Implement SQL Database Always Encrypted
- Primary characteristics of SQL Database Always Encrypted:
- Protects data at rest, in transit, and in use
- Ensures that data is accessible from client applications and application servers only
- Implement SQL Database Always Encrypted:
- Use the Always Encrypted wizard in SSMS to create Always Encrypted keys:
- Create a column master key
- Create a column encryption key
- Create a database table and encrypt columns
- Create an application that inserts, selects, and displays data from the encrypted columns
- Use the Always Encrypted wizard in SSMS to create Always Encrypted keys:
Implement SSE
- Primary characteristics of Azure Storage Service Encryption:
- Applies automatically to all Azure Storage accounts and cannot be disabled
- Encrypts on write and decrypts on read
- Supports all four storage services (Blob, Queue, Table, and Files)
- Supports both storage performance tiers (Standard and Premium)
- Supports both deployment models (Resource Manager and classic)
- Configuring SSE:
- By default, SSE uses platform-assigned keys
- Customers have the option to use their own keys
Implement Azure Disk Encryption
- Primary characteristics of Disk Encryption:
- Uses BitLocker on Windows VMs and DM-Crypt on Linux VMs
- Provides encryption of the operating system and data disks
- Stores encryption keys in a customer-managed key vault
- Requires granting the Azure platform access to the key vault
- Implementing disk encryption:
- Azure Resource Manager templates
- PowerShell
- Azure CLI
Implement Azure Backup encryption
- Primary characteristics of Azure Backup:
- Supports Windows and Linux operating systems
- Is capable of protecting on-premises and cloud-resident workloads
- Allows for backup and recovery of files, folders, system state, and applications
- Implementing Azure Backup encryption:
- For on-premises workloads, encryption is based on a customer-provided passphrase
- For Azure VMs, encryption uses SSE
Top comments (0)