Azure Blob Storage

Azure Blob Storage is a cloud-based object storage service a part of Azure storage service provided by Microsoft Azure. It is designed to store and manage large amounts of unstructured data (Unstructured data are the data that do not align with any kind of data model such as binary data) making it ideal for a wide range of applications, including media storage, data backup, and log files. These are easily accessible through Azure storage API. Users can even access objects in Blob storage via HTTPS from any corner of the world. It is widely used for its benefits, which are discussed below.

Benefits of Azure Blob Storage

Some benefits of Azure blob storage are mentioned below:

• Scalability: Azure blob storage provides high scalability, allowing to store and manage a maximum up to 200GB of data, which can be easily scaled up and down to meet your changing demands.

• Durability and Data Redundancy: Azure Blob Storage always stores multiple copies of your data so that it's protected from any uncertain events, including any hardware failures, outages, and massive natural disasters. Data Redundancy features ensure that data is always available and protected through multiple redundancy options such as Zone Redundant Storage (ZRS), and Local Redundant Storage (LRS).

• Security: Azure Blob Storage provides security features, including encryption at rest and in transit. Azure Blob Storage along with Azure Active Directory (Azure AD) helps in authorizing requests to blob data. This allows to give permission-based access to users, groups, or any application service principals.

• Access Tiers: You can choose from different access tiers based on your data's access patterns such as how frequently or infrequently you will need the data and cost considerations. These different access tiers are classified as Hot, Cool, Cold, and Archive each with different characteristics and pricing models.

• Lifecycle Management: This helps to set up policies to move or delete the data as per requirement. For example, it can help to move the data from frequent access to infrequent access let say after five years when the access of data will get lower for our use.

• Integration: Azure Blob Storage allows to integrate with other Azure services and tools, such as Azure Data Factory and Azure Functions.

Security Features of Azure Blob Storage

• Encryption at rest: Azure blob storage provides encryption of data by either Microsoft managed keys or Customer provided keys. These data are encrypted using 256-bit AES encryption process.

• Encryption at Transit: This security feature makes sure that data during transit is securely encrypted and protected from any tampering. Allows transfer of data only with https traffic with REST API calls.

• Secure Communication: Azure blob storage security allows to communicate on-premises networks by allowing access to approved and authorized subnet ranges or IP addressed.

• Private Endpoints: This enables the user or client to connect to the storage account over virtual network and private link on Microsoft network. Also, enable storage firewall to block all connection over public endpoints.

• Authentication by Azure Roles-Based Access Control (RBAC): Built-in and custom roles defining permissions can be set to access blob storage. Its scope can be Resource group, storage account or container.

• Authorization by Attribute-Based Access Control (ABAC): In this access is controlled using role-assignment conditions based on principal, resources, environment attributes.

Best Practices for Using Azure Blob Storage

The best practice for using Azure blob storage includes best security measure we must take to ensure smooth functioning of it:

• It is important to choose the best tier for your storage, keeping into consideration about the access pattern and your budget.

• We will always wish to protect our data from any disaster(can be man-made or natural). It is necessary to use Zone redundancy or Geo redundancy or Local redundancy for durability of data.

• It is a best practice to enable versioning to keep different versions of the files in order to rollback in case of requirement or protect against accidental overwrites.

• It is important to enable immutability option to protect data from any kind intended or accidental modification/deletion of data.

• If the data is used for back-up or have any critical data make sure you do not enable public access.

• It is important to give specific access by policy based or role based permission.

• Make sure in encryption, you encrypt your data with customer managed keys or Microsoft managed keys.

• Give proper lifecycle policy to make sure your data is moved from one tier to another in specific period of time, and are deleted after specified period of time only.