Azure Language Understanding (LUIS) Baseline

In the previous article, “Azure Speech Translation Service Baseline,” we reviewed an industry-standard security baseline for Azure Speech Translation. This article will review requirements and guidelines and share an example security baseline for Azure Language Understanding, or Azure LUIS.

Description  

Azure Language Understanding Intelligent Service, or Azure LUIS, is a cloud-based conversational AI service that applies custom machine learning intelligence to a user’s conversational, natural language text to predict overall meaning and pull relevant detailed information. 

Baseline  

Baseline considerations are based on security principles that stakeholders provide. Every decision made in the baseline discusses a security parameter related to service configuration. It informs consumers on what to do and what not to do when setting up their service.   

We’ll describe each configuration name, requirements, and guidelines. 

Private Endpoints 

  • Create private endpoint access to applications and predictions. 
  • Use private endpoints to secure access to LUIS applications and predictions via Private Link. 
  • Private endpoints should be used for Authoring & Prediction services. 

Network Logging

  • Collect network traffic logs and analyzing them. 
  • Turn on NSG flow logs and enable Traffic Analytics.  

Authentication/Authorization 

  • Authenticate to console services and data sources using Azure native security services. 
  • Authentication to services using AAD IAM RBAC and Managed Identities. Either system assigned or user assigned.

Keys

  • API keys should be stored in key vaults as secrets. 
  • A copy of API key 1 and key 2 keys should be stored as secrets in key vault.

Logging

  • Collect platform logs and operation logs. 
  • Diagnostic settings and Activity Logs should be enabled and stored in centralized workspace. 
  • See Azure log analytics for more information. 

UAI Tag

  • All search services must be tagged with a valid UAI. 
  • User lowercase name and value. 

Environment Tag

  • All search services must be tagged with a tag corresponding to the application environment. 
  • Follow Cloud Controls Matrix document for valid environment names. 
  • Use lowercase name and value. 

Appname Tag

  • Applications must be tagged with application short-name where applicable. 
  • For example, your key may be called “appname”, and your value may be “ABC123”.

Naming Convention

  • Follow a standard, established naming convention. 

Standard Network Configuration

  • Apply a standard vnet, subnet, and NSG configuration. 

IAM RBAC Configuration

  • Apply standard RBAC definitions for speech service and assign them to users. 
  • Least access privilege model.

API Key Rotation

  • Keys should be rotated periodically. 
  • Regenerate keys regularly and store keys in key vault. 

Pricing Tier

  • Use “Standard” pricing for production use cases that require 50 calls per second on prediction resource. 
  • For high endpoint traffic from your published app, it is recommended to upgrade to a S0 resource.

Conclusion 

Although this is not a comprehensive list of considerations when making a baseline for any cloud resource, they are sufficient for an Azure LUIS baseline configuration. For each resource in any business, such considerations must be made according to stakeholder security principles.  

As your trusted partner, ISmile Technologies will ensure that your company’s cloud resource deployment is HIPAA-compliant and secure. For more information, Get Your Free Consultation.  

Cloud Engineer

Gabriel Chutuape

A technology enthusiast passionate about automation, Gabriel Chutuape is a Cloud Engineer at ISmile Technologies. He’s part of the ISmile Technologies Cloud enablement team that help customers to design/solution/project engineering, integrating and implementing infrastructure technologies & services.

AZURE CLOUD ARCHITECT

Karthik Srinivas

Karthik Srinivas is a working Information Technology professional and part of operations. He contributes to streamlining the technology services and operational activities to meet business requirements and beyond.

Register a Free Cloud ROI Assesment Workshop

Register a Free Cloud ROI Assesment Workshop

Get a Detailed assessment report with recommendations with an assessment report

Schedule free Workshop
Register a Free Cloud ROI Assesment Workshop
Register a Free Cloud ROI Assesment Workshop

Related articles you may would like to read

Leveraging Data Management Maturity Model to boost data management capabilities

Request a Consultation