Domain 2 of AZ204: Create for Azure Storage

Table of Contents
Types of Azure StorageDomain 2: Develop for Azure storageDevelop solution that uses Cosmos DB storageDevelop solution that uses blob storage
Azure Storage is a cloud-based platform that supports modern applications. We all know that data volume is increasing every day. Therefore, we must upgrade our storage solutions. Azure Storage is a cloud-based storage solution that allows you to store large amounts of data objects in a highly scalable and scalable manner. It provides massive security, durability and accessibility, as well as other benefits. Client applications and users can access Azure Storage data items anywhere in the world via HTTP or HTTPS.
Types of Azure Storage
Azure Storage can be expanded with additional disk storage. There are five main components to Azure Storage:
Azure Blob Storage: It stores large amounts of unstructured information. Storage (BLOBs) is used for large binary objects.
Azure table storage: This feature has been added to Azure Cosmos DB. Azure tables are used to store structured NoSQL data.
Azure file storage: This is a fully managed file sharing service that runs under the Server Message Block protocol. It can be used on-premise or in the cloud.
Azure queue storage: This is a message storage service you can access via HTTP or HTTPS from anywhere on the planet.
Disk storage: There’s a choice of two types of virtual hard drives (VHDs), managed and unmanaged.
Azure Developer AZ204 certification covers five domains.

Domain 1: Develop Azure compute solution (25-30%)
Domain 2: Develop for Azure storage (15-20%)
Domain 3: Implement Azure security (20-25%)
Domain 4: Monitor, troubleshoot and optimize Azure solutions (15-20%)
Domain 5: Connect to Azure services and third party services (15-20%)
This article will focus on the second Domain of AZ-204: “Develop for Azure storage.”
Domain 2 of AZ204: Create for Azure storage
Storage is an essential component of Microsoft Azure apps. This course will teach you how to use it effectively. This domain has a weight of 15-20%. This domain will teach Azure developers how to write code, optimize database consumption, and create, read, update and delete tables automatically. This course will teach you how to create a storage container in Azure. This domain will teach you how to create storage containers in Azure using the Cosmos DB storage and blob storage systems.
The AZ-204 certification exam, “Develop Azure storage”, has the second domain. It includes the following subtopics.
1. Cosmos DB storage is a premium storage solution from Azure. It allows you to develop solutions that use Cosmos DB storage. Cosmos DB is a global distributed, low-latency and highly responsive database that can be used worldwide. This section will teach you how to select the right API for your project, and how to interact with data using the correct SDK. Learn how to create Cosmos DB containers, populate them with data, and how to populate them. Next, you will learn how to optimize throughput and partitioning for maximum performance. This section will also teach you how to select the right consistency level for your operations. You’ll also learn how to use stored procedures, triggers, and change feed notifications for server-side handling.
Azure Cosmos DB
Azure Cosmos DB lets you run a distributed NoSQL data base with excellent throughput and low latency. It is different from traditional relational databases that have a set number of columns and require each row to follow the table’s scheme. It allows you to manage your data regardless of whether it is stored in different data centers around the world. It can handle multiple data models, including key-value, relational and graph.
2. Create solutions that use blob storageAzure Blob storage is layered, highly accessible storage for structured data

