Reddit

What should you recommend to secure sensitive customer contact information in Azure? | Microsoft Azure Data Engineer Associate - DP-203 Quiz - LeetQuiz

Explanation:

Detailed Explanation

Recommended Solution: Column-Level Security (CLS)

Column-Level Security (CLS) is the optimal solution for securing sensitive customer contact information in Azure SQL Data Warehouse (now Azure Synapse Analytics). Here's why:

Why Column-Level Security is the Best Choice:

Granular Access Control: CLS allows you to restrict access to specific columns (like phone numbers, email addresses) while allowing users to access other columns in the same table. This perfectly aligns with the requirement to limit access to customer contact information while maintaining access to other relevant data.
Simplified Implementation: CLS eliminates the need for complex workarounds such as:
- Creating multiple views with different column sets
- Implementing application-level access control logic
- Redesigning the data warehouse schema
Native SQL Integration: CLS is implemented using standard T-SQL GRANT statements, making it familiar to database administrators and easy to maintain.
Performance Efficiency: Since the security is enforced at the database level, there's no performance overhead from application-level filtering or multiple view layers.

Analysis of Other Options:

A. Transparent Data Encryption (TDE):

Provides encryption at rest for the entire database
Does not control column-level access - users with database access can still see all columns
Protects data from physical theft but not from authorized users who shouldn't see specific columns

B. Row-Level Security (RLS):

Controls access to rows based on user identity or role
Does not address the requirement to hide specific columns from certain users
Would allow business analysts to see phone numbers if they have access to the rows

D. Data Sensitivity Labels:

Primarily used for classification and auditing purposes
Helps identify sensitive data but does not prevent access
Useful for compliance reporting but not for access restriction
Does not actually secure or block access to the data

Implementation Benefits:

With column-level security, you can:

Grant SELECT permissions on non-sensitive columns to business analysts
Restrict access to sensitive contact columns (phone numbers, email addresses)
Maintain a single table structure without duplicating data
Easily modify access policies as business requirements change

This approach ensures that business analysts can perform their analytical work while being prevented from accessing sensitive customer contact information that's not relevant to their analysis.