When bringing any new technology into an enterprise, security is of course a paramount concern. Let’s go “under the hood” and examine in detail how Akumina safeguards business information to provide a trusted infrastructure.
The Akumina AppManager and Service Hub provide the scalability and centralization service layers for the Akumina platform. They reside and execute within a Microsoft Azure account and as part of their function are in frequent contact with the Microsoft Graph, Office 365 APIs, and APIs or web service interfaces for other cloud or on-premises systems.
Microsoft Azure storage services provides client-side encryption as well as an encryption at rest technique to protect data that is transmitted and stored in Azure Storage such as Blob, File, Table, Queue, etc.
Security is of utmost importance to Akumina, and the encryption of tokens, access keys or other identifying information required for access to these systems is managed according to best practices from Microsoft Azure architects and consultants.
The Akumina AppManager and Service Hub provide a storage encryption layer built on top of Microsoft Azure Storage Services. The Akumina AppManager and Service Hub are designed to support custom, client-side and server-side encryption techniques using a simple configuration.
To begin work with Azure storage we need a connection string. The connection string can be stored within code or in locations such as web.config, app service settings, etc. Alternatively, the connection string may be stored in the Azure key vault, but to access the key vault the code still needs credentials such as Client ID, Client Secret, etc. Azure Managed Service Identity (MSI) solves this issue by automatically creating identity for the service instance in the Azure AD tenant.
Client-Side Encryption using Envelope techniques
Data can be encrypted using Azure Storage client library prior to sending the data to the Azure Storage.
References
https://docs.microsoft.com/en-us/azure/active-directory/msi-overview#which-azure-services-support-managed-service-identity
https://docs.microsoft.com/en-us/azure/security/azure-security-encryption-atrest