Azure Storage Security

Hello everyone,

I’d like to address a sensitive topic related to platform security.

By default, the board servers are connected to Azure Shared Storage as part of the cloud configuration. In this setup, anyone with the SAS (Shared Access Signature) key can access the Azure Shared Storage. I'm referring specifically to the default configuration here.

Now, consider a scenario where a project member who previously had access to the Azure storage via the SAS key leaves the project or the organization.

How can we ensure that this person no longer has access to the shared storage?
What are the best practices in this area, and how can we make sure that the organization's data remains fully secure?

Thank you in advance for your insights.

Find more posts tagged with

Usage

Configure

Board 14

Accepted answers

All comments

Crystal Zhao

Hi Fethi,

That's a great thought. The cloud storage SAS URI is something that I believe the Cloud Ops team can reset/reconfigure if you were to put in a ticket/request for it.

Edward

Hi Fethi,

Agreed, there are a few ways to limit access, however they are all on the Microsoft side as opposed to anything controlled by Board.

Our solution was to create a synced folder that was controlled on our end and then use the various access controls that Microsoft provide. We also utilise Azure Copy to move files from the shared storage to other depositories for other systems to pick up.

The easiest solution however is that anything sensitive should be regularly deleted (can be automated), or if access is not needed sent to the D:\ drive as opposed to the Z:\ drive.