Merge pull request #107631 from IEvangelist/cogServicesSecurity

v-albemi · web-flow · commit a8c1187de7d7 · 2020-03-19T08:54:11.000-07:00
Cog Svcs security skeleton
diff --git a/articles/cognitive-services/TOC.yml b/articles/cognitive-services/TOC.yml
@@ -7,14 +7,28 @@
     href: Welcome.md
   - name: Cognitive Services and Machine learning
     href: cognitive-services-and-machine-learning.md
-  - name: Virtual networks for Cognitive Services
-    href: cognitive-services-virtual-networks.md
   - name: Custom subdomains for Cognitive Services
     href: cognitive-services-custom-subdomains.md
   - name: Language support
     href: language-support.md
-  - name: Configure customer-managed keys with the Azure portal
-    href: ./Encryption/cognitive-services-encryption-keys-portal.md
+- name: Quickstarts
+  items:
+  - name: Create a new resource using the Azure portal
+    href: cognitive-services-apis-create-account.md
+  - name: Create a new resource using the Azure CLI
+    href: cognitive-services-apis-create-account-cli.md
+  - name: Diagnostic logging
+    href: diagnostic-logging.md
+- name: Security
+  items:
+  - name: Cognitive Services security
+    href: cognitive-services-security.md
+  - name: Virtual networks for Cognitive Services
+    href: cognitive-services-virtual-networks.md
+  - name: Configure customer-managed keys
+    href: ./encryption/cognitive-services-encryption-keys-portal.md
+  - name: Authenticate requests to Cognitive Services
+    href: authentication.md
 - name: Container support
   items:
   - name: Container support
@@ -41,16 +55,6 @@
       href: ../container-registry/container-registry-get-started-azure-cli.md
     - name: Azure Kubernetes Service (AKS)
       href: ../aks/tutorial-kubernetes-prepare-app.md
-- name: Quickstarts
-  items:
-  - name: Create a new resource using the Azure portal
-    href: cognitive-services-apis-create-account.md
-  - name: Create a new resource using the Azure CLI
-    href: cognitive-services-apis-create-account-cli.md
-  - name: Authentication
-    href: authentication.md
-  - name: Diagnostic logging
-    href: diagnostic-logging.md
 - name: Resources
   items:
   - name: Azure Roadmap
@@ -63,15 +67,15 @@
     href: https://azure.microsoft.com/support/legal/cognitive-services-compliance-and-privacy/
   - name: Support & help options
     href: cognitive-services-support-options.md
-  - name: Service Level Agreement(SLA)
+  - name: Service Level Agreement (SLA)
     href: https://azure.microsoft.com/support/legal/sla/cognitive-services/v1_1/
   - name: Videos
     href: https://azure.microsoft.com/resources/videos/index/?services=cognitive-services
   - name: Blog
     href: https://azure.microsoft.com/blog/topics/cognitive-services/
   - name: Service updates
     href: https://azure.microsoft.com/updates/?product=cognitive-services
-  - name: Provide Product Feedback
+  - name: Provide product feedback
     href: https://cognitive.uservoice.com/
   - name: Code of conduct
     href: https://go.microsoft.com/fwlink/?LinkId=698895
diff --git a/articles/cognitive-services/cognitive-services-security.md b/articles/cognitive-services/cognitive-services-security.md
@@ -0,0 +1,174 @@
+---
+title: Security
+titleSuffix: Azure Cognitive Services
+description: Learn about the various security considerations for Cognitive Services usage.
+services: cognitive-services
+author: IEvangelist
+manager: nitinme
+ms.service: cognitive-services
+ms.topic: conceptual
+ms.date: 03/18/2020
+ms.author: dapine
+---
+
+# Azure Cognitive Services security
+
+Security should be considered a top priority when developing any and all applications. With the onset of artificial intelligence enabled applications, security is even more important. In this article various aspects of Azure Cognitive Services security are outlined, such as the use of transport layer security, authentication, and securely configuring sensitive data.
+
+## Transport Layer Security (TLS)
+
+All of the Cognitive Services endpoints exposed over HTTP enforce TLS 1.2. With an enforced security protocol, consumers attempting to call a Cognitive Services endpoint should adhere to guidelines:
+
+* The client Operating System (OS) would need to support TLS 1.2
+* The language (and platform) used to make the HTTP call would need to specify TLS 1.2 as part of the request
+  * Depending on the language and platform, specifying TLS is done either implicitly or explicitly
+
+For .NET users, consider the <a href="https://docs.microsoft.com/dotnet/framework/network-programming/tls" target="_blank">Transport Layer Security best practices <span class="docon docon-navigate-external x-hidden-focus"></span></a>.
