‘Microsoft Encryption of Data-at-Rest’ White Paper
- Encryption in Flight (network encryption)
- Encryption in processing (application data encryption)
Encryption at rest is about protecting data on disk. You need to make sure that an attacker who might to acquire a hard drive (spinning or solid state) will not be able to pull data off that drive. The most common way of doing this is to mount the disk offline.
Of course, when we’re talking about a public cloud service provider like Microsoft Azure, the chance of such an occurrence is vanishingly small. Therefore, a more compelling reason for making sure data is encrypted at rest is so that you can satisfy compliance mandates.
However, in the end, encryption at rest is just another commonsense measure you should employ as part of your defense in depth strategy.
With this in mind, we think you’ll want to know what we do, and what we help you to do, with encryption at rest in Azure.
Read the entire article here, Microsoft Encryption of Data-at-Rest White Paper – Microsoft Azure Security and Compliance
via the fine folks at Microsoft