Overview: With all IT storage, we are
looking for encryption at rest and making sure the data is encrypted “over the
wire” until it is stored storage. For encryption
in transit, Azure SQL supports TLS/SSL versions 1.0, 1.1,and 1.2. If
possible got for TLS 1.2.
Azure SQL Server Transparent
Data Encryption (TDE) related to encryption at rest by
encrypting the log and data files on the storage; Azure enforces TDE as the
default on databases. TDE can be turned off on your Azure SQL instance.
Backups should also be encrypted, and if TDS is
enabled on Azure, your backups are also automatically encrypted. Tip:
Validate your restore of Azure Backups to another instance.
Column encryption is useful for encrypting a column
within a table. I prefer to use a Key Vault and use a SQL column to point
to the database for things like tokens and secrets, but something like credit
card numbers column encryption is ideal.
Always Encrypted allows for one or more columns to be encrypted within a database. Client application shall decrypt and provides for separation where database owners/access cannot validate/view the encrypted column/columns.
0 comments:
Post a comment