DevOps policies: provision access at-scale for IT operations users while limiting insider threats
Вставка
- Опубліковано 28 лип 2024
- This video is a quick demo of DevOps policies explaining what they are and their benefits.
Use Microsoft Purview DevOps policies to provision IT operations personnel access to database system metadata, so that they can monitor performance, health and audit security, while limiting the insider threat. Microsoft Purview DevOps policies are currently supported on Azure SQL Database and SQL Server 2022 (Arc-enabled).
Data is at the core of any modern process. To continue to operate, organizations must ensure the integrity and high availability of their databases. At the same time, critical IP, customer, and employee information must be protected by ensuring appropriate visibility and to preserve user privacy. Microsoft Purview DevOps policies structure the process of granting and revoking access to system metadata views like DMVs and DMFs. These are SQL queries that return information about model objects, server and database performance, as well as server health. DevOps policies provide IT operations personnel and other DevOps users access to the information they need to keep databases running and secure. Access is provisioned from the Microsoft Purview portal, replacing the need for administrators with privileged accounts to configure that access locally, that is, at each SQL Server. Limiting the use of privileged accounts is key to curb the insider threat. Since access is granted centrally, it can be easily reviewed by auditors. Access that is no longer needed can be easily identified and removed. DevOps policies follow the Principle of Least Privilege (PoLP). DevOps policies support policies on entire resource groups and subscriptions, which means they can be enforced uniformly by all SQL servers inside that resource group or subscription. Less expertise is required without compromising security.
Relevant links:
• Microsoft Purview Data policy app: aka.ms/Microsoft-Purview-Data...
• DevOps policies blog: aka.ms/Microsoft-Purview-DevO...
• DevOps policies documentation: aka.ms/MicrosoftPurviewDevOps...
Try our latest Private Preview: DevOps policies for Azure SQL Managed Instance:
forms.office.com/r/6yPAGDwda0 - Наука та технологія
