Encryption for Data at Rest comes to Azure File Storage
Customers can now add another layer of security which Storage Service Encryption when ensures their cloud files remain encrypted while stored on Microsoft cloud services.Microsoft has kicked off a preview of its Storage Service Encryption (SSE) for Azure customers, enabling organizations to protect their cloud files with the added security of an encryption at rest feature. "Microsoft handles all the encryption, decryption and key management in a fully transparent fashion," said Lavanya Kasarabada, a Microsoft Azure Storage program manager, in her Feb. 6 announcement. "All data is encrypted using 256-bit AES encryption, also known as AES-256, one of the strongest block ciphers available. Customers can enable this feature on all available redundancy types of Azure File Storage—LRS [locally redundant storage] and GRS [geo-redundant storage]." Among the cloud data replication services offered by Microsoft, LRS keeps three copies of customer data within storage nodes housed in the Azure data center customers select for their storage accounts. GRS, on the other hand, allows customers to replicate their data to a secondary data center, typically located hundreds of miles away for enhanced data availability and disaster recovery. During the preview period, Storage Service Encryption (SSE) can only be enabled on newly-created storage accounts using Azure Resource Manager, Kasarabada explained. Microsoft is working on allowing customers to enable encryption using Azure Powershell, CLI (command-line interface) or the Storage Resource Provider API by month's end, she added.
Also on Feb. 6, Microsoft announced lowered pricing on Azure Virtual Machines and Storage Blobs.