Unlocking the 90-9-1 Rule for Security of your Azure Data Platform | Quisitive
Solutions
Integration & Consulting
Help you move, operate, innnovate and thrive within the Microsoft clouds.
Application Development
Data & Analytics
Artificial Intelligence (AI)
Business Applications
Security
Digital Workplace
Infrastructure
Product Development
Technology
Explore the full list of technologies that our expert consultants can support.
Azure
Microsoft Teams
Microsoft 365
Power Platform
Dynamics 365
Power BI
Microsoft Copilot
Power Apps
Azure OpenAI
Sharepoint
Microsoft Fabric
Microsoft Sentinel
Azure Synapse
Windows
SQL Server
ERP Technologies
System Center
Microsoft Viva
Azure Virtual Desktop
Business Needs
Departmental solutions to ensure cloud and technology enablement across every area of your business.
Sales & Marketing
Operations
Human Resources
Finance & Accounting
Customer Service
Localization Services
Help you translate software so you can capture new business worldwide.
Language Engineering & NLP
Translations & Localization
Licensing
Experts in Microsoft cloud licensing and optimizing costs for your business.
Products
EmPerform
Provide people managers with flexible employee performance management software.
Velocity Insights
Monitor, analyze, and prioritize .NET, JavaScript or Node JS errors – all on one dashboard.
AgeChecker.net
Ensure local and federal compliance with our age verification tool for retail.
PowerGov
Engage citizens with a community development app for city maintenance and management.
MazikCare
Embrace patient-centered, collaborative care with our suite of real-time health solutions.
Care Path
Care Provider Link
Care Supply
Payer Matrix
Data Fusion
AMS
Deliver on your cloud strategy with a team that continuously monitors, improves, and optimizes your Azure environment.
ShopFloor
Empower production managers with cutting-edge manufacturing process management.
Spyglass
Take a proactive, continuous approach to optimizing your security environment and strategy.
Managed Services
Azure Management Services
Deliver on your cloud strategy with a team that continuously monitors, improves, and optimizes your Azure environment.
App Dev Program
Ongoing enhancements, app security, DevOps and reporting for apps running in Azure.
Data & AI Program
Operational support for running, monitoring and managing services for the Azure Data Platform.
Dynamics Program
Ensure the health of your Dynamics environments, optimize usage and encourage user adoption.
Digital Workplace Program
Optimize Microsoft 365 security, usage and user adoption with our digital workplace experts.
Security Program
Take a proactive, continuous approach to optimizing your security environment and strategy.
Power Platform Program
Get an extension of your team that ensures the health of your Power Platform.
Industries
Manufacturing
Education
Public Sector
Financial Services
Healthcare
Energy
Retail
Software
Resources
Blogs
Case Studies
Library
Newsletters
Events
News
Learning Channels
About
Investors
Leadership
Microsoft
Our Approach
Our Partners
Our Story
Awards & Recognition
Careers
Support
Contact us
Solutions
Back
Solutions
Integration & Consulting
Application Development
Data & Analytics
Artificial Intelligence (AI)
Business Applications
Security
Digital Workplace
Infrastructure
Product Development
Technology
Azure OpenAI
Microsoft Copilot
Microsoft Fabric
Azure
Azure Synapse
Azure Virtual Desktop
System Center
SQL Server
Microsoft Sentinel
Microsoft 365
Sharepoint
Microsoft Teams
Microsoft Viva
Windows
Power Platform
Power BI
Power Apps
Dynamics 365
ERP Technologies
Business Needs
Sales & Marketing
Operations
Human Resources
Finance & Accounting
Customer Service
Localization Services
Language Engineering & NLP
Translations & Localization
Licensing
Products
Back
Products
EmPerform
AgeChecker.net
MazikCare
Care Path
Care Provider Link
Care Supply
Payer Matrix
Data Fusion
ShopFloor
Velocity Insights
PowerGov
AMS
Spyglass
Managed Services
Back
Managed Services
Azure Management Services
Data & AI Program
Digital Workplace Program
Power Platform Program
App Dev Program
Dynamics Program
Security Program
Industries
Back
Industries
Manufacturing
Healthcare
Education
Energy
Public Sector
Retail
Financial Services
Software
Resources
Back
Resources
Blogs
Events
Case Studies
News
Library
Learning Channels
Newsletters
Investors
Back
Investors
Financial Reports & Results
Investor News
Earning calls
Contact
Contact us
About
Back
About
Our Story
Investors
Microsoft
Leadership
Our Partners
Awards & Recognition
Our Approach
Careers
Support
Search
Back
Terms of use
Privacy policy
Feature Image for Azure Data Security Blog
Unlocking the 90-9-1 Rule for Security of your Azure Data Platform
April 8, 2020
Quisitive
explore how to leverage the 90-9-1 rule to get the most out of your Azure data security, and make sure your environment is built to last.

