Securing Azure Database for MySQL and Azure Database for PostgreSQL
Selecting a secure cloud services provider is one of the most fundamentally important decisions customers make. Customers must build their applications and services upon a secure trusted foundation. Azure Database for PostgreSQL and Azure Database for MySQL inherit the fundamentally proven trusted security architecture from Microsoft Azure. Azure has over 50 national, regional and industry specific compliance offering that Azure Database for PostgreSQL and Azure Database for MySQL leverage as part of Microsoft’s Trusted Cloud foundation of security, privacy, compliance, and transparency. To learn more and access additional resources, visit the Microsoft Trust Center. Azure Database for PostgreSQL and Azure Database for MySQL protection starts with Azure network security. Azure networking provides Distributed Denial of Service (DDoS) protection at the network edge for all Azure services and all network traffic between Azure datacenters that stays on Azure’s global network and does not travel over the Internet. To learn more please read Yousef Khalidi's blog post on Azure network security.
Security for Azure Database for PostgreSQL and Azure Database for MySQL is built into the service as depicted above. Azure Database for PostgreSQL and Azure Database for MySQL share a common layered security model. Neither database service node is exposed directly to the Internet. The services sit behind Azure network protection and have their own gateway that securely establishes connections. Azure Database for PostgreSQL and Azure Database for MySQL support SSL connections. A new database service deploys with SSL connections defaulted to “on”. Visit these articles to learn how to configure SSL for PostgreSQL and MySQL. Connections to the database services are protected further by configuring PostgreSQL and MySQL native database firewalls. Native database authentication methods for PostgreSQL and MySQL are supported out of the box. All data stored by the service is secured via the Azure Storage Service through 256 bit AES encryption that is always on and cannot be turned off.
Azure Database for PostgreSQL and Azure Database for MySQL inherit network security and compliance from Microsoft Azure and provide a managed layered security model with DDoS protection, a secure gateway, SSL encrypted network traffic, native firewalls, native authentication, and finally all data is automatically encrypted by the service. Multiple new security features are planned for release in 2018. Check back often for new security feature announcements.
Source: Azure Blog Feed