🐅
RK Azure
  • ⚓Azure Tutorial
  • ✈️Azure Databricks
    • 🆒Deployment Steps
    • 🏍️Deployment Steps - NoPIP
    • 🐯Secure your Azure Databricks environment
    • ⛱️Azure Databricks Components
    • 🛩️Cloud Security Baseline for Azure Databricks
  • 🏍️Azure Data Factory
    • 🆒Deployment Steps
    • ⏳Secure your Azure Data Factory
    • ✈️Cloud Security Baseline for Azure Data Factory
  • 💣Azure Data Lake Storage Gen2
    • 📦Secure Your Azure Data Lake Storage Gen2
    • 🆒Deployment Steps
    • ✈️Cloud Security Baseline for Azure Data Lake Storage Gen2
  • 🛳️Azure Kubernetes Service (AKS)
    • 🪂Secure Your Azure Kubernetes Service (AKS)
    • ✈️Cloud Security Baseline for Azure Kubernetes Service (AKS)
    • 🧶Creating an Azure Kubernetes Service (AKS) Cluster: A Step-by-Step Guide
  • 🥦Azure Infrastructure as Code (IaC)
    • 💘Secure Your Azure Infrastructure as Code (IaC)
    • ✈️Cloud Security Baseline for Azure Infrastructure as Code (IaC)
  • 🛰️Azure DevOps
    • 🐯Secure your Azure DevOps environment
    • 🛩️Cloud Security Baseline for Azure DevOps
  • 🚢Azure OpenAI
    • ✈️Security Risks for Azure OpenAI
    • 🚔Cloud Security Baseline for Azure OpenAI
    • 🆒Deployment Steps
    • ⌛Use your own data with Azure OpenAI
    • 🚀Utilize prompt engineering in your app
    • Azure OpenAI - App Using Microsoft Entra ID
  • 🍏Azure AI Studio
    • 🍎Secure your Azure AI Studio
    • 🍐Cloud Security Baseline for Azure AI Studio
  • 🍊Azure ML
    • 🍋Secure your Azure ML
    • 🍌Cloud Security Baseline for Azure ML
  • 🍉Azure Container Registry
    • 🍇Secure your Azure Container Registry
    • 🍓Cloud Security Baseline for Azure Container Registry
  • 🍈Azure Data Science VM
  • 🍒Azure Automation
    • 🥭Secure your Azure Automation
    • 🫐Cloud Security Baseline for Azure Automation
  • 🚉Azure AI Document Intelligence
    • 🥌Cloud Security Baseline for Azure AI Document Intelligence
    • 🐝Secure your Azure AI Document Intelligence
  • 🗣️Azure AI Search
    • 🔍Cloud Security Baseline for Azure AI Search
    • Secure your Azure AI Search
    • 🦕Azure Open AI: Setup Azure AI Search Solution
  • 🌤️Generative AI Solutions with Azure OpenAI
    • 🦕Deployment
    • Useful Links
  • 🍎Azure Logic Apps
    • 🗣️Cloud Security Baseline for Azure Logic Apps
    • 🪖Deployment Steps
  • 👩‍💼Azure API Management
    • 🪖Cloud Security Baseline for Azure API Management
      • 🌤️Deployment Steps
    • 👓Deployment
  • 🔮Azure AI Hub
    • How to Deploy an Azure AI Hub Step-by-Step
  • 🕢Azure Event Hub
    • 🛫Deployment Steps
  • Azure Container Apps environments
    • Deploying an Azure Container Apps Environment in a VNet
  • Page 1
  • 🕎Labs
    • Develop custom copilots with Azure AI Studio
      • 🙅‍♂️Fine-tuning
Powered by GitBook
On this page
  1. Azure OpenAI

Cloud Security Baseline for Azure OpenAI

Minimum Security Baseline for Azure OpenAI

1. Identity and Access Management (IAM)

  • Use Azure Active Directory (AAD) Integration

    • Action: Integrate Azure OpenAI with Azure Active Directory (AAD) for centralized identity management.

    • Recommendation: Ensure all users authenticate through AAD and enable single sign-on (SSO) for seamless and secure access.

  • Implement Role-Based Access Control (RBAC)

    • Action: Define and assign roles based on the principle of least privilege.

