Encryption technique to handle the PII data and expose it?

Question

Encryption technique to handle the PII data and expose it?

Niren Adhikary 96

Hello,

Could you please provide us with detail explanation on how do we handle the PII data and expose it?

How do we encrypt the data, what data encryption technique we need to use and detailed steps

Thanks !

Vinodh247 34,661 Reputation points MVP Volunteer Moderator

2023-06-29T06:39:12.4966667+00:00

Just checking in to see if the below answer helped. Please do consider clicking Accept Answer and Up-Vote for the same as accepted answers help community as well.
PRADEEPCHEEKATLA 90,641 Reputation points Moderator

2023-07-04T05:08:33.4866667+00:00

@Niren Adhikary - We received your feedback that the answer provided on the thread was not helpful.

Kindly let us know what we could have done better to improve the answer and make your engagement experience good. We are here to help you and strive to make your experience better and greatly value your feedback.

I have provided a detailed answer which has clear steps for which you are looking for. If you wish, you may re-surveying/rating for the engagement you received on the thread. Your feedback is very important to us.

Looking forward to you reply. Much appreciate your feedback!

Regards,

PRADEEPCHEEKATLA-MSFT

2 answers

Your answer

Vinodh247 34,661 Reputation points MVP Volunteer Moderator

2023-06-29T06:39:12.4966667+00:00

Just checking in to see if the below answer helped. Please do consider clicking Accept Answer and Up-Vote for the same as accepted answers help community as well.
PRADEEPCHEEKATLA 90,641 Reputation points Moderator

2023-07-04T05:08:33.4866667+00:00

@Niren Adhikary - We received your feedback that the answer provided on the thread was not helpful.

Kindly let us know what we could have done better to improve the answer and make your engagement experience good. We are here to help you and strive to make your experience better and greatly value your feedback.

I have provided a detailed answer which has clear steps for which you are looking for. If you wish, you may re-surveying/rating for the engagement you received on the thread. Your feedback is very important to us.

Looking forward to you reply. Much appreciate your feedback!

Regards,

PRADEEPCHEEKATLA-MSFT

Answer 1

Vinodh247 34,661 MVP Volunteer Moderator

Hi,

Thanks for reaching out to Microsoft Q&A.

For PII data you can use data masking to encrypt data at rest. This can be done via script or from azure portal like given below. The data's will be encrypted at rest with various options to mask different fields like name, email address, pincode, phone etc.

User's image

Pls go through the below link for complete understanding and let me know if you have any questions.

https://learn.microsoft.com/en-us/azure/synapse-analytics/guidance/security-white-paper-data-protection

Please Upvote and Accept as answer if the reply was helpful, this will be benefitting the other community members who go through the same issue.

Niren Adhikary 96 Reputation points

2023-06-29T06:50:48.87+00:00

That does not explain enough on how we should handle PII data in transit and at rest both cases.
Vinodh247 34,661 Reputation points MVP Volunteer Moderator

2023-06-29T07:32:19.0733333+00:00

You can consider Dynamic Data Masking similar to data in transit.

Dynamic data masking helps prevent unauthorized access to sensitive data by enabling customers to designate how much of the sensitive data to reveal with minimal effect on the application layer. It's a policy-based security feature that hides the sensitive data in the result set of a query over designated database fields, while the data in the database isn't changed.

Try TDE method for encryption at rest.

Transparent data encryption (TDE) helps protect Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics against the threat of malicious offline activity by encrypting data at rest. It performs real-time encryption and decryption of the database, associated backups, and transaction log files at rest without requiring changes to the application. By default, TDE is enabled for all newly deployed Azure SQL Databases and must be manually enabled for older databases of Azure SQL Database. For Azure SQL Managed Instance, TDE is enabled at the instance level and newly created databases. TDE must be manually enabled for Azure Synapse Analytics.

For further reading...

https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-tde-overview?view=azuresql&tabs=azure-portal

For encryption at Synapse analytics workspace level, pls read below link.

https://learn.microsoft.com/en-us/azure/synapse-analytics/security/workspaces-encryption#encryption-of-data-at-rest

Answer 2

PRADEEPCHEEKATLA 90,641 Moderator

@Niren Adhikary - Thanks for the question and using MS Q&A platform.

