Versions Compared

Version Old Version 31 New Version 32
Changes made by

thierry sinassamy

thierry sinassamy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

iAPPLICATIVE SECURITY : Combining thes milestones 2 & 3

Note

There are 2 preferred solutions : One using the AzCopy Utility because the extraction of data from the on-premise server is totally free. But, if we want to automate the process, then the utility could be questionable. The second one is ADF (Azure Data Factory) which is not normally the appropriate solution because of the following reason : the extraction from ADF is never free. In our situation, the use of ADF won’t be expensive.

...

  1. Azure AI Search is already connected to the Blob Storage via a connectionstring using an encrypted account key

...

DATA PROTECTION

Azure Storage

By default, all data stored in Azure Storage is automatically encrypted using service-side encryption (SSE) because data is persisted to the cloud. Moreoever, all metadata is also encrypted. And, there is no additional cost for that. However, we can manage our own encryption keys if we have specific security and compliance needs (Azure Storage encryption for data at rest | Microsoft Learn | Azure Data Encryption-at-Rest - Azure Security | Microsoft Learn).

...

By default, all data stored in Azure is automatically encrypted without any additional configuration. If we have specific security or compliance needs, then we can add additional security and configure encryption at rest using customer-managed keys (Encrypt your application source at rest - Azure App Service | Microsoft Learn, Azure security baseline for App Service | Microsoft Learn).

Azure AI Search

By default, Azure AI Search automatically encrypts data at restwith service-managed keys. If we need more protection, we can supplement the dfault encryption woth another layer of encryption using keys that we can create and manage in Azure Key Vault (Encrypt data using customer-managed keys - Azure AI Search | Microsoft Learn).

- Move a search service across regions - Azure AI Search | Microsoft Learn, Encrypt data using customer-managed keys - Azure AI Search | Microsoft Learn, Azure security baseline for Cognitive Services | Microsoft Learn

Resilience for Azure AI Search - Reliability in Azure AI Search - Azure AI Search | Microsoft LearnAzure Storage - Azure Storage encryption for data at rest | Microsoft Learn, Data protection overview - Azure Storage | Microsoft Learn, Azure security baseline for Storage | Microsoft Learn

INFRA & SECURITY : Combining the milestones 2 & 3

...