Data security and encryption best practices - Microsoft Azure (2023)

  • Article
  • 9 minutes to read

This article describes best practices for data security and encryption.

The best practices are based on a consensus of opinion, and they work with current Azure platform capabilities and feature sets. Opinions and technologies change over time and this article is updated on a regular basis to reflect those changes.

Protect data

To help protect data in the cloud, you need to account for the possible states in which your data can occur, and what controls are available for that state. Best practices for Azure data security and encryption relate to the following data states:

  • At rest: This includes all information storage objects, containers, and types that exist statically on physical media, whether magnetic or optical disk.
  • In transit: When data is being transferred between components, locations, or programs, it's in transit. Examples are transfer over the network, across a service bus (from on-premises to cloud and vice-versa, including hybrid connections such as ExpressRoute), or during an input/output process.

Choose a key management solution

Protecting your keys is essential to protecting your data in the cloud.

Azure Key Vault helps safeguard cryptographic keys and secrets that cloud applications and services use. Key Vault streamlines the key management process and enables you to maintain control of keys that access and encrypt your data. Developers can create keys for development and testing in minutes, and then migrate them to production keys. Security administrators can grant (and revoke) permission to keys, as needed.

You can use Key Vault to create multiple secure containers, called vaults. These vaults are backed by HSMs. Vaults help reduce the chances of accidental loss of security information by centralizing the storage of application secrets. Key vaults also control and log the access to anything stored in them. Azure Key Vault can handle requesting and renewing Transport Layer Security (TLS) certificates. It provides features for a robust solution for certificate lifecycle management.

Azure Key Vault is designed to support application keys and secrets. Key Vault is not intended to be a store for user passwords.

(Video) Azure Security best practices | Azure Tips and Tricks

Following are security best practices for using Key Vault.

Best practice: Grant access to users, groups, and applications at a specific scope.Detail: Use Azure RBAC predefined roles. For example, to grant access to a user to manage key vaults, you would assign the predefined role Key Vault Contributor to this user at a specific scope. The scope in this case would be a subscription, a resource group, or just a specific key vault. If the predefined roles don't fit your needs, you can define your own roles.

Best practice: Control what users have access to.Detail: Access to a key vault is controlled through two separate interfaces: management plane and data plane. The management plane and data plane access controls work independently.

Use Azure RBAC to control what users have access to. For example, if you want to grant an application access to use keys in a key vault, you only need to grant data plane access permissions by using key vault access policies, and no management plane access is needed for this application. Conversely, if you want a user to be able to read vault properties and tags but not have any access to keys, secrets, or certificates, you can grant this user read access by using Azure RBAC, and no access to the data plane is required.

Best practice: Store certificates in your key vault. Your certificates are of high value. In the wrong hands, your application's security or the security of your data can be compromised.Detail: Azure Resource Manager can securely deploy certificates stored in Azure Key Vault to Azure VMs when the VMs are deployed. By setting appropriate access policies for the key vault, you also control who gets access to your certificate. Another benefit is that you manage all your certificates in one place in Azure Key Vault. See Deploy Certificates to VMs from customer-managed Key Vault for more information.

Best practice: Ensure that you can recover a deletion of key vaults or key vault objects.Detail: Deletion of key vaults or key vault objects can be inadvertent or malicious. Enable the soft delete and purge protection features of Key Vault, particularly for keys that are used to encrypt data at rest. Deletion of these keys is equivalent to data loss, so you can recover deleted vaults and vault objects if needed. Practice Key Vault recovery operations on a regular basis.

Note

If a user has contributor permissions (Azure RBAC) to a key vault management plane, they can grant themselves access to the data plane by setting a key vault access policy. We recommend that you tightly control who has contributor access to your key vaults, to ensure that only authorized persons can access and manage your key vaults, keys, secrets, and certificates.

(Video) Top 10 Best Practices for Azure Security

Manage with secure workstations

Note

The subscription administrator or owner should use a secure access workstation or a privileged access workstation.

Because the vast majority of attacks target the end user, the endpoint becomes one of the primary points of attack. An attacker who compromises the endpoint can use the user's credentials to gain access to the organization's data. Most endpoint attacks take advantage of the fact that users are administrators in their local workstations.