+
+## Authentication
+
+When discussing authentication, there are several common misconceptions. Authentication and authorization are often confused for one another. Identity is also a major component in security. An identity is a collection of information about a <a href="https://en.wikipedia.org/wiki/Principal_(computer_security)" target="_blank">principal <span class="docon docon-navigate-external x-hidden-focus"></span></a>. Identity providers (IdP) provide identities to authentication services. Authentication is the act of verifying a user's identity. Authorization is the specification of access rights and privileges to resources for a given identity.
+
+For more information on authentication with subscription keys, access tokens and Azure Active Directory (AAD), see <a href="https://docs.microsoft.com/azure/cognitive-services/authentication" target="_blank">authenticate requests to Azure Cognitive Services<span class="docon docon-navigate-external x-hidden-focus"></span></a>.
+
+## Environment variables and application configuration
+
+Environment variables are name-value pairs, stored within a specific environment. A more secure alternative to using hardcoded values for sensitive data, is to use environment variables. Hardcoded values are insecure and should be avoided.
+
+> [!CAUTION]
+> Do **not** use hardcoded values for sensitive data, doing so is a major security vulnerability.
+
+> [!NOTE]
+> While environment variables are stored in plain text, they are isolated to an environment. If an environment is compromised, so too are the variables with the environment.
+
+### Set environment variable
+
+To set environment variables, use one the following commands - where the `ENVIRONMENT_VARIABLE_KEY` is the named key and `value` is the value stored in the environment variable.
+
+# [Command Line](#tab/command-line)
+
+```CMD
+:: Assigns the env var to the value
+set ENVIRONMENT_VARIABLE_KEY=value
+
+:: Prints the env var value
+echo %ENVIRONMENT_VARIABLE_KEY%
+```
+
+# [PowerShell](#tab/powershell)
+
+```powershell
+# Assigns the env var to the value
+$Env:ENVIRONMENT_VARIABLE_KEY="value"
+
+# Prints the env var value
+$Env:ENVIRONMENT_VARIABLE_KEY
+```
+
+# [Bash](#tab/bash)
+
+```Bash
+# Assigns the env var to the value
+export ENVIRONMENT_VARIABLE_KEY=value
+
+# Prints the env var value
+echo ENVIRONMENT_VARIABLE_KEY
+```
+
+---
+
+> [!TIP]
+> After setting an environment variable, restart your integrated development environment (IDE) to ensure that newly added environment variables are available.
+
+### Get environment variable
+
+To get an environment variable, it must be read into memory. Depending on the language you're using, consider the following code snippets. These code snippets demonstrate how to get environment variable given the `ENVIRONMENT_VARIABLE_KEY` and assign to a variable named `value`.
+
+# [C#](#tab/csharp)
+
+For more information, see <a href="https://docs.microsoft.com/dotnet/api/system.environment.getenvironmentvariable" target="_blank">`Environment.GetEnvironmentVariable` <span class="docon docon-navigate-external x-hidden-focus"></span></a>.
+
+```csharp
+using static System.Environment;
+
+class Program
+{
+    static void Main()
+    {
+        // Get the named env var, and assign it to the value variable
+        var value =
+            GetEnvironmentVariable(
+                "ENVIRONMENT_VARIABLE_KEY");
+    }
+}
+```
+
+# [C++](#tab/cpp)
+
+For more information, see <a href="https://docs.microsoft.com/cpp/c-runtime-library/reference/getenv-wgetenv" target="_blank">`getenv` <span class="docon docon-navigate-external x-hidden-focus"></span></a>.
+
+```cpp
+#include <stdlib.h>
+
+int main()
+{
+    // Get the named env var, and assign it to the value variable
+    auto value =
+        getenv("ENVIRONMENT_VARIABLE_KEY");
+}
+```
+
+# [Java](#tab/java)
+
+For more information, see <a href="https://docs.oracle.com/javase/7/docs/api/java/lang/System.html#getenv(java.lang.String)" target="_blank">`System.getenv` <span class="docon docon-navigate-external x-hidden-focus"></span></a>.
