.png?width=100&auto=webp&quality=80&disable=upscale "Picture of John Savill")
.png?width=400&auto=webp&quality=80&disable=upscale "John Savill")
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Value of Azure server-side encryption
Understand the benefit of Azure server-side encryption
John Savill
April 1, 2017
1 Min Read
Q. If I use Azure server-side encryption what value does this provide if Microsoft has the key?
A. There are various reasons to encrypt data. When using the Azure Key Vault service to store the keys leveraged for encryption at rest in Azure while Azure services can access the key to provide other Azure functionality such as backup, the Microsoft operations team do not have access to the keys which are secured using HSMs. The key goal for this type of encryption is really two-fold:
Provides protection from a disk being taken out of a datacenter and the majority of data attack cases
Enables a checkbox required for many regulatory requirements that says the data is encrypted at rest
If you need additional levels of data security then you should look at client encryption of data where the application controls the encryption and be careful of where the key is stored but this will limit types of Azure services that can interact with the data and even other application layers as there will need to be a method to provide them with a key to use the data.
About the Author
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
