Encrypt inactive data when stored in blob storage, database, etc.
Encrypt data that is flowing between untrusted public or private networks
Protect/Encrypt data that is in use during computation
- Confidential computing brings secure enclaves to Azure
First public cloud to offer Intel Software Guard Extensions (SGX) enclaves
- Enhancing Always Encrypted in Azure SQL Database with enclaves
In-place encryption and key management
Encrypt Azure VMs, Azure Data Lake, SQL Server, and other apps with a key in your key vault. The key never leaves the vault.
Available as a service in every azure region
- Assume highest data classification & encrypt all application & network layers
- Use HSM-backed Azure Key Vault for key storage & management
- Enable Azure Security Center & apply its recommendations
- Enable Azure Sentinel (SIEM) & apply its recommendations
- Enable Azure DDoS
- Enable Monitoring for all Azure services