Data Protection & Encryption In Azure

Data Protection & Encryption In Azure

Data is an organization’s most valuable and irreplaceable asset, and encryption serves as the last and strongest line of defense in a layered security strategy. Being a healthcare provider, ABC Healthcare stores large amounts of sensitive data. They recently experienced a breach that exposed the unencrypted sensitive data of patients, and are now fully aware that they have gaps in their data protection capabilities. They want to understand how they could have better-used encryption to protect themselves and their patients from this type of incident. Here, we’ll take a look at what encryption is, how to approach the encryption of data, and what encryption capabilities are available on Azure.

What is encryption?

Encryption is the process of making data unreadable and unusable. To use or read the encrypted data, it must be decrypted, which requires the use of a secret key. There are two top-level types of encryption: Symmetric and Asymmetric.

Symmetric encryption uses the same key to encrypt and decrypt the data. Consider a desktop password manager application. You enter your passwords and they are encrypted with your own personal key (your key is often derived from your master password). When the data needs to be retrieved, the same key is used and the data is decrypted.

Asymmetric encryption uses a public key and private key pair. Either key can encrypt but cannot decrypt its own encrypted data. To decrypt, you need the paired key. Asymmetric encryption is used for things like TLS (used in https), and data signing.

Both symmetric and asymmetric encryption plays a role in properly securing your data.

Encryption is typically approached in two ways: encryption at rest and encryption in transit.

Encryption at rest

Data at rest is the data that has been stored on a physical medium. This could be data stored on the disk of a server, data stored in a database, or data stored in a storage account. Regardless of the storage mechanism, encryption of data at rest ensures that the stored data is unreadable without the keys and secrets needed to decrypt it. If an attacker were to obtain a hard drive with encrypted data and did not have access to the encryption keys, the attacker would not compromise the data without great difficulty. In such a scenario, an attacker would have to attempt attacks against encrypted data, which are much more complex and resource-consuming than accessing unencrypted data on a hard drive.

The actual data that is encrypted could vary in its content, usage, and importance to the organization. This could be financial information critical to the business, intellectual property that has been developed by the business, personal data that the business stores about customers or employees, and even the keys and secrets used for the encryption of the data itself.

Encryption in transit

Data in transit is the data actively moving from one location to another, such as across the internet or through a private network. The secure transfer can be handled by encrypting the data prior to sending it over a network or setting up a secure channel to transmit unencrypted data between two systems. Encrypting data in transit protects the data from outside observers and provides a mechanism to transmit data while limiting risk of exposure.

Recent Articles

How to configure restriction for Users from creation of Office 365 groups, Plans & Microsoft teams.

Connect-AzureAD Create new Security Group "AllowedtoCreateGroups" Get-AzureADGroup -SearchString "AllowedtoCreateGroups" $GroupName = "<SecurityGroupName>" $AllowGroupCreation = "False" Connect-AzureAD $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id if(!$settingsObjectID) { $template = Get-AzureADDirectorySettingTemplate | Where-object...

Attack Simulator for Office 365

Microsoft has released Attack Simulator (currently in Preview) to allow Office 365 Global Administrators to simulate phishing campaigns and other attack simulations. Prerequisites ·       Your organization’s email...

What is Advanced Threat Analytics?

Advanced Threat Analytics (ATA) is an on-premises platform that helps protect your enterprise from multiple types of advanced targeted cyber-attacks and insider threats. How ATA...

How to remove Office 365 Groups permanently ?

  Hi Guys, Here is process how to remove office 365 groups or soft deleted groups from your office 365 tenant. Step-1 you need to connect with Azure...

How to solve the issue of guest users access in Office 365 when you applied restriction on office 365 groups creation tenant wide?

Connect-AzureAD via powerShell Run the following command: $template = Get-AzureADDirectorySettingTemplate | ? {$_.displayname -eq "group.unified"} See if you already have an AzureADDirectorySetting object,...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox