Provide private storage for internal company documents

INTRODUCTION
In today's digital age, protecting sensitive internal work documents is critical for companies. Private storage solutions enable businesses to securely store, manage, and access documents while safeguarding them against unauthorized access and cyber threats. This article discusses the important factors, methods, and tactics for implementing private storage for internal company documents.

Why private storage is important
Private storage systems are designed to keep data confidential, secure, and available. They safeguard intellectual property, financial records, personnel information, and other sensitive materials from threats like:

• Data breaches
• Internal threats
• Regulatory compliance

I will walk you through Steps on how to Implement Private Storage for Internal Company Documents

First we create a storage account and configure it to high availability. Below is the step on how to achieve that.
Step 1: Create a storage account for the internal private company documents.

• In the portal, search for and select Storage accounts.

• Select + Create.

• Select the Resource group created in the previous lab.
• Set the Storage account name to private. Add an identifier to the name to ensure the name is unique.

• Select Review, and then Create the storage account.

• Wait for the storage account to deploy, and then select Go to resource.

Note: This storage requires high availability if there’s a regional outage. Read access in the secondary region is not required. So therfore configure the appropriate level of redundancy.
Follow step 2 as shown below

• In the storage account, in the Data management section, select the Redundancy blade.
• Ensure Geo-redundant storage (GRS) is selected.
• Refresh the page.
• Review the primary and secondary location information.
• Save your changes.

Create a storage container, upload a file, and restrict access to the file.
Step 1: Create a private storage container for the corporate data.

• In the storage account, in the Data storage section, select the Containers blade.
• Select + Container.

• Ensure the Name of the container is private.
• Ensure the Public access level is Private (no anonymous access).
• As you have time, review the Advanced settings, but take the defaults.
• Select Create.

Step 2: For testing, upload a file to the private container. The type of file doesn’t matter. A small image or text file is a good choice. Test to ensure the file isn’t publicly accessible.

• Select the container.

• Select Upload.

• Browse to files and select a file.
• Upload the file.
• Select the uploaded file.

• On the Overview tab, copy the URL.

• Paste the URL into a new browser tab.
• Verify the file doesn’t display and you receive an error.

Since an external partner requires read and write access to the file for at least the next 24 hours. Then configure and test a shared access signature (SAS). Follow the steps below

• Select your uploaded blob file and move to the Generate SAS tab.

• In the Permissions drop-down, ensure the partner has only Read permissions.

• Verify the Start and expiry date/time is for the next 24 hours.
• Select Generate SAS token and URL.
• Copy the Blob SAS URL to a new browser tab.

• Verify you can access the file. If you have uploaded an image file it will display in the browser. Other file types will be downloaded.

Configure storage access tiers and content replication.
Note Configuring storage access tiers and content replication in Microsoft Azure is a vital step toward optimizing storage for cost and performance.
Step 1: Return to the storage account.

• In the Overview section, notice the Default access tier is set to Hot.

• In the Data management section, select the Lifecycle management blade.
• Select Add rule.

• Set the Rule name to movetocool.
• Set the Rule scope to Apply rule to all blobs in the storage account.
• Select Next.

• Ensure Last modified is selected.
• Set More than (days ago) to 30.
• In the Then drop-down select Move to cool storage.

• As you have time, review other lifecycle options in the drop-down. Add the rule.

The public website files need to be backed up to another storage account. This is excellent practice for various reasons, including data protection, availability, and business continuity.
The steps below will guide you on how to achieve that.
Step 1: In your storage account, create a new container called backup. Use the default values.

• Navigate to your publicwebsite storage account. This storage account was created in the previous exercise.

• In the Data management section, select the Object replication blade.

• Select Create replication rules.

• Set the Destination storage account to the private storage account.
• Set the Source container to public and the destination container to backup.
• Create the replication rule.

Conclusion
Providing private storage for internal company data is more than a technology update; it is a business need in today's digital economy. Companies may secure their assets, maintain regulatory compliance, and create stakeholder confidence by implementing strong systems and best practices. Whether you choose an on-premise solution, cloud storage, or a hybrid method, putting security and accessibility first will ensure long-term success.