In the previous article, “How to Create a Security Baseline for a Cloud Resource,” we went over how you might approach generating a baseline from start to finish. This article will share an example baseline for a client wanting to use the Azure Speech Translation service.
Azure Speech Translation provides speech-to-text and text-to-speech with high accuracy. It can also produce natural-sounding spoken voices given text, translate spoken audio, and recognize and remember users speaking during conversations.
Baseline considerations are based on security principles that stakeholders provide. Every decision made in the baseline discusses a security parameter related to the service configuration. It informs consumers what to do and not to do when setting up their service.
We’ll describe each configuration name and some information on it.
- What pricing tier of speech translation is the company purchasing?
- In our case, security compliance specifies the standard tier.
- Data Encryption
- Encrypting sensitive information mid-transit is necessary.
- Enforce TLS 1.2 when communicating over exposed HTTPS lines.
- What authentication and authorization method should be used for console services and data sources?
- Azure Active Directory IAM role-based access control manages access based on system identity.
- Primary and secondary query keys are stored as secrets.
- Copies of each key should be stored as secrets in the key vault.
- Diagnostic Settings
- For transparency, ensure that access to the target key vault is logged, captured, and analyzed by Azure Monitor or another service.
- To do this, enable and configure the diagnostics settings for the key vault during creation.
- Collecting network traffic logs is useful for business analytics
- Turn on NSG flow logs and enable traffic analytics.
Although this is not a comprehensive list of considerations when making a baseline for any cloud resource, they are sufficient for an Azure Speech Translation service baseline configuration. For each resource in any business, such considerations must be made according to stakeholder security principles.
As your trusted partner, ISmile Technologies will ensure that your company’s cloud resource deployment is HIPAA-compliant and secure. For more information, Get Your Free Consultation.
A technology enthusiast passionate about automation, Gabriel Chutuape is a Cloud Engineer at ISmile Technologies. He’s part of the ISmile Technologies Cloud enablement team that help customers to design/solution/project engineering, integrating and implementing infrastructure technologies & services.
AZURE CLOUD ARCHITECT
Karthik Srinivas is a working Information Technology professional and part of operations. He contributes to streamlining the technology services and operational activities to meet business requirements and beyond.