Best practice: Use a secure management workstation to protect sensitive accounts, tasks, and data.Detail: Use a privileged access workstation to reduce the attack surface in workstations. These secure management workstations can help you mitigate some of these attacks and ensure that your data is safer.

Best practice: Ensure endpoint protection.Detail: Enforce security policies across all devices that are used to consume data, regardless of the data location (cloud or on-premises).

Protect data at rest

Data encryption at rest is a mandatory step toward data privacy, compliance, and data sovereignty.

Best practice: Apply disk encryption to help safeguard your data.Detail: Use Azure Disk Encryption for Linux VMs or Azure Disk Encryption for Windows VMs. Disk Encryption combines the industry-standard Linux dm-crypt or Windows BitLocker feature to provide volume encryption for the OS and the data disks.

Azure Storage and Azure SQL Database encrypt data at rest by default, and many services offer encryption as an option. You can use Azure Key Vault to maintain control of keys that access and encrypt your data. See Azure resource providers encryption model support to learn more.

(Video) Azure Security Center: The Encrypt Data in Transit Security Control

Best practices: Use encryption to help mitigate risks related to unauthorized data access.Detail: Encrypt your drives before you write sensitive data to them.

Organizations that don't enforce data encryption are more exposed to data-confidentiality issues. For example, unauthorized or rogue users might steal data in compromised accounts or gain unauthorized access to data coded in Clear Format. Companies also must prove that they are diligent and using correct security controls to enhance their data security in order to comply with industry regulations.

Protect data in transit

Protecting data in transit should be an essential part of your data protection strategy. Because data is moving back and forth from many locations, we generally recommend that you always use SSL/TLS protocols to exchange data across different locations. In some circumstances, you might want to isolate the entire communication channel between your on-premises and cloud infrastructures by using a VPN.

For data moving between your on-premises infrastructure and Azure, consider appropriate safeguards such as HTTPS or VPN. When sending encrypted traffic between an Azure virtual network and an on-premises location over the public internet, use Azure VPN Gateway.

Following are best practices specific to using Azure VPN Gateway, SSL/TLS, and HTTPS.

Best practice: Secure access from multiple workstations located on-premises to an Azure virtual network.Detail: Use site-to-site VPN.

Best practice: Secure access from an individual workstation located on-premises to an Azure virtual network.Detail: Use point-to-site VPN.

Best practice: Move larger data sets over a dedicated high-speed WAN link.Detail: Use ExpressRoute. If you choose to use ExpressRoute, you can also encrypt the data at the application level by using SSL/TLS or other protocols for added protection.

Best practice: Interact with Azure Storage through the Azure portal.Detail: All transactions occur via HTTPS. You can also use Storage REST API over HTTPS to interact with Azure Storage.

(Video) Microsoft Azure Encryption Overview - Encryption Consulting

Organizations that fail to protect data in transit are more susceptible to man-in-the-middle attacks, eavesdropping, and session hijacking. These attacks can be the first step in gaining access to confidential data.

Secure email, documents, and sensitive data

You want to control and secure email, documents, and sensitive data that you share outside your company. Azure Information Protection is a cloud-based solution that helps an organization to classify, label, and protect its documents and emails. This can be done automatically by administrators who define rules and conditions, manually by users, or a combination where users get recommendations.

Classification is identifiable at all times, regardless of where the data is stored or with whom it's shared. The labels include visual markings such as a header, footer, or watermark. Metadata is added to files and email headers in clear text. The clear text ensures that other services, such as solutions to prevent data loss, can identify the classification and take appropriate action.

The protection technology uses Azure Rights Management (Azure RMS). This technology is integrated with other Microsoft cloud services and applications, such as Microsoft 365 and Azure Active Directory. This protection technology uses encryption, identity, and authorization policies. Protection that is applied through Azure RMS stays with the documents and emails, independently of the location-inside or outside your organization, networks, file servers, and applications.

This information protection solution keeps you in control of your data, even when it's shared with other people. You can also use Azure RMS with your own line-of-business applications and information protection solutions from software vendors, whether these applications and solutions are on-premises or in the cloud.

We recommend that you:

  • Deploy Azure Information Protection for your organization.
  • Apply labels that reflect your business requirements. For example: Apply a label named "highly confidential" to all documents and emails that contain top-secret data, to classify and protect this data. Then, only authorized users can access this data, with any restrictions that you specify.
  • Configure usage logging for Azure RMS so that you can monitor how your organization is using the protection service.

