Tech firm Microsoft has made its service endpoints and firewalls available for its cloud service Azure Storage at no additional billing to its customers. Service endpoints provide direct connection from a network to an Azure service, such as storage, securing the data for the customer.
"These features (service endpoints and firewalls) are now available in all Azure public cloud regions and Azure Government. As part of moving to general availability, these are now backed by standard Service Level Agreements," Alan Stephenson, senior program manager, Azure Storage, wrote in a blog post.
According to Stephenson, customers often prefer multiple layers of security to help protect their data such as network-based access control as well as authentication and authorisation.
"We enable network-based access control. These new network-focused features allow the customer to define network access-based security ensuring that only requests from approved Azure virtual networks or specified public IP (Internet Protocol) ranges will be allowed to a specific storage account," Stephenson explained, adding that now customers can combine existing authorisation mechanisms with new network boundaries to better secure their data.
In order to enable virtual-network protection, customers need to first enable service endpoints for storage. "Service endpoints allow you to secure your critical Azure service resource to only your virtual network. Service endpoints also provide optimal routing for Azure traffic over the Azure backbone in scenarios where Internet traffic is routed through virtual appliances or on-premises," Stephenson said.
The users can allow access to one or more virtual networks in storage accounts, with the option of configuring to allow access to one or more public IP ranges.