Since data is the “life blood” of your company, it’s important that it stays secure at all times. Data security is even more important in cases where you entrust your data to an offsite cloud services provider like Microsoft or AWS. Therefore, in order to serve your most demanding security and compliance needs, Microsoft has announced a new Encryption at Rest service for your Azure IaaS (Infrastructure as a Service) offering.
With the Microsoft Azure cloud, it is important to keep track of new features and keep up with the rapid technology releases – and that is where Sierra Systems can help. Sierra System’s Cloud Architects are continually learning and evaluating new features and functionality and looking to how best to apply it to our Client’s environments – maximizing security, performance, and functionality while they focus on their key business goals.
Microsoft now provides Azure customers with the capability to encrypt their VM data on a multi-tenant shared infrastructure with either Microsoft managing the encryption keys, or the customer maintaining complete control of the encryption keys for their data on the Azure Storage Infrastructure. All storage services within the cloud are not equal. For example – Microsoft just announced as of June 10, automatic storage encryption for Managed Disks as a feature (Managed Disks were only released in February of this year), whereas Storage Account-based disks can be encrypted with either Microsoft keys or customer managed keys, but it must be enabled.
This release will help to protect and maintain data encryption using 256-bit AES encryption, one of the strongest block ciphers available so that you can continue to meet your security policies and organizational compliance standards.
Storage server encryption works by transparently encrypting the data when it is written to Azure Storage and can be used for Azure Blob Storage and File Storage. It works for the following:
- Standard Storage: General purpose storage accounts for Blobs and File storage and Blob storage accounts
- Premium storage
- All redundancy levels (LRS, ZRS, GRS, RA-GRS)
- Azure Resource Manager storage accounts (but not classic)