+
+```java
+import java.lang.*;
+
+public class Program {
+   public static void main(String[] args) throws Exception {
+    // Get the named env var, and assign it to the value variable
+    String value =
+        System.getenv(
+            "ENVIRONMENT_VARIABLE_KEY")
+   }
+}
+```
+
+# [Node.js](#tab/node-js)
+
+For more information, see <a href="https://nodejs.org/api/process.html#process_process_env" target="_blank">`process.env` <span class="docon docon-navigate-external x-hidden-focus"></span></a>.
+
+```javascript
+// Get the named env var, and assign it to the value variable
+const value =
+    process.env.ENVIRONMENT_VARIABLE_KEY;
+```
+
+# [Python](#tab/python)
+
+For more information, see <a href="https://docs.python.org/2/library/os.html#os.environ" target="_blank">`os.environ` <span class="docon docon-navigate-external x-hidden-focus"></span></a>.
+
+```python
+import os
+
+# Get the named env var, and assign it to the value variable
+value = os.environ['ENVIRONMENT_VARIABLE_KEY']
+```
+
+# [Objective-C](#tab/objective-c)
+
+For more information, see <a href="https://developer.apple.com/documentation/foundation/nsprocessinfo/1417911-environment?language=objc" target="_blank">`environment` <span class="docon docon-navigate-external x-hidden-focus"></span></a>.
+
+```objectivec
+// Get the named env var, and assign it to the value variable
+NSString* value =
+    [[[NSProcessInfo processInfo]environment]objectForKey:@"ENVIRONMENT_VARIABLE_KEY"];
+```
+
+---
+
+## Next steps
+
+* Explore the various [Cognitive Services](welcome.md)
+* Learn more about [Cognitive Services Virtual Networks](cognitive-services-virtual-networks.md)
diff --git a/articles/cognitive-services/index.yml b/articles/cognitive-services/index.yml
@@ -12,7 +12,7 @@ metadata:
   author: nitinme
   ms.author: nitinme
   manager: nitinme
-  ms.date: 01/21/2020
+  ms.date: 03/17/2020
 
 highlightedContent:
 # itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | whats-new
@@ -139,6 +139,29 @@ conceptualContent:
           itemType: reference
           text: Cognitive Services containers FAQ
 
+tools:
+  title: Software development kits (SDKs)
+  summary: Get started with the Cognitive Services SDK in your favorite programming language.
+  items:
+  - title: C#
+    imageSrc: https://docs.microsoft.com/media/logos/logo_Csharp.svg
+    url: https://docs.microsoft.com/dotnet/api/overview/azure/cognitiveservices/client?view=azure-dotnet
+  - title: Go
+    imageSrc: https://docs.microsoft.com/media/logos/logo_Go-lightblue.svg
+    url: https://godoc.org/github.com/Azure/azure-sdk-for-go/services/cognitiveservices
+  - title: Java
+    imageSrc: https://docs.microsoft.com/media/logos/logo_java.svg
+    url: https://docs.microsoft.com/java/api/overview/azure/cognitiveservices/client?view=azure-java-stable
+  - title: JavaScript
+    imageSrc: https://docs.microsoft.com/media/logos/logo_js.svg
+    url: https://docs.microsoft.com/javascript/api/overview/azure/cognitive-services?view=azure-node-latest
+  - title: Python
+    imageSrc: https://docs.microsoft.com/media/logos/logo_python.svg
+    url: https://docs.microsoft.com/python/api/overview/azure/cognitive-services?view=azure-python
+  - title: R
+    imageSrc: https://docs.microsoft.com/media/logos/logo_R.svg
+    url: https://github.com/Azure/AzureCognitive
+
 additionalContent:
   sections:
     - items:
@@ -152,15 +175,3 @@ additionalContent:
         links:
           - text: Cognitive Services Management
             url: https://docs.microsoft.com/rest/api/cognitiveservices/
-      - title: SDKs
-        links:
-          - text: .NET
-            url: https://docs.microsoft.com/dotnet/api/overview/azure/cognitiveservices/client?view=azure-dotnet
-          - text: Go
-            url: https://godoc.org/github.com/Azure/azure-sdk-for-go/services/cognitiveservices
-          - text: Java
-            url: https://docs.microsoft.com/java/api/overview/azure/cognitiveservices/client?view=azure-java-stable
-          - text: Node.js
-            url: https://docs.microsoft.com/javascript/api/overview/azure/cognitive-services?view=azure-node-latest
-          - text: Python
-            url: https://docs.microsoft.com/python/api/overview/azure/cognitive-services?view=azure-python
