SQLBits 2023

Securing Azure Cosmos DB

Implement network security with the IP firewall, VNet access, and private endpoints, understand the various authentication options using master keys, resource tokens and Azure AD integration, learn about built-in server-side encryption, and how to configure client-side encryption using Always Encrypted.
Every database needs to be secured, and Azure Cosmos DB provides enterprise-class security features to make certain that all your data is fully protected. In this session, you’ll learn how to setup network security – the first line of defense against any unauthorized access. We’ll cover the IP firewall and VNet access using service endpoints, plus how to enable private endpoints for a solution that’s completely isolated from the public internet. We’ll then move on to authentication options using master keys, resource tokens, and Azure Active Directory integration. Finally, we’ll look at built-in server-side encryption using Microsoft managed keys and customer managed keys, plus client-side encryption which ensures that highly sensitive data is always encrypted, and accessible only through applications that you approve. Attend this session and arm yourself with the skills you need to secure your database in Azure Cosmos DB!