Over the years I’ve had the great privilege of working with some brilliant folks inside of Microsoft. One of their engineers, who became a mentor to me when I first started working within Microsoft Azure, gave me some advice that I took to heart and have followed ever since. What he told me was this: When it comes to the security of your Azure Data Platform, you need to adhere to the 90-9-1 rule.

Here’s how the 90-9-1 rule breaks down.

Let’s start with 90%.

As a data engineer, my mentor informed me that I am personally responsible for 90% of the security, design, and implementation of that Azure data platform. It’s up to me to ensure that the system is appropriately hardened.

Now, 90% sounds like a lot. It is a lot. But what he meant by that is that I’m responsible for making sure that the checkboxes are all checked. If I’m not an expert in one area, I need to ensure that I find an expert and that what needs to be done is done. I then go through a security threat model exercise to ensure that there are no gaps.

It also means that I need to be able to account for security, compliance, and privacy being baked into everything I’m designing and building. This includes data in flight, as well as encrypted data at rest. I have to make sure that the right people are provided appropriate access to data, and that others are restricted. It also accounts for building certain capabilities into the platform, such as enabling time-activated access for occasional users, such as consultants.

Next, we move to the 9%.

This 9% represents the security capabilities that Microsoft provides within the Azure platform. This includes all of the investments that Microsoft has made in terms of security and compliance in Azure, including AI and machine learning.

Here’s an example of what’s covered in this 9%. Let’s say a CEO logs into his company’s system at 2:00 pm. By leveraging the Advanced Threat Protection capability within Azure his connection is identified through the ISP that the login occurred within the Toronto area. At 2:03 pm, that same individual logs in from Taipei. Immediately understanding that there is physically no way to get from Toronto to Taipei in such a short span of time, the threat detection within Microsoft Azure flags the anomaly and drops the connection.

Microsoft’s security suite allows users to set up conditions, including anomalies like these that maybe haven’t been pre-planned for, reducing the risk of data exposure.

Now, for the 1%.

The 1% in this equation represents the data security professionals that work within an organization. These are the professionals who understand and manage critical data that has high business impact,

such as personally identifiable information, healthcare information, financial information, and regulations.

While 1% might seem minuscule in the equation, these professionals take on 99% of the work going on within an organization from a security perspective. Their role is vital to making sure an organization is protected and secure.

In fact, in my opinion it is critical for organizations to understand that these security professionals are brought in early and often in discussions on moving to the cloud. These individuals are often afterthoughts in the planning process, but their importance shouldn’t be underestimated. The data platform that I build and deploy has a dependency on these security and infrastructure teams, and the earlier they’re involved in what I’m doing, the better that migration will happen.

Understanding the 90-9-1 rule for your own Azure Data Platform is important before you begin migration. Who’s responsible for what pieces, where might there be gaps, and how can you best avoid a breach?

In today’s ever-evolving environment with increasingly savvy methods to illegally access data, breaches are happening with more frequency. Make sure that when it comes to security your company is covered the full 100%.

Want to learn more about how to make sure your data is secure in the cloud? Click here.

Related posts
|
Read more
A demo of Microsoft Clarity with the logo overlaid
Data & Analytics | 28 Mar
What is Microsoft Clarity? An Overview
Read more
Data & Analytics | 13 Mar
Event closed: Quisitive at Microsoft Fabric Community Conference 2024
Read more
Data & Analytics | 11 Oct
Quisitive Collaborates with Microsoft to Leverage New Healthcare Data Solutions in Microsoft Fabric
Read more