Data at Rest: Azure provides encryption for data at rest by default. For highly sensitive data, you have options to implement additional encryption at rest on all Azure resources where available. Azure manages your encryption keys by default, but Azure also provides options to manage your own keys (customer-managed keys) for certain Azure services to meet regulatory requirements.

Data at transit: By default, Azure provides encryption for data in transit between Azure data centers.

For more details, refer to Azure security baseline for Azure Data Factory.

This article provides an overview of how encryption is used in Microsoft Azure. It covers the major areas of encryption, including encryption at rest, encryption in flight, and key management with Azure Key Vault. Each section includes links to more detailed information.

This article describes best practices for data security and encryption.

Hope this helps. Do let us know if you any further queries.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Niren Adhikary 96 Reputation points

2023-06-29T08:14:10.5833333+00:00

How data is encrypted at rest by default? If I have customer phone number and address and it is stored in Synapse or datalake? We need to apply data masking and some encryption technique right? Otherwise someone who has access can see it.
PRADEEPCHEEKATLA 90,641 Reputation points Moderator

2023-06-29T08:42:33.4566667+00:00

@Niren Adhikary - Azure encrypts data at rest by default using industry-standard encryption algorithms such as Advanced Encryption Standard (AES) and 256-bit encryption keys. This means that any data stored in Azure services such as Azure Synapse Analytics or Azure Data Lake Storage is automatically encrypted at rest.

However, encryption at rest only protects against unauthorized access to the physical storage media. It does not protect against unauthorized access to the data itself. If you have sensitive data such as customer phone numbers and addresses, you may want to consider additional security measures such as data masking and encryption.

Data masking is a technique that involves replacing sensitive data with a non-sensitive substitute. For example, you could mask the first six digits of a customer's phone number with X's to protect their privacy. Azure Synapse Analytics provides built-in data masking capabilities that you can use to mask sensitive data in your data warehouse.

Encryption is another technique that can be used to protect sensitive data. Azure provides several encryption options for data at rest, including server-side encryption with customer-managed keys (CMKs) and client-side encryption. Server-side encryption with CMKs allows you to use your own encryption keys to encrypt data at rest, while client-side encryption allows you to encrypt data before it is uploaded to Azure storage.

In summary, while Azure provides encryption at rest by default, additional security measures such as data masking and encryption may be necessary to protect sensitive data such as customer phone numbers and addresses.

Hope this helps. Do let us know if you any further queries.
PRADEEPCHEEKATLA 90,641 Reputation points Moderator

2023-07-07T08:22:34.6833333+00:00

@Niren Adhikary - Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

If you wish, you may re-surveying/rating for the engagement you received on the thread. Your feedback is very important to us.

Looking forward to you reply. Much appreciate your feedback!

Regards,

PRADEEPCHEEKATLA-MSFT
PRADEEPCHEEKATLA 90,641 Reputation points Moderator

2023-07-10T05:10:52.0933333+00:00

@Niren Adhikary - Following up to see if the above suggestion was helpful. And, if you have any further query do let us know.

I have provided a detailed answer which has clear steps for which you are looking for. If you wish, you may re-surveying/rating for the engagement you received on the thread. Your feedback is very important to us.

Looking forward to you reply. Much appreciate your feedback!
Niren Adhikary 96 Reputation points

2023-07-10T06:30:13.1966667+00:00

Thanks
PRADEEPCHEEKATLA 90,641 Reputation points Moderator

2023-07-10T06:56:13.8366667+00:00

@Niren Adhikary - If this answers your query, do click **Accept Answer** and **Yes** for was this answer helpful. And, if you have any further query do let us know.
PRADEEPCHEEKATLA 90,641 Reputation points Moderator

2023-07-13T04:15:36.5633333+00:00

@Niren Adhikary - We received your feedback that the answer provided on the thread was not helpful.

Kindly let us know what we could have done better to improve the answer and make your engagement experience good. We are here to help you and strive to make your experience better and greatly value your feedback.

I have provided a detailed answer which has clear steps for which you are looking for. If you wish, you may re-surveying/rating for the engagement you received on the thread. Your feedback is very important to us.

Looking forward to you reply. Much appreciate your feedback!

Regards,

PRADEEPCHEEKATLA-MSFT

Share via

Encryption technique to handle the PII data and expose it?

2 answers

Your answer