1
00:00:00,710 --> 00:00:01,900
In this lesson,

2
00:00:01,900 --> 00:00:06,060
we are going to talk about "Managing Sensitive Information".

3
00:00:06,060 --> 00:00:07,670
Now, before we get into the lesson,

4
00:00:07,670 --> 00:00:08,940
first you need to understand

5
00:00:08,940 --> 00:00:11,550
that this is an odds and ends lesson.

6
00:00:11,550 --> 00:00:13,210
And over the next couple of sections,

7
00:00:13,210 --> 00:00:16,000
you're probably going to hear me say that several times.

8
00:00:16,000 --> 00:00:18,510
Basically, there are some exam requirements

9
00:00:18,510 --> 00:00:19,890
that Microsoft has listed

10
00:00:19,890 --> 00:00:22,587
that don't really fit into the natural flow

11
00:00:22,587 --> 00:00:24,930
as we talk about things like Synapse

12
00:00:24,930 --> 00:00:27,340
or Data Factory or whatever.

13
00:00:27,340 --> 00:00:29,800
And so it's kind of an odds and ends lesson.

14
00:00:29,800 --> 00:00:31,630
It is something you need to be aware of.

15
00:00:31,630 --> 00:00:32,790
It's not something that you need

16
00:00:32,790 --> 00:00:34,230
to spend all that much time on,

17
00:00:34,230 --> 00:00:36,590
because it's probably a pretty small requirement

18
00:00:36,590 --> 00:00:37,890
on the exam.

19
00:00:37,890 --> 00:00:40,230
At least that is a good assumption to make.

20
00:00:40,230 --> 00:00:42,660
So in this lesson, we're going to be talking

21
00:00:42,660 --> 00:00:45,710
about some tips to help you secure your environment.

22
00:00:45,710 --> 00:00:47,530
Included in that, we're going to talk about tags,

23
00:00:47,530 --> 00:00:51,170
and isolation, and monitoring, and encryption, and RBAC.

24
00:00:51,170 --> 00:00:54,050
All concepts that you should have some familiarity with,

25
00:00:54,050 --> 00:00:56,900
because we've been talking about them in this course.

26
00:00:56,900 --> 00:00:59,980
So with that, let's get started.

27
00:00:59,980 --> 00:01:01,920
First thing, tagging.

28
00:01:01,920 --> 00:01:03,620
As we talk about tagging,

29
00:01:03,620 --> 00:01:06,350
have you developed a tagging scheme?

30
00:01:06,350 --> 00:01:08,820
In your tagging scheme, you need to be thinking about

31
00:01:08,820 --> 00:01:12,650
how you want to design tagging for your environment.

32
00:01:12,650 --> 00:01:15,450
Some good options for you could be workload name,

33
00:01:15,450 --> 00:01:19,180
or criticality, or business unit, or owner.

34
00:01:19,180 --> 00:01:21,980
So we could have it built based upon:

35
00:01:21,980 --> 00:01:25,110
these are super-critical, these are non-essential.

36
00:01:25,110 --> 00:01:26,400
Or we could have it built on:

37
00:01:26,400 --> 00:01:29,040
these are resources used by Accounting,

38
00:01:29,040 --> 00:01:31,467
and this is resources used by Marketing.

39
00:01:31,467 --> 00:01:34,820
Whatever you choose, you need to have a consistent scheme

40
00:01:34,820 --> 00:01:37,970
that is well thought-out and that is scalable.

41
00:01:37,970 --> 00:01:39,482
Scalable is very important,

42
00:01:39,482 --> 00:01:42,313
because you may have 5 resources now,

43
00:01:42,313 --> 00:01:43,865
but as your business grows,

44
00:01:43,865 --> 00:01:47,030
you may have hundreds or even thousands

45
00:01:47,030 --> 00:01:50,700
of different resources within Azure subscriptions.

46
00:01:50,700 --> 00:01:53,020
So keep that in mind.

47
00:01:53,020 --> 00:01:55,050
Next, isolation.

48
00:01:55,050 --> 00:01:58,070
Separate subscriptions and management groups.

49
00:01:58,070 --> 00:02:00,398
I'll say this again a couple of times in the course.

50
00:02:00,398 --> 00:02:02,460
Subscriptions and management groups

51
00:02:02,460 --> 00:02:04,230
should be set in isolation,

52
00:02:04,230 --> 00:02:07,150
and this is part of that defense in depth.

53
00:02:07,150 --> 00:02:09,450
Basically, you don't want to give someone access

54
00:02:09,450 --> 00:02:11,400
to everything that you have

55
00:02:11,400 --> 00:02:15,880
if there's a breach of security in some facet or form.

56
00:02:15,880 --> 00:02:18,190
If you've separated subscriptions out,

57
00:02:18,190 --> 00:02:19,810
the worst that someone could do is

58
00:02:19,810 --> 00:02:21,750
break into your dev subscription,

59
00:02:21,750 --> 00:02:24,730
or your production subscription even,

60
00:02:24,730 --> 00:02:27,010
but still, it's at least a little bit separated,

61
00:02:27,010 --> 00:02:29,330
and even more so if you've broken it out by,

62
00:02:29,330 --> 00:02:31,380
this is my Accounting subscription, right?

63
00:02:31,380 --> 00:02:33,561
So make sure that you have isolation

64
00:02:33,561 --> 00:02:36,603
built into your environment.

65
00:02:38,340 --> 00:02:40,710
Next, monitoring.

66
00:02:40,710 --> 00:02:44,040
You do have an Azure Monitor plan, right?

67
00:02:44,040 --> 00:02:45,590
You should be thinking about that.