Organizations that are weak on data classification and file protection might be more susceptible to data leakage or data misuse. With proper file protection, you can analyze data flows to gain insight into your business, detect risky behaviors and take corrective measures, track access to documents, and so on.

Next steps

See Azure security best practices and patterns for more security best practices to use when you're designing, deploying, and managing your cloud solutions by using Azure.

The following resources are available to provide more general information about Azure security and related Microsoft services:

(Video) Azure Security : Is your data secure in the cloud?

  • Azure Security Team Blog - for up to date information on the latest in Azure Security
  • Microsoft Security Response Center - where Microsoft security vulnerabilities, including issues with Azure, can be reported or via email to secure@microsoft.com

FAQs

Which Azure security solutions provides general security recommendations and suggest remediation to better secure your resources? ›

Defender for Cloud collects data from your Azure virtual machines (VMs) to monitor for security vulnerabilities and threats.

Which security solution is recommended in Azure? ›

You can additionally use Microsoft Defender for Endpoint to protect your Azure servers. It provides advanced breach-detection sensors that quickly adapt to evolving threats through the power of big data and analytics and provides superior threat intelligence to protect your workloads.

Which of the following requirements need to be met for using encryption at rest for Azure? ›

Azure Key Vault

The storage location of the encryption keys and access control to those keys is central to an encryption at rest model. The keys need to be highly secured but manageable by specified users and available to specific services.

What are the 7 things Azure security monitor can do? ›

Containers
  • Deploy and scale containers on managed Kubernetes.
  • Deploy and scale containers on managed Red Hat OpenShift.
  • Azure Container Apps. ...
  • Execute event-driven serverless code functions with an end-to-end development experience.
  • Run containerized web apps on Windows and Linux.
  • Azure Container Instances.

What are the three most urgent security challenges addressed by Azure Security Center? ›

Azure Security Center addresses the three most urgent security challenges
  • Rapidly changing workloads. It's both a strength and a challenge of the cloud. ...
  • Increasingly sophisticated attacks. Wherever you run your workloads, the attacks keep getting more sophisticated. ...
  • Security skills are in short supply.

What is the recommended most secure way to protect your network for Azure SQL Database? ›

Transparent data encryption

You can also encrypt data using SSMS and the Always encrypted feature. To enable or verify encryption: In the Azure portal, select SQL databases from the left-hand menu, and select your database on the SQL databases page. In the Security section, select Transparent data encryption.

What is effective security rules in Azure? ›

Effective security rules view returns all the configured NSGs and rules that are associated at a NIC and subnet level for a virtual machine providing insight into the configuration.

How do you ensure security in Azure? ›

Security
  1. Microsoft Sentinel.
  2. Microsoft Defender for Cloud.
  3. Protect your Azure resources from distributed denial-of-service (DDoS) attacks.
  4. Azure Bastion. Fully managed service that helps secure remote access to your virtual machines.
  5. Web Application Firewall. ...
  6. Azure Firewall. ...
  7. Azure Firewall Manager.

How do you manage security in Azure? ›

What are the Best Security Practices for Azure?
  1. Use Dedicated Workstations With Privileged Access For Admins. ...
  2. Restrict the Administrator Access. ...
  3. Use Multi-Factor Authentication (MFA) ...
  4. Restrict User Access. ...
  5. Manage and Limit Network Access within Azure. ...
  6. Use a Key Management Solution. ...
  7. Encrypt Virtual Disks and Disk Storage.
Dec 14, 2021

How can I improve my Azure security? ›

Top 10 Microsoft Azure best security practices
  1. Use dedicated workstations. ...
  2. Use multiple authentication. ...
  3. Restrict the administrator access. ...
  4. Restrict the user access. ...
  5. Control and limit the network access to Microsoft Azure. ...
  6. Use a key management solution. ...
  7. Encrypt virtual disks and disk storage.
Aug 24, 2017

What are the two types of keys available in encryption in Azure? ›

Azure Key Vault provides two types of resources to store and manage cryptographic keys. Vaults support software-protected and HSM-protected (Hardware Security Module) keys.

