Encryption for Data at Rest comes to Azure File Storage

Customers can now add another layer of security which Storage Service Encryption when ensures their cloud files remain encrypted while stored on Microsoft cloud services.

Microsoft Cloud Encryption 2

Microsoft has kicked off a preview of its Storage Service Encryption (SSE) for Azure customers, enabling organizations to protect their cloud files with the added security of an encryption at rest feature.

"Microsoft handles all the encryption, decryption and key management in a fully transparent fashion," said Lavanya Kasarabada, a Microsoft Azure Storage program manager, in her Feb. 6 announcement. "All data is encrypted using 256-bit AES encryption, also known as AES-256, one of the strongest block ciphers available. Customers can enable this feature on all available redundancy types of Azure File Storage—LRS [locally redundant storage] and GRS [geo-redundant storage]."

Among the cloud data replication services offered by Microsoft, LRS keeps three copies of customer data within storage nodes housed in the Azure data center customers select for their storage accounts. GRS, on the other hand, allows customers to replicate their data to a secondary data center, typically located hundreds of miles away for enhanced data availability and disaster recovery.

During the preview period, Storage Service Encryption (SSE) can only be enabled on newly-created storage accounts using Azure Resource Manager, Kasarabada explained. Microsoft is working on allowing customers to enable encryption using Azure Powershell, CLI (command-line interface) or the Storage Resource Provider API by month's end, she added.

Also on Feb. 6, Microsoft announced lowered pricing on Azure Virtual Machines and Storage Blobs.

"We have reduced prices on Compute optimized instances—F Series, General purpose instances—A1 Basic by up to 24 percent and 61 percent respectively," wrote Venkat Gattamneni, director of product marketing for Microsoft Azure, in a blog post. Microsoft plans to cut prices on general-purpose D Series virtual machines soon, he added.

Azure Hot Block and Cool Block Blob Storage accounts will see their costs drop by up to 31 percent and 38 percent, respectively. Microsoft's hot storage tiers are intended for cloud workloads requiring frequent access to data and typically carry higher storage costs but lower access costs. Conversely, its cold storage tiers, meant for infrequently used data, boasts lower storage costs but higher access costs.

Last week, the company announced it was extending the availability of its StorSimple Virtual Array hybrid cloud product to subscription and MSDN customers. Previously, the solution was only available to Microsoft Enterprise Agreement license holders.

The change places the service within reach of small and midsized businesses (SMBs) budgets, said Anoob Backer, a senior program manager at Microsoft's Cloud and Enterprise Group, in a Feb. 2 announcement. "MSDN subscribers can now run POCs [proofs of concept] or development and testing workloads. In all these cases, you can configure StorSimple Virtual Array as a file server (NAS) or as an iSCSI server (SAN) in the new Azure portal."

Finally, Microsoft is offering customers a new way to view their Azure invoices. Businesses can now optionally include a detailed invoice statement to the monthly billing email and add other recipients, like the accounts payable department.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the Internet.com network of...