Encryption for API with Azure native service

Question

We are looking for a solution for one of our customers and the scenario is as follows -

1. The client has an on-premises ERP system and other workloads on Azure.
2. They are exporting some of the on-premises ERP system data as input to their software hosted on Azure workload, but their main requirement is that they do not want to expose their data or API URL over the internet without any encryption.

We have provided and tested the below solutions, but they have been rejected with the below comments:

1. Azure Site-to-Site VPN : They do not want to expose their internal network directly.
2. Azure Application Proxy : The customer does not want their data to leave their premises unencrypted.

So, do Azure have any services that will fulfill this requirement?

Answer 1

Hello @☁ | Cloud Support | Cloud IBN | ,

Welcome to the Microsoft Q&A forum.

Based on the requirements mentioned above you can also explore Azure Express route service. ExpressRoute connections use a private, dedicated connection through a third-party connectivity provider. The private connection extends your on-premises network into Azure. You can refer to this architecture for Azure Express Route.

ExpressRoute connections don't go over the public Internet. This allows ExpressRoute connections to offer more reliability, faster speeds, consistent latencies, and higher security than typical connections over the Internet. Express Route Direct SKU also offers MACsec encryption.

Refer: https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/expressroute-security-baseline?toc=%2Fazure%2Fexpressroute%2FTOC.json
https://learn.microsoft.com/en-us/azure/expressroute/expressroute-locations-providers
https://learn.microsoft.com/en-us/azure/expressroute/expressroute-erdirect-about

Hope this helps! Please let me know if you have any additional questions. Thank you!