How many types of encryption are there in Azure? ›

Three types of keys are used in encrypting and decrypting data: the Master Encryption Key (MEK), Data Encryption Key (DEK), and Block Encryption Key (BEK).

What type of encryption does Azure use? ›

Data in Azure Storage is encrypted and decrypted transparently using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant. Azure Storage encryption is similar to BitLocker encryption on Windows.

What are used to encrypt keys and secrets in Azure? ›

Use Azure Key Vault to encrypt keys and small secrets like passwords that use keys stored in hardware security modules (HSMs).

What are the three security services provided by Windows Azure? ›

A cloud-based and managed version of Active Directory Domain Services that provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication.

What are the 5 basic security principles? ›

The U.S. Department of Defense has promulgated the Five Pillars of Information Assurance model that includes the protection of confidentiality, integrity, availability, authenticity, and non-repudiation of user data.

What are the four C's of cloud security? ›

The 4C's of Cloud Native security are Cloud, Clusters, Containers, and Code. Note: This layered approach augments the defense in depth computing approach to security, which is widely regarded as a best practice for securing software systems.

What are the top 5 security in cloud computing? ›

Main Cloud Security Issues and Threats in 2021
  • Denial of Service Attacks. ...
  • Data Loss/Leakage. ...
  • Data Privacy/Confidentiality. ...
  • Accidental Exposure of Credentials. ...
  • Incident Response. ...
  • Legal and Regulatory Compliance. ...
  • Data Sovereignty/Residence/Control. ...
  • Protecting the Cloud.

What are 3 D's of security in security in computing? ›

That is where the three D's of security come in: deter, detect, and delay. The three D's are a way for an organization to reduce the probability of an incident.

What 3 areas can data security be broken down in to? ›

Collectively known as the 'CIA triad', confidentiality, integrity and availability are the three key elements of information security. If any of the three elements is compromised, then there can be serious consequences, both for you as a data controller, and for the individuals whose data you process.

What are three main security issues? ›

Here are ten common types of security risks and vulnerabilities, and what to do about them.
  • Malware (including fileless malware) ...
  • Cloud security. ...
  • Phishing. ...
  • Ransomware. ...
  • Data loss. ...
  • Password attacks. ...
  • Insider threats. ...
  • DDoS.

What type of encryption can be used to encrypt data at rest in an Azure SQL Database? ›

Transparent data encryption (TDE) helps protect Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics against the threat of malicious offline activity by encrypting data at rest.

How we secure your data in Azure AD? ›

All Azure AD APIs are web-based using SSL through HTTPS to encrypt the data. All Azure AD servers are configured to use TLS 1.2. We allow inbound connections over TLS 1.1 and 1.0 to support external clients. We explicitly deny any connection over all legacy versions of SSL including SSL 3.0 and 2.0.

How do I encrypt a SQL database in Azure? ›

If you're using Azure Key Vault, execute the below commands. If you're using Windows certificate store, execute the below commands. Generate a column encryption key, encrypt it with the column master key you've created, and create a column encryption key metadata object in the database.

What are the three 3 features of security? ›

The CIA triad refers to an information security model made up of the three main components: confidentiality, integrity and availability. Each component represents a fundamental objective of information security.

What are the six principles of security? ›

The Principles of Security can be classified as follows:
  • Confidentiality: The degree of confidentiality determines the secrecy of the information. ...
  • Authentication: Authentication is the mechanism to identify the user or system or the entity. ...
  • Integrity: ...
  • Non-Repudiation: ...
  • Access control: ...
  • Availability:
Jan 8, 2023

What are the 7 principles of security? ›

Security by Design: 7 Application Security Principles You Need to Know
  • Principle of Least Privilege. ...
  • Principle of Separation of Duties. ...
  • Principle of Defense in Depth. ...
  • Principle of Failing Securely. ...
  • Principle of Open Design. ...
  • Principle of Avoiding Security by Obscurity. ...
  • Principle of Minimizing Attack Surface Area.

What is data security in Azure? ›

Protecting your keys is essential to protecting your data in the cloud. Azure Key Vault helps safeguard cryptographic keys and secrets that cloud applications and services use. Key Vault streamlines the key management process and enables you to maintain control of keys that access and encrypt your data.