Domain 2: Cloud Data Security

The second domain of the CCSP is ‘Cloud Data security. This vast domain tests the candidate’s technical knowledge of:
There are many phases to the cloud data life cycle
Cloud data storage architecture, including storage types, security threats and controls
Data security strategies and other objectives
This domain of the CCSP certification carries 20% importance in the exam. The sub-objectives for the CCSP Domain 2 – Cloud Data security are:
Understanding the Cloud Data Life Cycle (Cloud Security Alliance guidance). The exam requires that the candidate has a thorough understanding of all stages of the cloud data cycle, including creating, storing and using, sharing, archiving and destroying. The candidate must also be able to understand the security controls and risks associated with each stage in the cloud data cycle. For example, how to upload data securely while performing the “create” phase.
Designing and Implementing Cloud Data Storage Architectures Subscribers can access and use the cloud infrastructure, including shared resources, storage, servers and hard drives, on a need basis. They also pay for the services. Cloud software, also known as SaaS, is a subscription-based service that allows users to access the various features of the software from anywhere and anytime. SaaS allows you to work with cloud applications via an API. SaaS is a way to work with applications on the cloud via an API. (Certified Cloud Security Professional).
Designing and applying effective data security strategiesThe next sub-objective tests the certification seeker’s knowledge about designing and planning data security strategies such as encryption, key management, masking, and tokenization. This domain requires that the candidate understands how to apply technologies such as cloud storage time and duration, masking and tokenization, and the design and application of new cloud technologies like homomorphic encryption which can process encrypted data without decrypting.
Understanding and Implementing Data Discovery & Classification Technologies. Candidates are expected to understand and apply different data discovery and classification technologies in context to the next objective. Data discovery methods that are widely used include metadata based, label based, and content based data discovery. Once data is discovered, it must be classified. Candidates should be able to comprehend classification technologies like encryption and DLP (data loss prevention or data leak protection).

Designing and Implementing Relevant Juisdictional Data Protections For Personally Identifiable Information

Domain 2: Asset Security

Google defines an asset as “a useful or valuable thing, person or thing”. This means that assets in an organization could be information, equipment, or facilities that have great worth. The second domain of CISSP exam focuses on protecting assets. The following sections are covered by ‘Asset Security’:
Identify and classify information assets
Different types of information include financial details, password files and credit card information. Some information can be seen by everyone, but some information must be classified to ensure that only those with the appropriate clearance can see it.
Organizations can achieve their core Information security goals of confidentiality and integrity through classification. Before classifying data, security professionals must determine:
Who has access to the data
How data security is achieved
How long the data will remain stored
What method should be used to dispose off the data?
Do the data have to be encrypted?
What is the right use of data?
Data classification differs between the government/military and the commercial sectors. Below is an example of a commercial sector classification:
Private (Private data): Information such as bank account numbers, social security numbers, and bank account numbers.
The company restricted(Information that can be viewed only by a small group of employees)
Company confidential(Information that can be viewed by all employees but not for public use)
Public Information (Information that is accessible to all)
Below is a list of military data classifications:
Top Secret
Secret
Confidential
Sensitive but unclassified or SBU
Unclassified (Reference: https://resources.infosecinstitute.com/cissp-domain-2-asset-security/)
Protect your privacy
Social media is the age of data privacy. Information is all around us and it is critical to decide whether we want to use, retain, or destroy them.

Data privacy has a history that dates back to the 1300s. It has evolved over time in two major worlds, the US and the EU. The European Union’s data protection directive was revised in 2012 by strengthening its data protection rules. These are the key points of the new rules.
Personal data collection should be limited to the essentials
By removing administrative obstacles, the EU’s Single Market dimension should be strengthened
Protect personal data that law enforcement has collected
Data transfers outside of the EU require streamlined procedures
As a follow-up to the previous point, the EU has made clear that data that travels beyond the EU must be protected. The US approach to data privacy is slightly different than that of the EU. Both countries value data privacy to the core. However, their approaches to it are very different. They have created the “Safe Harbor” framework. The US Department of Commerce developed the “Safe Harbor” program in collaboration with Federal Data Protection and Information Commissioner of Switzerland.
One of the benefits of the “Safe Harbor” program is that only US-based organizations can receive data from EU. Other regulations and rules ensure privacy for personal data.
Ensure appropriate asset retention
Data retention policies are the guidelines for how data is stored, retained, and destroyed. It is recommended that all stakeholders be involved in asset retention policies in order to ensure data retention. The following eight steps govern the retention of assets and data.
Understanding the business needs of your organization
Classify data
Determine retention periods
draft record retention policies
Justify the record retenti

