How safe is the blob storage and containers in Microsoft azure

Ancy 20 Reputation points
2024-04-08T18:47:46.5866667+00:00

Hi

I’m working on a small experiment, trying to use the blob storage for my storage and I just wanted to know how foolproof is this. I have not used azure blob before. If I store something in blob who else can access it? Apart from me

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,158 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,853 questions
0 comments No comments
{count} votes

Accepted answer
  1. Azar 22,860 Reputation points MVP
    2024-04-08T19:30:15.6966667+00:00

    Hi there

    so lemme drop a few pointers to you.

    Firstly, your data is encrypted both at rest and in transit, using industry-standard encryption protocols. This means that even if someone intercepts your data while it's being transferred or stored, they won't be able to access it without the proper encryption keys.

    Access control is another key aspect of security in Azure Blob Storage. You can define who has access to your blobs using role-based access control (RBAC), allowing you to set fine-grained permissions for users and applications. Additionally, you can generate shared access signatures (SAS) to delegate temporary access to your blobs without sharing your storage account keys.

    Overall, Azure Blob Storage provides a very good set of security features to protect your data in the cloud. By leveraging these features and following best practices for data security, you can rest assured that your data is safe and secure in Azure Blob Storage.

    In short unless you allow it no one else can access the data inside.

    If this helps kindly accept the answer thanks much.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Amrinder Singh 5,155 Reputation points Microsoft Employee
    2024-04-08T19:16:21.7033333+00:00

    Hi @Ancy - Thanks for reaching out on Q&A Forum!

    Moving ahead, once the data is present in storage, unless you have allowed/configured anonymous access to the data, it can't be accessed by anyone. There are multiple authorization options such as Access keys, SAS token, Azure AD Auth etc which you can leverage to access the data ahead.

    With Access Keys, it allows you access to all the data and management plane operations too.

    With SAS, you can control the permission, resource and time for which the resource can be access.

    With Azure AD (recommended), this provides access based on roles and permission (which you can customize too)

    I would recommend you to start with review of the below links:

    https://learn.microsoft.com/en-us/azure/storage/common/authorize-data-access?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json

    https://learn.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-configure?tabs=portal

    Apart from these data auth permissions, you can also control the auth on the networking layer limited to certain IP, any VNET or even configure Private endpoints for more security.

    https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json&tabs=azure-portal

    Please find the below storage baselined which talks about various parameters in terms of identity, networking etc in order to get access to data.

    https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/storage-security-baseline?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json

    Overall, it depends on what auth mechanism are you sharing with others and to what level, depending upon that they can access the data in your storage account.

    Please let me know if this helpful or if you any further queries, will be glad to assist.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.