Who is responsible for security in Azure? ›

For all cloud deployment types, you own your data and identities. You are responsible for protecting the security of your data and identities, on-premises resources, and the cloud components you control (which varies by service type).

What is the best way of increasing security? ›

The following 10 tips will help you increase the security around your data.
  1. Protect the data itself, not just the perimeter. ...
  2. Pay attention to insider threats. ...
  3. Encrypt all devices. ...
  4. Testing your security. ...
  5. Delete redundant data. ...
  6. Spending more money and time on Cyber-security. ...
  7. Establish strong passwords.
Jan 6, 2023

What are the benefits of security services in Azure? ›

Protect your workloads quickly with built-in controls and services in Azure across identity, data, networking, and apps.
...
Simplify security with built-in controls
  • Manage identity and control access.
  • Secure your network.
  • Safeguard data.
  • Key, secrets and certificate management.
  • Get centralised visibility and prevent attacks.

What are the four 3 most secured encryption techniques? ›

Best Encryption Algorithms
  • AES. The Advanced Encryption Standard (AES) is the trusted standard algorithm used by the United States government, as well as other organizations. ...
  • Triple DES. ...
  • RSA. ...
  • Blowfish. ...
  • Twofish. ...
  • Rivest-Shamir-Adleman (RSA).
Nov 11, 2022

What are the three 3 different encryption methods? ›

The three major encryption types are DES, AES, and RSA.

What are the 3 common database encryption methods? ›

The four major types of database encryption are: Business Application Encryption (BA), DBMS Application Encryption (DA), DBMS Package Encryption (DP), and DBMS Engine Encryption (DE). Each database encryption takes place at separate layers and often have different functionality and requirements.

What are the 2 types of data encryption? ›

There are two types of encryption in widespread use today: symmetric and asymmetric encryption. The name derives from whether or not the same key is used for encryption and decryption.

What is Azure always encrypted? ›

Always Encrypted is a feature designed to protect sensitive data, such as credit card numbers or national identification numbers (for example, U.S. social security numbers), stored in Azure SQL Database, Azure SQL Managed Instance, and SQL Server databases.

How does Azure encrypt data at rest? ›

It uses the Bitlocker-feature of Windows (or DM-Crypt on Linux) to provide volume encryption for the OS and data disks of Azure virtual machines (VMs). It is integrated with Azure Key Vault to help you control and manage the disk encryption keys, and secrets.

Which encryption is best for data at rest? ›

Encryption of Data at Rest

NIST-FIPS recommends encrypting your sensitive data with Advanced Encryption Standard (AES), a standard used by US federal agencies to protect Secret and Top-Secret information. Most commercial encryption products feature at least one implementation of AES.

What are the 3 important services offered by Azure? ›

This gives users the flexibility to use their preferred tools and technologies. In addition, Azure offers four different forms of cloud computing: infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS) and serverless functions.

What is the best Practise to be followed in order to improve the performance of Azure function? ›

Use async code but avoid blocking calls

Asynchronous programming is a recommended best practice, especially when blocking I/O operations are involved. In C#, always avoid referencing the Result property or calling Wait method on a Task instance. This approach can lead to thread exhaustion.

What are the best practices to improve the performance of Azure container instance? ›

What are container best practices? Use container scanning tools to detect vulnerabilities, as well as ensure there aren't any CIS (Center for Internet Security) Benchmark violations.

What best practices for cloud operations are you using? ›

5 CloudOps Best Practices
  • Set up a deployment plan. Instead of randomly rolling out your cloud applications and systems updates, it's advisable to follow a structured deployment plan. ...
  • Automate cloud processes. ...
  • Build and maintain redundancy. ...
  • Set appropriate resource limits. ...
  • Monitor cloud costs.

What are the 4 service categories provided by Microsoft Azure? ›

A public cloud computing platform, Microsoft Azure offers infrastructure as a service (IaaS), software as a service (SaaS), platform as a service (PaaS), and a serverless model.

What are the main concepts in Azure? ›

Important components of Microsoft Azure are Compute, Storage, Database, Monitoring & management services, Content Delivery Network, Azure Networking, Web & Mobile services, etc.

