Microsoft Azure Storage Client-Side Encryption Goes into General Availability

When it comes to preventing compromise of your data, no matter where it lives, data encryption is the most powerful tool in your toolkit. Data can be encrypted over the wire and at rest. When talking about encrypting data over the wire, we usually speak of SSL/TLS and IPsec as the data moves over networks. When talking about encrypting data at rest, most of the time we’re talking about storage encryption using modern encryption methods such as AES.

This is where Azure Client-Side encryption comes in. Using this feature, you can encrypt data contained within Azure Blobs, Tables and Queues. The new client-side encryption library is designed for optimal performance, helps you implement security best practices, makes it easy for you to implement encryption in common use-case scenarios, and best of all, it’s interoperable across a number of programming languages.

To learn more about client-side encryption in Microsoft Azure storage, check out the following articles:

• Microsoft Azure Storage Release –Append Blob, New Azure File Service Features and Client Side Encryption General Availability – this article describes all the new features and capabilities included in the most recent GA release of Azure Storage
• Client-Side Encryption for Microsoft Azure Storage – Preview – this article provides additional information about Azure Storage client-side encryption during the product preview phase
• Get Started with Client-Side Encryption for Microsoft Azure Storage – this is the definitive article on Azure Storage client-side encryption which contains comprehensive information and is continually updated with the latest updates to the client-side encryption service.

I hope you enjoy these articles and the encryption capabilities as much as we do, and please let us know if there’s any more information or additional features you’d like to see in Azure Storage client-side encryption that you need to become successfully with encrypting your data at rest.

Thanks!

Tom
Tom Shinder
Project Manager, Azure Security – Content / Community / Connection
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

Comments

• Anonymous
  August 24, 2015
  Good stuff, Tom.   Only slightly off-topic.. Would you happen to know where I can point a customer to where we have documented the encryption used for Geo-replication of storage?  The compliance center only says "standard protocols for in-transit data", which isn't good enough for this gentleman. Thanks! Kevin

• Anonymous
  August 26, 2015
  Hi Kevin - We use SSL for geo-replication of data. Great question and we'll make sure that we get this information into docs on azure.com Thanks! Tom