Ensure that 'Access Policies' are Implemented and Reviewed
Why This Matters
Without access policies, any authenticated user or service can execute any Redis command, which creates a significant security risk. By not implementing Role Based Access Control (RBAC), you lose the ability to enforce least privilege, meaning users may have unnecessary access to sensitive data or destructive commands. This increases the attack surface and makes unauthorized data exposure or accidental data loss more likely.
What Aether365 Checks
Aether365 verifies that access policies using RBAC are configured for each Azure Cache for Redis instance. This check appears in the Aether365 dashboard under the azure-cache-for-redis security scan section.