Domain 2: Asset Security – Weightage 10% 2018

The Asset Security (Protecting Security of Assets), domain focuses on data classification, labelling, retention, ownership, and clearances. It covers the different storage devices and controls, as well as their determination, including standards, scoping and tailoring. Every organization must have data protection skills.
This domain is responsible for the day-to-day management and management of access control.
Formal access approval and the need to know. The data is classified in Government and Military.
Unclassified, sensitive, but not classified, Confidential and Secret. Data in the Private Sector is classified as Public or Company Classified, Company Restricted and Private, Confidential, Sensitive, and Private.
Next, it discusses information security roles and their responsibilities. These include mission or business owners, data owners and system owners, custodians and users, as well as data owners and system owners. It also discusses data remanence, which is data that remains after non-invasive means of deleting it.
It then covers memory types such as RAM, RAM, ROM and DRAM as well as Firmware and Solid state drives. This section also covers data destruction methods to avoid dumpster diving, such as overwriting, destruction, destruction, and shredding.
By exposing magnetic media to strong magnetic fields, degaussing damages the integrity of magnetic media, such as tapes or disk drives. Destruction is a physical destruction of media’s integrity by destroying or damaging the media itself, such the platters on a disk drive. The act of making data on hard copy unrecoverable is called shredding. Protecting data is vital for any organization, whether it is in motion or at rest.
This domain also includes data security controls like certification and accreditation. These standards and control frameworks also include PCI-DSS and Octave, ISO 17799, ISO 27000 Series, COBIT and ITIL.
Scoping, which is the process by which an organization determines which parts of a standard are to be used, and Tailoring, which is the process by which an organization customizes a standard for its use, play an important role.

Domain 2: Asset Security (Weightage 10%)

The Asset Security (Protecting Security of Assets), domain focuses on data classification, labelling, retention, ownership, and clearances. It covers the different storage devices and controls, as well as their determination, including standards, scoping and tailoring. Every organization must have data protection skills.
This domain includes day-to-day access control management. It requires management of labels and clearances. Data classified in Government and Military as Unclassified or sensitive but not unclassified, Confidential Secret, Secret, Top Secret. Data in the Private Sector is classified as Public or Company Classified, Company Restricted and Private, Confidential, Sensitive, and
Next, it discusses information security roles and their responsibilities. These include mission or business owners, data owners and system owners, custodians and users, as well as data owners and system owners. It also discusses data remanence, which is data that remains after noninvasive means of deleting it.
It then covers memory types such as RAM, RAM, ROM and DRAM, as well as Firmware and Solid state drives. This section also covers data destruction methods to avoid dumpster diving, such as overwriting, destruction, shredding, degaussing and destruction. By exposing magnetic media to strong magnetic fields, degaussing damages the integrity of magnetic media, such as tapes or disk drives. Destruction is a physical destruction of media’s integrity by destroying or damaging the media itself, such the platters on a disk drive. The act of making data on hard copy unrecoverable is called shredding. Protecting data is vital for any organization, whether it is in motion or at rest.
This domain also includes data security controls like certification and accreditation. These standards and control frameworks also include PCI-DSS and Octave, ISO 17799, ISO 27000 Series, COBIT and ITIL.
Scoping, which is the process by which an organization determines which parts of a standard are to be used, and Tailoring, which is the process by which an organization customizes a standard for its use, play an important role.

AWS Reports a 41 Percent Increase in Revenues in Q1

Amazon Web Services (AWS), a cloud giant, released its first quarter earnings for fiscal 2019, on Thursday. It reported $7.7 billion in revenue for March 31st, just exceeding analysts’ expectations.
This is a 3.6% increase over the quarter before, when AWS earned $7.4 Billion, and a 41.4% increase over the year-ago period when it earned $5.4 Billion.
The quarter’s operating income was $2.2 billion. This is a slight increase over the previous quarter, but a significant year-over-year growth of 58.8%.
AWS has been the fastest-growing business unit of its parent company, and Q1 was no exception. Comparatively, the International retail segment grew just 8.9% year over year, while the North American retail segment grew 16.6%.
Amazon.com’s cloud unit accounted for 13% of its total revenues.
Microsoft, which is the closest competitor to AWS cloud, also reported its latest earnings. Microsoft reported that Azure sales increased by 73% in the most recent financial quarter, even though it didn’t break down its Azure cloud revenue.

