Encryption Standard and version used for Azure Sql Server at rest
Question
Azure SQL Server provides data encrypted at rest. Can someone help to find what is the encryption standard and version that it uses to achieve this
1 answers
solution1
0 2022-04-18 05:09:54
Transparent data encryption (TDE) encrypts SQL Server , Azure SQL Database , and Azure Synapse Analytics data files. This encryption is known as encrypting data at rest.
TDE does real-time I/O encryption and decryption of data and log files. The encryption uses a database encryption key (DEK). The database boot record stores the key for availability during recovery. The DEK is a symmetric key. It's secured by a certificate that the server's master database stores or by an asymmetric key that an EKM module protects.
TDE protects data at rest, which is the data and log files. It lets you follow many laws, regulations, and guidelines established in various industries. This ability lets software developers encrypt data by using AES and 3DES encryption algorithms without changing existing applications.
In Azure, the default setting for TDE is that the DEK is protected by a built-in server certificate. The built-in server certificate is unique for each server and the encryption algorithm used is AES 256.
You can find other applicable TDE approach here .
There are three scenarios for server-side encryption:
- Server-side encryption using Service-Managed keys
- Server-side encryption using customer-managed keys in Azure Key Vault
- Server-side encryption using customer-managed keys on customer-controlled hardware
The Azure SQL Server supports all the scenarios, based upon your feasibility and requirement. Check the detailed description here .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.