Blob storage is a type of cloud storage for unstructured data, like images, videos, or documents, where data is stored as "blobs" (Binary Large Objects) in a non-hierarchical structure, allowing for scalable and cost-effective storage.?In today's world where everything revolves around data, managing and storing vast amounts of data is the priority of every business operation. Azure Blob Storage, is one of the services offered by Microsoft Azure's cloud computing platform, which is a scalable and cost-effective solution for storing and managing unstructured data, such as images, videos, documents, files, and backups.
Some benefits of Azure blob storage are mentioned below:
- Scalability: Azure blob storage provides high scalability, allowing to store and manage a maximum up to 200GB of data, which can be easily scaled up and down to meet your changing demands.
- Durability and Data Redundancy: Azure Blob Storage always stores multiple copies of your data so that it's protected from any uncertain events, including any hardware failures, outages, and massive natural disasters. Data Redundancy features ensure that data is always available and protected through multiple redundancy options such as Zone Redundant Storage (ZRS), and Local Redundant Storage (LRS).
- Security: Azure Blob Storage provides security features, including encryption at rest and in transit. Azure Blob Storage along with Azure AD helps in authorizing requests to blob data. This allows to give permission-based access to users, groups, or any application service principals.
- Access Tiers: You can choose from different access tiers based on your data's access patterns such as how frequently or infrequently you will need the data and cost considerations. These different access tiers are classified as Hot, Cool, Cold, and Archive each with different characteristics and pricing models.
- Lifecycle Management: This helps to set up policies to move or delete the data as per requirement. For example, it can help to move the data from frequent access to infrequent access let say after five years when the access of data will get lower for our use.
- Integration: Azure Blob Storage allows to integrate with other Azure services and tools, such as Azure Data Factory & Azure Functions.
- Encryption at rest: Azure blob storage provides encryption of data by either Microsoft managed keys or Customer provided keys. These data are encrypted using 256 bit AES encryption process.
- Encryption at Transit: This security feature makes sure that data during transit is securely encrypted and protected from any tampering. Allows transfer of data only with https traffic with REST API calls.
- Secure Communication: Azure blob storage security allows to communicate on-premise networks by allowing access to approved and authorized subnet ranges or IP addressed.
- Private Endpoints: This enables the user or client to connect to the storage account over virtual network and private link on Microsoft network. Also, enable storage firewall to block all connection over public endpoints.
- Authentication by Azure Roles-Based Access Control (RBAC): Built-in and custom roles defining permissions can be set to access blob storage. Its scope can be Resource group, storage account or container.
- Authorization by Attribute-Based Access Control(ABAC): In this access is controlled using role-assignment conditions based on principal, resources, environment attributes.
The best practice for using Azure blob storage includes best security measure we must take to ensure smooth functioning of it:
- It is important to choose the best tier for your storage, keeping into consideration about the access pattern and your budget.
- We will always wish to protect our data from any disaster(can be man-made or natural). It is necessary to use Zone redundancy or Geo redundancy or Local redundancy for durability of data.
- It is a best practice to enable versioning to keep different versions of the files in order to rollback in case of requirement or protect against accidental overwrites.
- It is important to enable immutability option to protect data from any kind intended or accidental modification/deletion of data.
- If the data is used for back-up or have any critical data make sure you do not enable public access.
- It is important to give specific access by policy based or role based permission.
- Make sure in encryption, you encrypt your data with customer managed keys or Microsoft managed keys.
- Give proper lifecycle policy to make sure your data is moved from one tier to another in specific period of time, and are deleted after specified period of time only.