AWS climbs in Application Usage Ranking

Okta Inc. published the latest service and business application usage report for Amazon Web Services Inc.
Okta, a San Francisco-based company that provides identity and access services for organizations, periodically mines its internal data in order to determine the popularity of pre-integrated apps and services it offers through its cloud service. The company then publishes the data in its “Business @ Work” reports.
AWS has taken over the No. 1 spot in the rankings, according to the latest report. 4th place in the rankings.
G Suite is Google’s cloud-based offering, which provides e-mail storage, document, and other services as a complement to similar office suites like Microsoft Office.
AWS is ranked No. AWS is ranked 4th in the rankings behind Microsoft Office 365 and Salesforce.com. AWS is rounded out by G Suite, Concur and JIRA, Slack and Zendesk.
[Click on the image to see a larger view.] Top Apps Over Time (source: Okta). While most rankings remain fairly stable, Okta identified two companies that are making significant upward moves.
The company stated that Amazon Web Services had just surpassed G Suite for the number four spot and that Slack jumped from the 12th most downloaded app to the 8th in less then a year.
AWS was also included in other trends identified and reported by the company. Okta stated that the data suggests that automation is crucial for apps containing sensitive data. Users can be deprovisioned immediately if necessary. “This includes Amazon Web Services (with a new code), Salesforce (sales figures), Zendesk, customer service issues and requests, and Dropbox (documents saved).
The Okta research is not meant to be used as an indicator of overall application popularity. It covers a much smaller area. The company stated that the report is representative of Okta’s cloud-forward customers, the apps that we connect to and the ways that users access these applications through the service.

AWS Clears $5 Billion in Q4 Earnings

According to Amazon.com’s fourth quarter financial earnings report, AWS earned $17.5 billion in revenue for 2017.
AWS reported $5.1 billion in revenue for the quarter ended March 31, a 44.6% increase over the previous quarter and an 11.5% increase over the third quarter. Wall Street analysts had expected Q4 revenue to be around $4.9 billion.
Operating income was $1.4 Billion, an increase of 46.2% year-over-year.
AWS was responsible for 8% of the total business of its parent company in Q4. AWS grew year-over-year in line with previous quarters. (The North America retail segment saw a 42% increase in year-over-year growth, while the International segment saw a 29% increase.
Another positive note is that AWS saw a slight increase in year-overyear growth in Q4. The platform’s growth rate reached its peak 10 quarters ago when it soared by 81 percent. Although this quarter is not as high as the peak, it is still a significant improvement on the trend of declining growth in recent quarters (see table).
Reporting Period AWS Revenue, (Billions). Year-over-Year Revenue growth (%) Q4 2017 $5.1 45 Q3 2017 $4.1 42Q1 of 2017 $13.743 Q4 2016 $3.255 Q3 2016 $2.9 58Q1 of 2016 $2.256 Q4 2015 $2.664 Q1 Of 2016 $2.664 Q4 2015 $2.4 69Q3 of 2015 $2.178 Q2 2015 $1.8 81Q1 2015 * $1.649 * First time reported as a separate line.
Amazon.com announced its earnings report and attributed AWS’ growth in Q4 to continued cloud infrastructure investments, some high-profile customer wins, and nearly 500 new services or features it launched in Q4, many of which were announced at the re:Invent conference last November.
According to Microsoft’s latest earnings report, Azure, widely considered AWS’ closest competitor, saw its revenues grow by 98% year-over-year. Although Azure is still a significant share behind AWS, it has been showing signs that it is catching up to the market leader and even taking the lead for some segments, such as large enterprises.

