DEV Community

Eng Soon Cheah
Eng Soon Cheah

Posted on

Implement Secure data solutions

Azure Security Spectrum

Alt text of image

Encryption

  • Encryption
    Process of translating plain text data (plaintext) into something that appears to be random and meaningless (ciphertext)

  • Decryption
    Process of converting ciphertext back to plaintext

  • Symmetric encryption is used to encrypt more than a small amount of data

    • A symmetric key is used to encrypt the data
    • The same key must be used to decrypt the data

Encryption at rest

  • Encryption (or encoding) of data when it is persisted
    • Very common security requirement to encrypt data with a secret encryption key anytime it is persisted to disk
  • Prevents attackers from accessing sensitive data when they have full access to a server’s machine, storage or drives
  • Encryption at rest design in Azure uses symmetric encryption:
    • A symmetric encryption key is used to encrypt data as it is written to storage
    • The same encryption key is used to decrypt that data as it is readied for use in memory
    • Data may be partitioned, and different keys may be used for each partition
    • Keys are stored in a security-enhanced location with access control policies
    • Data encryption keys are often encrypted with asymmetric encryption to further limit access Encryption at rest in Azure

Encryption at Rest for Azure Services

  • Azure Storage
    • Data is automatically encrypted server-side for all Storage services (Blob, Queue, Table, Files)
    • Keys are managed by the service
  • Azure SQL Database
    • Transparent Data Encryption (TDE) is enabled by default on all new databases
    • Supports customer-managed 2048-bit keys in Azure Key Vault
  • Azure Cosmos DB
    • Backups and media attachments are stored in Blob storage
    • Databases are automatically encrypted on SSDs

Top comments (0)