While using somebody else's computer a.k.a Cloud we need to keep security first as principle. Talking about my current Love i.e Azure. In recent times it has provided really cool controls to help. I am strong supporter of Private endpoints with customer managed DNS.
However private endpoints are not always possible (maturity) and fall back available is PaaS Firewall/service endpoints/Allow Azure services option. Few weeks ago a new preview feature got released for Storage only called "Resource Instances". I won't go in detail as its very well documented.
I would recommend you casting eyes on this option of securing your service as its a Point-to-Point communication between your resources by utilising Azure backbone as its exposure and thats within your tenant.
Care should be taken as it can go across resource group/ subscription. Obviously you won't still cross environments for business resources i.e dev resource talking to dev storage account vice vera and not connecting dev ->prod resource.
Comments
Post a Comment