Hardening Your Text to Speech Service on Azure: A Comprehensive Guide to Securing Cognitive Services

Description

Text-to-speech enables your applications, tools, or devices to convert text into humanlike synthesized speech. The text-to-speech capability is also known as speech synthesis. Use humanlike prebuilt neural voices out of the box, or create a custom neural voice that’s unique to your product or brand.

BASELINE CONFIGURATION

Config Name Description Solution GE Control ID
Sku The Pricing tier for your resource Must use standard pricing tier as it minimal requirement Standard EA
Resource Group Resource Group Requirements Must use same region for resource, resource group & subscription Standard EA
Network Type Access to service Public access to the services is not allowed, must opt selected networks, configure network security for your cognitive resource
Restrict access to the applicable subnets from where you are going access the particular required subnet
SEC 1.2
Data Encryption Encrypt sensitive information in transit All of the cognitive services endpoints are exposed over HTTPS enforce TLS 1.2. With an enforce security protocol, consumers attempting to call a cognitive services endpoint should adhere to these guidelines SEC 7.2
Authentication/Authorization Authenticate to console services and data sources using Azure native security services Authenticating of services using AAD IAM RBAC
Authentication to data sources should be through managed identities system assigned
SEC 2.1
Keys Primary keys, secondary keys and query keys stored in key vault as secrets A copy of the primary, secondary and query key should be stored as secrets in key vault SEC 4.1
Logging Enable Diagnostics settings for (Administrative Security, Service Health, & Resource Health) Logs must be stored in Gas Power Cyber approved logging destination: central analytics workspace in 328-gp-azr-ops SEC 3.11
Network logging Collect network traffic logs and analyze them Turn ON NSG flow logs and enable traffic analytics SEC 3.9
Encryption Encryption at rest Use Customer Managed Key for encryption at rest SEC 7.1
Azure Text to Speech Only Azure Speech Service will be deployed via Terraform Use the Speech SDK or REST API to convert text-to-speech by using prebuilt neural voices or custom neural voices Standard EA
Azure Text to Speech Language Azure Text to Speech Language For a full list of platform neural voices or custom neural voices see Language and Voice support for the speech service

Tagging Considerations

Policy Name Description Solution
UAI tag All speech services must be tagged with a valid UAI - Example: Key: uai
- Value: uai1234567
- Use lower case name and value
Env tag All speech services must be tagged with a tag corresponding to the application environment - Example: Key : env, Value: prd
- For Valid envs see item 5.2 in cloud controls document
- Use lower case name and value
Appname tag Must tagged with application short name where applicable - Example: Key: appname
- Value: ABC123

Resource Standards and Policies

Config Name Description Solution
Speech Service Speech Service should not exceed 64 character and consist of only alpha numeric and hyphens. It should begin with “ss” ss-- example: ss-optional-uai123456-example

Ready to experience the full power of cloud technology?

Our cloud experts will speed up cloud deployment, and make your business more efficient.  

Network Considerations

Config Name Description Solution
Standard network Configuration Standard vnet, subnet, NSG configuration applied See network baseline config for more information
Approved network design baseline of Stakeholder
Note: NSGs are disabled on private endpoints
Private endpoints Deny public internet access Ensure that key vault is accessible only over Stakeholder private network

Identity and Access Management

Config Name Description Solution Mandated/Optional IAM Policy CF Template
IAM RBAC Configuration Standard RBAC roles defined for speech service and assigned to users See baseline configuration for more information Mandated

Operational Considerations

Config Name Description Solution
Monitor Monitor Service Connections Follow standards to monitor
Backup and Recovery Ensure Regular automated Backups Follow standards to backup

ISmile Technologies being a proud partner to the top public cloud providers AWS, Microsoft Azure, and Google Cloud, can provide a cloud governance model, and core framework to ensure your operations in the public cloud are scalable and secure. Schedule a free assessment today.

CLOUD Engineer

Gopi Krishna

I’m working as Cloud DevOps Engineer. Expertise in technologies of Kubernetes, cloud services and cloud-native services, and DevOps technologies in various clouds.

Register a Free Cloud ROI Assessment Workshop

Register a Free Cloud ROI Assessment Workshop

Get a Detailed assessment report with recommendations with an assessment report

Schedule free Workshop
Register a Free Cloud ROI Assessment Workshop
Register a Free Cloud ROI Assessment Workshop

Liked what you read !

Please leave a Feedback

0 0 votes
Article Rating
guest
0 Comments
Inline Feedbacks
View all comments

Related articles you may would like to read

How can Docker Containerization Help in Reducing CICD Deployment Costs
0
Would love your thoughts, please comment.x
()
x
Proposals

Know the specific resource requirement for completing a specific project with us.

Blog

Keep yourself updated with the latest updates about Cloud technology, our latest offerings, security trends and much more.

Webinar

Gain insights into latest aspects of cloud productivity, security, advanced technologies and more via our Virtual events.

ISmile Technologies delivers business-specific Cloud Solutions and Managed IT Services across all major platforms maximizing your competitive advantage at an unparalleled value.

Request a Consultation