Some customers will want to backup (copy) CAPTOR content to Azure Blob Storage. This is a great use case, with a lot of benefits. The connection would utilize the SFTP data transfer protocol.
Blob storage has way more native processing, backup, AV scanning etc. The configuration can be limited to only List and Create permissions, which ensures a higher degree of security. Read more: https://learn.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-support#container-permissions
The result is that the CAPTOR user can:
- List out files and folders (to check whether the correct folder structure exists)
- Create new files and directories if required
And the CAPTOR user cannot:
- Modify existing files or folders once created (no ability to edit)
- Remove/Delete files or folders
- Read file contents which have been uploaded
Therefore in the extremely rare situation whereby someone were to compromise the credentials of the user account, they can only upload files and create directories. This can also be monitored with Microsoft AV scanning to further minimize the risk of compromise.