AWS Announces First-Ever Pay Per Session BI Pricing for QuickSight. AWS claims to be an industry leader in business analytics services, and announced a pay per session pricing model for its QuickSight service. Amazon QuickSight is a fully managed cloud business intelligence (BI), system that provides visualization, ad-hoc analyses, and other business insight functionality. According to the company, it offers BI capabilities at a fraction of the cost of traditional solutions. These costs can now be paid for individual sessions as of last week. “Pay-per-session pricing allows you to enable everyone within the organization with interactive dashboards that are data-driven and pay only when they access them,” the company stated in a blog post on Thursday, May 31. The new pricing model is available for Amazon QuickSight Enterprise Edition in all regions that are supported by AWS. It starts at $0.30 per session. The company also announced availability of Private VPC Connectivity. This allows users to securely connect QuickSight with data sources within Virtual Private Clouds. (VPCs), as well as on-premises installations. There is no need to deploy any gateway or agent. It avoids data being moved over the public Internet. Other features include:

  • Enhance interactivity in dashboards by setting parameters with onscreen controls. These controls can be set using the on-screen dropdown or text box controls.
  • URL actions to connect QuickSight dashboards with third-party applications and internal Web sites
  • Enhanced data management and administration capabilities such as: higher SPICE (QuickSight’s in-memory optimized calculation algorithm) data set limits at 25GB; hourly refresh of SPICE data; coowner permissions for dashboards; the option to share dashboards to all users; and an easy way to upgrade your account from Amazon QuickSight Standard Edition or Enterprise Edition.
  • QuickSight is now also available in the Asia Pacific (Tokyo), region.

AWS stated in a blog post that QuickSight provides business analytics to organizations of all sizes. It allows them to access data stored in their Amazon Redshift data warehouse, their Amazon Relational Database Service RDS relational databases, flat files stored in S3, and (via connectors), data stored in SQL Server, PostgreSQL and on-premises MySQL databases. QuickSight can scale to accommodate thousands, hundreds, and even thousands of users per company. QuickSight is available for a free 60-day trial. More information can be found in a June 20 Webinar.

AWS Chief Andy Jassy To Become Amazon CEO as Bezos Steps Down

Amazon.com, the cloud juggernaut and e-commerce giant, announced Tuesday a major executive transition. It also reported its fourth quarter earnings for fiscal 2020.
In the third quarter 2021, Jeff Bezos, the founder of Amazon 1994, will be retiring to become the Executive Chair of the company’s board of directors. Andy Jassy will take over the reins from Jeff Bezos, an Amazon executive who has been the CEO of the huge Amazon Web Services (AWS), cloud since 2016.
The company made the announcement in its Q4 earnings reports. Bezos stated in a prepared statement that “when you look at our financial results you’re actually seeing the long-run cumulative effects of invention.” “Amazon is at its most creative ever, making this a perfect time for this transition.”
AWS reported $12.7 Billion in revenue for the quarter ended Dec. 31, which was 28% more than the year prior, in line to Wall Street estimates. Full-year revenue was $45.4billion, a 30% increase over fiscal 2019. Operating income for the quarter was $3.6 Billion, an increase of 37% over fiscal 2019.
Although it is still the largest cloud vendor, AWS’ year-over-year growth has been slowing. AWS was historically Amazon’s fastest-growing business sector. In Q4, AWS fell behind both North American and International retail units which grew by 57% each year.
Microsoft, whose Azure cloud business rivals AWS, released its latest quarterly earnings last Wednesday. Microsoft claims that Azure revenue increased 50% over the previous quarter, although the exact dollar amount is not disclosed by the company.
Jassy will inherit Amazon’s business from Bezos at the same time that cloud technology spending is expected to increase due to pandemic-related changes in work environments and acceptance of remote work.