Microsoft Idea

BYOD & Data Lake Security

Sunil Garg on 3/4/2019 10:36:42 PM

There should be a better way for us to secure the communication from Finance and Operations to Azure SQL or Azure Data Lake. Currently the communication happens over the default port 1433, and although we are able to configure a network security group (NSG) to the IP range for the Azure Region in which our F&O is is hosted. Although this removes the public threat, this leaves crucial business data open to threats originating from within Azure. For example, if any virtual machine is compromised within Azure and runs an exploit against the Azure SQL/Data Lake it may gain access. The alternative would be a way to limit access to just our F&O instance to greatly limit the threat. Azure supports such access using VNET peering or VPNs.

https://dagfileshare01.blob.core.windows.net/public-blob-dag-calafell/FO to ASQL.png

Please provide a better way to secure critical business data.

STATUS DETAILS

Needs Votes

Comments

RE: BYOD & Data Lake Security

on 9/1/2021 2:18:06 PM

I agree with Mathie Tessier - it's ludicrous that this is even something we're having to vote for! There's a massive security hole here.

Category: Data Management

RE: BYOD & Data Lake Security

Mathieu Tessier on 1/19/2021 11:44:32 PM

You don't need to compromise a VM in Azure, you can just create your own VM and run an exploit from there.

I don't understand why this should be voted. That should be a major concern for Microsoft without having the community to vote for it.

Category: Data Management

RE: BYOD & Data Lake Security

Mikkel Sjørslev on 1/12/2021 11:14:43 AM

If you need a BI solution, that draws data from multiple sources including D365FO. BYOD/Data Lake is the only option. However, you do not want to publish your BI solution directly on the Internet, protected only by a simple username and password.

Category: Data Management