Securing Azure Database for MySQL, PostgreSQL, and MariaDB

Publicado em 20 março, 2018

Principal Program Manager, Azure Data

Selecting a secure cloud services provider is one of the most fundamentally important decisions customers make. Customers must build their applications and services upon a secure trusted foundation. Azure Database for MySQL, PostgreSQL, and MariaDB inherit a fundamentally proven trusted security architecture from Microsoft Azure. Azure has over 50 national, regional and industry specific compliance offering that Azure Database for PostgreSQL and Azure Database for MySQL leverage as part of Microsoft’s Trusted Cloud foundation of security, privacy, compliance, and transparency. To learn more and access additional resources, visit the Microsoft Trust Center. Azure Database for MySQL, PostgreSQL, and MariaDB protection starts with Azure network security. Azure networking provides Distributed Denial of Service (DDoS) protection at the network edge for all Azure services and all network traffic between Azure datacenters that stays on Azure’s global network and does not travel over the Internet. To learn more please read Yousef Khalidi's blog post on Azure network security.

Security for Azure Database for MySQL, PostgreSQL and MariaDB is built into the service as depicted above. Azure Database for MySQL, PostgreSQL and MariaDB share a common layered security model. Neither database service node is exposed directly to the Internet. The services sit behind Azure network protection and have their own gateway that securely establishes connections. Azure Database for PostgreSQL and Azure Database for MySQL support SSL connections. A new database service deploys with SSL connections defaulted to “on”. Visit these articles to learn how to configure SSL for MySQL, PostgreSQL, and MariaDB. Connections to the database services are protected further by configuring MySQL, PostgreSQL, and MariaDB native database firewalls. Native database authentication methods for MySQL, PostgreSQL and MariaDB are supported out of the box. All data stored by the service is secured via the Azure Storage Service through 256 bit AES encryption that is always on and cannot be turned off.

Azure Database for MySQL, PostgreSQL and MariaDB inherit network security and compliance from Microsoft Azure and provide a managed layered security model with DDoS protection, a secure gateway, SSL encrypted network traffic, native firewalls, native authentication, and finally all data is automatically encrypted by the service. Multiple new security features are planned for release in 2019. Check back often for new security feature announcements.