What are the top 10 most used Microsoft Azure services? ›

Top 10 Microsoft Azure Products and Services
  • Azure DevOps.
  • Azure Blob Storage.
  • Azure Virtual Machines.
  • Azure Backup.
  • Azure Cosmos DB.
  • Azure Logic Apps.
  • Azure Active Directory.
  • API management.

Which makes recommendations to help improve performance reliability and security in Azure? ›

Azure Advisor offers actionable recommendations to help you optimize your Azure resources for reliability, security, operational excellence, performance, and cost.

What are the best practice for the security in Azure Container Registry? ›

Security recommendations for Azure Container Instances
  • Use a private registry. ...
  • Monitor and scan container images. ...
  • Protect credentials. ...
  • Use vulnerability management as part of your container development lifecycle. ...
  • Scan for vulnerabilities. ...
  • Map image vulnerabilities to running containers.
Jun 17, 2022

Which of the following would you use to view security recommendations for your Azure environment? ›

How to view Azure security recommendations
  • In Defender for Cloud Apps, browse to Investigate > Security configuration, and then select the Azure tab. Note. ...
  • You can filter the recommendations by type, by resource, and by subscription. Additionally, you can select the security configuration icon.
3 days ago

Which of the following is the best practices for Azure SQL Server and database? ›

Enable all types of threat detection for your Microsoft Azure SQL database servers. Ensure that database auditing is enabled at the Azure SQL database server level. Ensure that your Azure SQL database servers are configured to use auto-failover groups.

How do you improve the performance of a SQL Azure database? ›

There are three primary options for Automatic Tuning with Azure SQL Database:
  1. CREATE INDEX: Creates new indices that can improve the performance.
  2. DROP INDEX: Drops redundant and unused indices (>90 days)
  3. FORCE LAST GOOD PLAN: Identifies queries using the last known good execution plan.
Jan 20, 2021

How do I improve my Azure performance? ›

Additional resources
  1. Cross-region replication in Azure. ...
  2. Performance recommendations - Azure Advisor. ...
  3. Use geo-redundancy to design highly available applications - Azure Storage. ...
  4. Storage Accounts and cost optimization - Microsoft Azure Well-Architected Framework. ...
  5. Cost recommendations - Azure Advisor.
Aug 23, 2022

What are 3 measures used to protect the cloud? ›

Authentication and identity, access control, encryption, secure deletion, integrity checking, and data masking are all data protection methods that have applicability in cloud computing.

What are the five key questions you should consider before implementing identity security in your cloud infrastructure? ›

5 Key Considerations for Successful Cloud Security
  • Know your cloud provider's security foothold. ...
  • Understand your cloud security weaknesses. ...
  • Implement access control regulations. ...
  • Ensure your cloud data is encrypted. ...
  • Train your enterprise on cloud security.
Apr 24, 2020

What are the 5 most essential things that must be followed before going for cloud computing platform? ›

Following are the essential things that must be followed before going for the cloud computing platform:
  • Uptime.
  • Loss of data.
  • Data storage.
  • Compliance.
  • Business continuity.
  • Data integrity in cloud computing.
Nov 11, 2022

Videos

1. MSFT STOCK Earnings Microsoft - TRADING & INVESTING - Martyn Lucas Investor @MartynLucas
(Martyn Lucas Investor)
2. Cloud Security Tutorial - Azure Security Best Practices
(LinkedIn Learning)
3. Azure Databricks Security Best Practices
(Databricks)
4. Data Security Best Practices for Data Engineers Using Data Factory | Azure SQL and ADF Event
(Azure SQL)
5. Azure Disk Encryption: Windows VM
(Microsoft Reactor)
6. Secure Your Azure DevOps Organization | Best Practices for Azure DevOps Security
(CoderDave)
Top Articles
Latest Posts
Article information

Author: Prof. Nancy Dach

Last Updated: 01/16/2023

Views: 6250

Rating: 4.7 / 5 (57 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Prof. Nancy Dach

Birthday: 1993-08-23

Address: 569 Waelchi Ports, South Blainebury, LA 11589

Phone: +9958996486049

Job: Sales Manager

Hobby: Web surfing, Scuba diving, Mountaineering, Writing, Sailing, Dance, Blacksmithing

Introduction: My name is Prof. Nancy Dach, I am a lively, joyous, courageous, lovely, tender, charming, open person who loves writing and wants to share my knowledge and understanding with you.