQL database’s security capabilities.

Azure SQL Database and Azure SQL Managed Instance supports dynamic data masking out of the box. I haven’t seen similar feature in other cloud providers which can be readily used.

Dynamic data masking limits sensitive data exposure by masking it to nonprivileged users. Using the feature you can setup fine grained access to customer PII on production DBs - enhancing your org’s data security.

If this sounds interesting, you can read more about dynamic data masking.


Subscribe here to get a weekly gist of Azure Security posts directly to your email.

Follow me on LinkedIn and X to be get my posts on Cloud Security and DevSecOps.