Azure SQL Database gets Always Encrypted functionality

Mark Coppock

The security of cloud services is a vital aspect of Microsoft’s “cloud-first, mobile-first” productivity strategy. If users can’t trust Azure, OneDrive, Office 365, and other cloud services, then Microsoft’s strategy is likely dead in the water. That’s why the company is focusing on security, and the latest addition of end-to-end encryption to Azure SQL Database is just one small step along the way.

As Microsoft outlined in an Azure blog post today:

Today we are announcing the general availability of Always Encrypted in Azure SQL Database.
Always Encrypted is an industry-first solution offering unparalleled data security against breaches involving the theft of critical data such as social security or credit card numbers. For example, an admitting nurse may have a business need to access a patient’s unencrypted social security number, but that data does not need to be visible anywhere else in the system. With Always Encrypted, patients’ social security numbers are stored encrypted in the database at all times even during query processing, allowing decryption at the point of use by authorized staff or applications that need to process that data.

Always Encrypted is simple to use, transparent, and ready to protect your data. Client drivers have been enhanced to work in conjunction with the database engine to decrypt and encrypt data at the point of use, requiring only minimal modifications to your applications. Encryption keys are managed outside of the database for maximum safety and separation of duties. Only authorized users with access to the encryption keys can see unencrypted data while using your applications.

Check out the blog post for more details, including the steps you’ll want to take going forward to ensure Azure SQL Database security. Let us know in the comments if you think Microsoft is doing enough to ensure the security of your cloud data.