Hello! I’m Paul, a cloud security and solutions architect based in Florida with over 10 years of hands on experience in the IT field.
Reliable, driven, and resourceful, I'm also highly skilled in Google Cloud, networking, HTML, Python, Kubernetes, design, and Docker containers. Designing cloud security and infrastructure is my passion.
Cloud Native File Share
Starting off with the initial problem of an in office workforce moving to a permanent remote workforce due to Covid. This posed some issues like "how do we keep the data protected when the data is scattered in diffrent places.." (on prem and sharepoint). Easy right! Just create a cloud share, migrate the data, and give everyone access. Well no, that won't work because Azure file share supports SMB 3.0 over port 445 and that's great but, some ISPs still block that port. So, what do we do?
Well, as shown in the design, we need to create our storage accounts and file shares. I created a few storage accounts for different departments (HR and Accounting), allowing us to create private endpoints for each storage account with different subnets and DNS records. Next, we needed to create our virtual network gateway so our users can connect using a VPN client. We use Okta as our MFA client to prompt VPN users to enter multifactor authentication.
"With defense in depth, multiple layers of security are applied across the entire information technology infrastructure."
One more thing I wanted to mention is encryption. Azure storage accounts have encryption in transit enabled by default and all data stored in the file share is encrypted at rest. We then moved to migrating the data from various locations using powershell, Azure storage explorer, And other methods. So, with this set-up we have a layered defense approach using a secure tunnel with MFA, data is encrypted, seperate storage accounts with private endpoints on diffrent subnets, and all traffic being monitored. Some keypoints to remember:
- Azure file shares use MSB 3.0 over port 445 that some ISP block.
- Think security all the way through the design phase to keep the data safe.
- Monitor everything. We can't fix what we cant see.
Thank you for visiting and I hope this helps!