68
00:02:45,590 --> 00:02:48,280
You should be using Azure Monitor, and most likely,

69
00:02:48,280 --> 00:02:50,840
you should be using something like Log Analytics.

70
00:02:50,840 --> 00:02:53,100
Don't forget about monitoring.

71
00:02:53,100 --> 00:02:54,390
Third-party solutions.

72
00:02:54,390 --> 00:02:57,281
You should be looking at third-party solutions, looking at

73
00:02:57,281 --> 00:03:01,210
something like Site24x7, or DataDog, or Dynatrace.

74
00:03:01,210 --> 00:03:02,902
There are tons of different solutions,

75
00:03:02,902 --> 00:03:06,850
but it may provide you an additional level of monitoring,

76
00:03:06,850 --> 00:03:09,376
especially if you're talking about hybrid environments

77
00:03:09,376 --> 00:03:11,900
or environments that are multi-cloud.

78
00:03:11,900 --> 00:03:13,540
Some of these third-party solutions

79
00:03:13,540 --> 00:03:15,303
can be pretty fantastic for that.

80
00:03:16,280 --> 00:03:17,440
Encryption.

81
00:03:17,440 --> 00:03:21,090
You need to be encrypting data at rest and in transit.

82
00:03:21,090 --> 00:03:22,530
Don't forget about multi-cloud

83
00:03:22,530 --> 00:03:24,560
and hybrid scenarios here as well.

84
00:03:24,560 --> 00:03:28,020
It's quite possible that your Azure resources are secure,

85
00:03:28,020 --> 00:03:31,650
but your hybrid resources, or your multi-cloud resources,

86
00:03:31,650 --> 00:03:35,010
something in another cloud, may not be as secure

87
00:03:35,010 --> 00:03:37,760
and may create vulnerabilities within your system.

88
00:03:37,760 --> 00:03:40,430
Make sure that you have a holistic approach

89
00:03:40,430 --> 00:03:42,720
as you look at encryption.

90
00:03:42,720 --> 00:03:44,050
That includes RBAC.

91
00:03:44,050 --> 00:03:46,790
This is preferred across all Azure resources.

92
00:03:46,790 --> 00:03:50,240
Make sure you are using your identity access management.

93
00:03:50,240 --> 00:03:52,160
Make sure that you are defining roles

94
00:03:52,160 --> 00:03:53,410
not just for your employees,

95
00:03:53,410 --> 00:03:56,010
but also for guests or contractors

96
00:03:56,010 --> 00:03:58,690
that may be interacting with your environment.

97
00:03:58,690 --> 00:04:00,620
This provides a really easy way for you

98
00:04:00,620 --> 00:04:04,360
to shut down access or manage who has access

99
00:04:04,360 --> 00:04:05,823
based upon their role.

100
00:04:08,010 --> 00:04:11,395
Some key points to remember as we round out this lesson.

101
00:04:11,395 --> 00:04:13,470
When you're viewing data management,

102
00:04:13,470 --> 00:04:17,142
take a holistic approach. Think about, holistically,

103
00:04:17,142 --> 00:04:19,350
what are you trying to accomplish?

104
00:04:19,350 --> 00:04:21,190
That folds into security.

105
00:04:21,190 --> 00:04:23,890
That folds into data management

106
00:04:23,890 --> 00:04:26,420
as far as in movement and transformation.

107
00:04:26,420 --> 00:04:30,540
That folds into cost and optimization.

108
00:04:30,540 --> 00:04:32,800
Take a holistic approach.

109
00:04:32,800 --> 00:04:34,970
Don't just jump into development.

110
00:04:34,970 --> 00:04:37,360
This is something that's actually really helpful

111
00:04:37,360 --> 00:04:39,220
from a contractor perspective.

112
00:04:39,220 --> 00:04:44,210
Make sure that you have a plan for your data management,

113
00:04:44,210 --> 00:04:46,110
again, as a whole.

114
00:04:46,110 --> 00:04:48,340
And don't forget about the business.

115
00:04:48,340 --> 00:04:50,460
It's really easy, from an IT perspective,

116
00:04:50,460 --> 00:04:53,080
to jump in to the weeds and start thinking

117
00:04:53,080 --> 00:04:54,516
about the technical solutions

118
00:04:54,516 --> 00:04:57,419
while forgetting about the actual business need,

119
00:04:57,419 --> 00:04:59,640
which is what you're there to solve.

120
00:04:59,640 --> 00:05:00,960
So make sure that you're thinking

121
00:05:00,960 --> 00:05:03,580
about the business need first, and then creating

122
00:05:03,580 --> 00:05:07,380
a holistic plan before you just jump into development,

123
00:05:07,380 --> 00:05:09,410
and start thinking about what schema you need.

124
00:05:09,410 --> 00:05:11,320
So just a couple of key points to remember.

125
00:05:11,320 --> 00:05:14,770
From the DP-203 perspective, there's not a whole lot here.

126
00:05:14,770 --> 00:05:15,870
I'm just going to be honest with you.

127
00:05:15,870 --> 00:05:19,350
These are more general concepts of data management.

128
00:05:19,350 --> 00:05:22,800
These are listed as requirements on the DP-203, however,

129
00:05:22,800 --> 00:05:24,250
so there you go.

130
00:05:24,250 --> 00:05:27,020
Beyond the DP-203, however, there is a ton

131
00:05:27,020 --> 00:05:30,110
of good information here that you need to know

132
00:05:30,110 --> 00:05:33,170
as you step into your data management role.

133
00:05:33,170 --> 00:05:34,728
So with that, let's end this lesson,

134
00:05:34,728 --> 00:05:36,373
and I'll see you in the next.