![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 38%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJC%3C/text%3E%3C/svg%3E)
Azure Databricks
An Apache Spark-based analytics platform optimized for Azure.
2,080 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 70%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Hello @javier cohenar and welcome to Microsoft Q&A.
It sounds like both of your have assets you do not want revealed to each other. Their sensitive data, and your algorithm/process.
When both sides belong to the same party, the process would pull data. However in your case, I think it might make more sense if you built an application / endpoint where the client either uploads their data file to your storage, or, the client provides you with a SAS Token to read their data. The benefit of this case, is putting the client in control of exactly what data files are shared. This also keeps the processing all on your side. Event Grid or Blob Trigger can be used to tell the algorithm to start when the Token is provided or blob is uploaded.
If the sensitive information is also incorporated into the data files, then you may need data masking. Data masking hides some portion of the data. Data masking may be worth a separate conversation. Masking in Databricks Masking in Data Factory SQL Dynamic Masking
If the client uploads data to your storage, you should consider what policies or regulations to comply with regarding data privacy and data retention, etc. Also, depending on volume of data, uploading might not be the best choice.
SAS Token can be used to access more than a single file, depending upon setup, it could point to an entire folder. SAS is also time-bound giving more control to the client.
There is also the question of where to store or make available the output of your algorithm. It could be in your blob container, and the client sent a SAS Token to retrieve from your account. Or the client could provide a SAS Token to write output into their container. Similar policy questions apply here.
There is another service to look into Azure Data Share. I do not know if it would be appropriate, depends on sensitivity.
These are high level ideas, and are intended as inspiration towards your own solution, rather than a prescriptive answer. More ideas can be found at the Azure Architecture center.