Always Encrypted in Azure SQL Database – now available to all

July 23rd, 2016 by Stephen Jones Leave a reply »

Always Encrypted in Azure SQL Database is Generally Available

Always Encrypted is a feature designed to ensure sensitive data and its corresponding encryption keys are never revealed in plaintext to the database system. With Always Encrypted enabled, a SQL client driver encrypts and decrypts sensitive data inside client applications or application servers, by using keys stored in a trusted key store, such as Azure Key Vault or Windows Certificate Store on a client machine. As a result, even database administrators, other high privilege users, or attackers gaining illegal access to Azure SQL Database, cannot access the data.

•To ensure the data is protected from malicious cloud database admins, co-tenants, or/and malware in Azure SQL Database. Always Encrypted can guarantee full isolation of data from the cloud provider when client applications or middle tier services are hosted on premises, but even for all-Azure apps, Always Encrypted substantially reduces attack the surface area, by removing the database from it.
•To prevent the disclosure of sensitive data within customer’s organization. With Always Encrypted, DBAs, who do not have access to the keys, can administer the database without having access to sensitive data in plaintext.

see https://azure.microsoft.com/en-us/documentation/articles/sql-database-always-encrypted-azure-key-vault/ for more information and a tutorial

Advertisement

Leave a Reply

You must be logged in to post a comment.