Introduction
At element61, we believe in the power of modern data platforms to drive business success. Microsoft offers multiple platforms to support your analytics & AI needs (Databricks, Fabric, Synapse) but it’s clear that Microsoft Fabric stands out as a powerful solution focused on bringing simplicity to companies keen to accelerate in Analytics & AI.
Microsoft Fabric aims to support diverse data workloads, including data warehousing, real-time analytics, and machine learning. While Microsoft Fabric is all about simplicity, as element61, we firmly believe that a first-time-right deployment is key: every platform we deploy should be end-to-end secure, solid set-up, CICD’ed, etc. In this insight, we outline what Microsoft Fabric offers & what security features to consider in your Microsoft Fabric design.
What is Microsoft Fabric
Let’s first recap & clarify: what is Microsoft Fabric: Microsoft Fabric is a comprehensive analytics and data platform designed to serve a wide range of data analytics needs, from data engineering and data integration to advanced analytics and data governance. This platform is built to leverage the full power of the Microsoft ecosystem, integrating seamlessly with Azure services, Microsoft 365, Microsoft Purview and various third-party applications. By providing a unified environment for data storage, processing, and analysis, Microsoft Fabric enables organizations to create a scalable, secure, and efficient modern data platform.
Microsoft Fabric is not just a data platform; Microsoft sees it as a transformative solution designed to elevate your organization's data capabilities to new heights. By integrating Microsoft Power BI in Microsoft Fabric aims to further empower business teams (not IT only 😉) to harness the full potential of their data: as simple as Power BI, Microsoft Fabric brings an easy-to-use cockpit for more extensive self-service.
Why Security Matters in a Data Platform
In today's data-driven world, security is paramount. Organizations handle vast amounts of sensitive information, ranging from personal data to confidential business insights. Ensuring the security of this data is critical to maintaining trust, complying with regulatory requirements, and protecting against data breaches. Too often data platforms are deployed with public endpoints, with (too) limited access security and with not enough structure on data anonymization.
As data platforms become more integrated and complex, the need for comprehensive security measures becomes even more essential. One should always focus on 2 security perspectives:
- First, ensuring a first-time-right set-up is crucial for the platform’s overall security. Integrating Microsoft Fabric with private networks, such as through Azure Private Link, from the get-go guarantees that data traffic is isolated from public networks.
- Second, ensuring the configuration within Fabric: A robust security framework within a data platform safeguards data integrity, confidentiality, and availability, ensuring that only authorized users have access and that data remains protected from unauthorized access and cyber threats.
Five concrete Security Features to consider in Microsoft Fabric
Out-of-the-Box, below security features, won’t be in place if you just install Microsoft Fabric. As element61, these are our 5 security considerations to consider in your design of Fabric.
Did you consider Private Networking
Know that Microsoft Fabric supports private networking configurations. By leveraging Azure Private Link, all data traffic can be kept within the Azure backbone, isolating it from public networks and reducing the risk of exposure. This setup ensures that data remains secure while in transit between different components of the platform – incl. if it connects to some Azure resources that you might still have (databases, other data lakes, other resources). Private Link is enabled in the Admin portal of Microsoft Fabric but not default enabled.
Are your Role-Based Access Control (RBAC) in place
Microsoft Fabric has a variety of roles. To set them, Microsoft Fabric integrates with Azure Active Directory (Entra ID) to provide comprehensive identity and access management. Role-Based Access Control (RBAC) allows organizations to define and manage access permissions based on user roles, ensuring that users have the appropriate level of access to data and resources.
If need be, you can use elevated access managed through Privileged Identity Management (PIM), which helps secure administrative roles and provides additional oversight. This approach ensures that access to sensitive data is tightly controlled and monitored.
As element61 we have a default design of Microsoft Fabric groups separating data analysts, engineers, power users, end-users, administrators & data scientists – each with specific permissions.
Object Level Security (OLS) and Row Level Security (RLS)
Too often forgotten, Microsoft Fabric supports both Object Level Security (OLS) and Row Level Security (RLS) to provide granular access control to data. OLS allows administrators to secure specific tables or columns within a dataset, ensuring that only authorized users can view or interact with sensitive data. RLS enables the definition of access filters at the row level, restricting data access based on user roles or other criteria.
As element61, we bring at our customers a dynamic security setup that helps organizations ensure that sensitive information is accessible only to those with the necessary permissions. Dynamic means it’s connected to roles & groups and thus broadly reusable.
Design Data Governance and Sensitivity Labels from the start
Effective data governance is a critical component of Microsoft Fabric's security framework. The platform integrates with Microsoft Purview to provide robust data governance capabilities, including data cataloging, classification, and lineage tracking.
As element61 we love that Sensitivity labels can be applied to datasets to classify and protect sensitive information, ensuring that data handling complies with regulatory requirements such as GDPR. For this, Azure licensing and requirements are necessary. These labels also facilitate the monitoring and auditing of data usage, helping organizations maintain oversight of how sensitive data is accessed and utilized.
Do something with the Logging and Monitoring
Microsoft Fabric includes extensive logging and monitoring features to ensure that data activities are tracked and auditable. System logs, application logs, and user activity logs provide a comprehensive view of operations within the platform. The Microsoft Fabric Metric Apps offer a dedicated monitoring tool that provides real-time insights into system performance and data usage. Additionally, integration with Azure Monitor allows for advanced alerting and monitoring capabilities, enabling organizations to proactively identify and address potential security issues.
As element61 we complement this with our Power BI Adoption + Data Observability Framework where – in both - we gather the Microsoft Fabric logs & have build some custom Power BI reports on it to track not only the system but also even the data availability (freshness), data volumes, data quality & beyond. Reach out to get some more screenshots on this (happy to share).
Our element61's Recommendations for Microsoft Fabric
As a trusted partner, element61 has leveraged its extensive experience and best practices to provide specific recommendations for enhancing the security of Microsoft Fabric deployments. In summary, these recommendations include the following:
- Security by Design: Implementing a security-first approach in the architectural design, ensuring that all aspects of the platform are configured with security best practices in mind.
- Private Networking: Using Azure Private Link to keep data traffic within the Azure backbone and employing self-hosted data gateways for secure connectivity with on-premises systems.
- Advanced Access Control: Configuring Role-Based Access Control (RBAC) and Privileged Identity Management (PIM) through Azure Active Directory to manage user permissions and secure administrative roles.
- Granular Data Security: Implementing Object Level Security (OLS) and Row Level Security (RLS) to provide fine-grained access control and protect sensitive data at the table, column, and row levels.
- Data Governance Framework: Leveraging Microsoft Purview for comprehensive data governance, including the application of sensitivity labels and monitoring data usage to ensure compliance with regulatory standards.
- Proactive Monitoring: Utilizing the Microsoft Fabric Metric Apps and Azure Monitor to maintain real-time visibility into system performance and data activities, enabling early detection and resolution of potential security threats.
Conclusion
In conclusion, Microsoft Fabric offers a robust security framework that meets the stringent requirements of modern data platforms. By following the best practices and recommendations provided by element61, organizations can ensure that their data remains secure, compliant, and well-governed, enabling them to leverage the full potential of their data assets while maintaining the highest levels of security.
If you are keen to learn more about Microsoft Fabric or Microsoft Purview, do reach out via our contact form.