    • Recommendation: Regularly review and update role assignments. Use built-in roles to manage permissions effectively.

  • Enable Multi-Factor Authentication (MFA)

    • Action: Require MFA for all users accessing Azure OpenAI resources.

    • Recommendation: Enforce MFA through AAD policies to protect against credential theft and unauthorized access.

2. Data Security

  • Encrypt Data at Rest and in Transit

    • Action: Use Azure-managed encryption keys or customer-managed keys to encrypt data.

    • Recommendation: Ensure all data stored and transmitted is encrypted using industry-standard encryption algorithms.

  • Implement Data Masking and Anonymization

    • Action: Apply data masking techniques to protect sensitive data used in training or inference processes.

    • Recommendation: Use Azure Data Masking features to anonymize sensitive information.

  • Use Secure Data Storage Solutions

    • Action: Store data in secure, compliant storage services like Azure Blob Storage with appropriate access controls.

    • Recommendation: Implement access policies and regularly review access permissions to data storage resources.

3. API Security

  • Use API Management Solutions

    • Action: Implement Azure API Management to secure, monitor, and manage access to APIs.

    • Recommendation: Apply rate limiting, throttling, and access controls to API endpoints.

  • Enable API Key Management

    • Action: Use API keys or tokens to authenticate and authorize API requests.

    • Recommendation: Rotate API keys regularly and use secure storage for API keys.

  • Implement Rate Limiting and Throttling

    • Action: Protect APIs from abuse by enforcing rate limits and throttling.

    • Recommendation: Configure appropriate rate limits to prevent denial-of-service attacks.

4. Model Security

  • Secure Model Training and Deployment Environments

    • Action: Ensure that environments where models are trained and deployed are secure and isolated.

    • Recommendation: Use virtual networks and private endpoints to restrict access to model training and deployment environments.

  • Implement Model Versioning and Monitoring

    • Action: Track and monitor model versions and their usage to detect anomalies and unauthorized modifications.

    • Recommendation: Use Azure Machine Learning for model management and versioning.

  • Use Secure Model APIs

    • Action: Ensure that model inference APIs are secured with appropriate authentication and authorization mechanisms.

    • Recommendation: Apply API security best practices and monitor API usage for anomalies.

5. Logging and Monitoring

  • Enable Auditing

    • Action: Track user activities, changes to configurations, and access attempts.

    • Recommendation: Enable Azure OpenAI auditing to monitor and review activities for security and compliance.

  • Integrate with Monitoring Tools

    • Action: Use Azure Monitor, Log Analytics, and Security Center to collect and analyze logs from Azure OpenAI.

    • Recommendation: Set up alerts for suspicious activities and potential security incidents.

6. Compliance and Governance

  • Implement Azure Policy and Blueprints

    • Action: Enforce compliance with organizational and regulatory requirements.

    • Recommendation: Use Azure Policy and Blueprints to govern Azure resources and ensure they adhere to security standards.

  • Regular Security Assessments

    • Action: Conduct regular security assessments and audits to identify and remediate vulnerabilities.

    • Recommendation: Use tools like Microsoft Defender for Cloud to perform security assessments and receive actionable recommendations.

7. Endpoint Security

  • Secure Development Workstations

    • Action: Ensure that all workstations used for accessing Azure OpenAI are secured with antivirus and endpoint protection solutions.

    • Recommendation: Keep all development workstations up-to-date with the latest security patches and updates.

  • Use Secure Network Practices

    • Action: Ensure that network access to Azure OpenAI is secure.

    • Recommendation: Use VPNs and firewalls to protect network traffic and restrict access based on IP address ranges.

8. Backup and Recovery

  • Regular Backups

    • Action: Regularly back up Azure OpenAI configurations and critical data.

    • Recommendation: Use built-in backup options or third-party tools to ensure data can be restored in case of accidental deletion or data loss.

  • Disaster Recovery Plan

    • Action: Develop and test a disaster recovery plan for Azure OpenAI.

    • Recommendation: Ensure that the plan includes steps for restoring configurations and data from backups.

PreviousSecurity Risks for Azure OpenAINextDeployment Steps

Last updated 10 months ago

🚢
🚔