Data Professional Security Checklist

I have created a security checklist for all data professionals working in Azure. Either you are a data engineer, data scientist or an architect, you will find useful tips.

I share practical tips to help you with:

  • User and credentials management
  • Encryption at rest and in motion
  • Configuration 
  • Malware and patching
  • Cross-site scripting
  • 3rd party components
  • Protect against DDoS
  • Other attack and recommendations

Download the security checklist and don't risk your reputation with crappy implementation.

It's good to learn from your mistakes. It's better to learn from other peoples's mistakes

Warren Buffett

In 2017, the Equifax, an American credit reporting agency, announced a data breach. They exposed the personal information of 147 million people.

The hackers looked for exposed assets. A public facing web server without the latest patch was a perfect victim. The attackers accessed internal Equifax servers by using Apache Struts security exploit.

Having access to internal network does not yet mean access to data. The next attack vector used against Equifax was compromising employee credentials. Finding a server with usernames and passwords was a breeze.

Access to internal network and weak credentials opened up the Equifax's databases. Under the guise of an authorized user, the attackers proceeded following steps:

  • Performed 9000 scans of the databases 
  • Extracted information into small temporary archives 
  • Downloaded data from the Equifax servers 
  • Removed the temporary archives once completed

Unpatched servers, weak passwords and loose network led to losing protected data. 

Saying "I am sorry" was not enough

Equifax has to pay up to $700 million in fines as part of a settlement with federal authorities over a data breach.

How is this relevant to you?

Either you run a public facing website, a data lake or data science platform, you have to take care of:

  • Firewall
  • Encryption at rest
  • Encryption in transit
  • Authorization
  • Authentication
  • Password and key management
  • Patching and updates
  • Azure configuration
  • Networking
  • Cross-site scripting
  • Deployment
  • Hundreds of other nitty-gritty details

Hopefully you don't forget about something. That would be expensive... (see the Equifax story above).

To ensure I don't forget about tiny configuration details, I always follow the security checklist

- “Valdas, who gets fired in case of a data breach? – my lead engineer asked me out of the blue

- “Has anything happen?!” - some words increase the cortisol (stress hormone) level and a heart rate, “data breach” is one of them

- “No. I am curious. We build data pipelines. We configure network and firewall. There is no one else with Azure experience to review it”

- “Well… There is a security department… But we are the ones building everything.” - I mumbled

In 2017, McAfee, an American global computer security software company, did a survey among IT security leaders. They asked the same question.

Check out my latest blog post to find answers to:

  • Who gets laid off in case of a data leakage?
  • How does security responsibilities divide between you and a cloud provider?
  • What is the role of IT security?

AUTHOR

Valdas Maksimavičius

I am a software architect specializing in data analytics and cloud computing with ten years of experience. I have been using Azure Cloud components since 2014.

For the last five years, I have been leading Data Engineering teams using the latest Azure Data and AI services. I worked on Data Lake and Data Science platform implementations for various sectors in the Nordics.

I enjoy sharing my lessons learned at conferences and meetups. I am a founder of Vilnius Microsoft Data Platform Meetup and a frequent speaker at IT conferences.

.