Implement Secure Storage Solutions for Internal Corporate Use
#bigdata#azure#devops#cloud
lotanna obianefo

lotanna obianefo @lotanna_obianefo

About: Hi, I'm Lotanna Obianefo. A cloud enthusiast with a background in cloud engineering and data analysis. I’m currently exploring the world of FinOps, where cloud strategy meets financial accountability

Location:
United Kingdom
Joined:
Mar 16, 2025

Implement Secure Storage Solutions for Internal Corporate Use

Publish Date: May 17
0 0

Deploying secure storage solutions for internal corporate data is critical to safeguarding sensitive information, ensuring operational continuity, and complying with regulatory standards. This article outlines technical strategies for implementing robust storage systems tailored to internal organizational needs.

Establish a storage account and enable high-availability configurations.

Create a storage account for the internal private company documents.
In the portal, search for and select Storage accounts
lota001

Click + Create. Choose the Resource group established in the prior lab. Configure the Storage account name as private, appending a unique identifier to ensure distinctiveness. Proceed to Review and initiate the Create operation for the storage account. Await deployment completion, then navigate to the resource by selecting Go to resource.

lota1
lota2
lota3

This storage solution demands high availability to withstand regional outages, with no need for read access in the secondary region. Configure the suitable redundancy level accordingly.

Within the storage account, navigate to the Data management section and access the Redundancy blade. Confirm that Geo-redundant storage (GRS) is selected. Refresh the page to update the view. Examine the details of the primary and secondary locations. Persist your modifications by saving the changes.
lota4

Establish a storage container, upload a file, and configure restricted access to the file.

Within the storage account, navigate to the Data storage section and access the Containers blade. Click + Container to initiate creation. Set the container Name to private. Verify that the Public access level is configured as Private (disallowing anonymous access). At your convenience, explore the Advanced settings, though retain the default values. Finalize the process by selecting Create.

yrdri
lota5

For validation purposes, upload a file to the "private" container. The file type is immaterial; a small image or text file is recommended. Verify that the file remains inaccessible to the public.

Access the container. Click Upload. Navigate to your file directory and choose a file. Complete the file upload. Select the uploaded file. On the Overview tab, copy the provided URL. Paste the URL into a new browser tab. Confirm that the file does not display and that an error is returned.

etrute65tf

lota6
lota7
lota6
iuheyroy

An external partner needs read and write permissions for the file for a minimum of 24 hours. Set up and validate a Shared Access Signature (SAS) to facilitate this access.

Choose your uploaded blob file and navigate to the Generate SAS tab. In the Permissions dropdown, confirm that the partner is granted only Read permissions. Ensure the Start and expiry date/time is set to span the next 24 hours. Click Generate SAS token and URL. Copy the Blob SAS URL and paste it into a new browser tab. Confirm access to the file: if an image, it will render in the browser; otherwise, other file types will initiate a download.

dutf6rey
YTIFRUKIYG
JHGYrds

Wolahh! it works..
Ikjihf

Set up storage access tiers and implement content replication strategies.

To optimize costs, transition blobs from the hot tier to the cool tier after a 30-day period.

Navigate back to the storage account. In the Overview section, observe that the Default access tier is configured as Hot. Within the Data management section, access the Lifecycle management blade. Click Add rule. Assign the Rule name as movetocool. Define the Rule scope to encompass all blobs within the storage account. Proceed to the next step. Verify that Last modified is selected. Adjust the More than (days ago) parameter to 30. In the Then drop-down, choose Move to cool storage. At your convenience, explore additional lifecycle options in the drop-down. Finalize the process by adding the rule.

ytryett
khgyufrr
rdsyrex
jjhyr
Here is the Rule below.
;ihyftkj

The files for the public website require replication to a secondary storage account for backup purposes.

In your storage account, create a new container called backup. Use the default values.
newbavckup
fdsryfrrd
anothernew
Navigate to your publicwebsite storage account. This storage was created on my previous piece.

In the Data management section, select the Object replication blade. Select Create replication rules. Set the Destination storage account to the private storage account. Set the Source container to public and the Destination container to backup then you Create the replication rule.
fewyueyewi
jygtdrdt
duddjt
Optionally, as you have time, upload a file to the public container. Return to the private storage account and refresh the backup container. Within a few minutes your public website file will appear in the backup folder.

In summary, Azure storage provides robust data protection through features like AES-256 encryption, RBAC-based access control, network security with private endpoints, and monitoring with alerting capabilities. A Shared Access Signature (SAS) enables secure, delegated access to storage resources, offering fine-grained control over client permissions. Azure Blob Storage lifecycle management implements rule-based policies to transition blob data across access tiers (e.g., hot to cool) or expire data at lifecycle completion. Object replication facilitates asynchronous copying of block blobs from a source to a destination storage account for backup or redundancy.

Comments 0 total

    Add comment