Forum Discussion

SteveA_GSY's avatar
SteveA_GSY
Copper Contributor
Oct 01, 2023

Advanced threat protection on Caching Storage Accounts

We have Advanced threat protection enabled on all of our storage accounts however when analysing costs i'm seeing extremely high costs on a couple of the storage accounts.  These are the Disaster Recovery (ASR) caching accounts.  And the costs are very high due to the huge amount of transactions (several million per week).

 

Even with the new pricing where you pay per storage account the additional cost for so many transactions would be very high.

 

My thoughts are that these storage accounts will have little benefit from the protection as they are only caching data in transit between 2 sites.  I've had a look around to find something that can back me up on this so that I can convince Infosec that we wouldn't be creating much of a risk by removing this protection.

 

Does anyone have anything to back this up or to suggest that we should be enabling the protection on these accounts?

  • It's hard to determine how much you'll benefit from securing these storage accounts as well. Disabling ATP on these 'proxy' storage accounts can reduce some level of risk that is not negligible. However, if you try to reduce costs and stay secured. You can consider disabling ATP on these storage accounts while hardening the access to them. For example, make sure the storage account firewall is enabled with super restricted configuration, make sure you dont use SAS tokens, etc.

Resources