Microsoft continues to improve protection controls for data stored in Azure. In their defense in depth model, they’ve released Advanced Threat Protection for Azure Storage into public preview, to improve the detection of anomalous behavior with stored files.
The number of public breaches on Azure has been small compared to on Amazon S3 (where Accenture, Dow Jones, Verizon, and the RNC left files open to public access). Still, IT Pros can inadvertently leave their data unprotected in Azure. Employing ATP on storage accounts can help prevent such mistakes from exposing data in a breach.
Enabling explained in 2017 how SharePoint can provide better security than S3, but large databases are better stored in blob storage services offered by Azure Storage or S3.
With Microsoft’s announcement, customers now can configure their storage diagnostic logs to detect read/write/delete events, and have an email sent to admins or to a Security Operations Center.
Azure blob storage is one of several Microsoft storage options. For how it compares to other options, see http://blog.enablingtechcorp.com/getting-started-with-azure-storage . Also defined in Mark’s article are the critical steps IT pros must still take to configure proper access controls for the data.