Azure Encryption
Last updated
Last updated
Azure Storage Service Encryption (SSE) is a feature that automatically encrypts data at rest in Azure Storage accounts, ensuring that your data is secure while stored. It provides encryption for all types of data stored in Azure Storage, including blobs, files, queues, and tables.
Azure Disk Encryption provides encryption for virtual machine (VM) disks to protect data at rest in Azure. It uses different technologies based on the operating system:
Windows BitLocker: For Windows-based VMs, Azure Disk Encryption uses BitLocker to encrypt the OS and data disks. BitLocker protects data by encrypting the entire disk, ensuring that unauthorized users cannot access the data.
Linux dm-crypt: For Linux-based VMs, dm-crypt is used to provide disk encryption. It works with the Linux Unified Key Setup (LUKS) to encrypt the VM disks, ensuring that the data is secure at rest.
Transparent Data Encryption (TDE) is a security feature in Azure SQL Database and Azure SQL Managed Instance that automatically encrypts SQL database files (data and log files) to protect data at rest.
Encryption at Rest: TDE ensures that all data stored in the database is automatically encrypted without requiring changes to the application or database schema.
Transparent: TDE is applied automatically to the database and doesn't require any changes to the application, allowing seamless encryption without disruption.
Encryption of Data Files: It encrypts the underlying database files, including backups and transaction logs, making data more secure if someone attempts to access these files directly.
Key Management: TDE uses encryption keys that are managed by Azure or can be controlled by the user using Azure Key Vault.
