Azure Introduces Storage Service Encryption for Managed Disks with No Additional Cost

Posted by Augusto Alvarez on June 19, 2017
Share on Facebook0Share on Google+0Share on LinkedIn0Share on Reddit3Tweet about this on Twitter0
5/5 (1)
5/51

As we referenced several times, security is one of the main topics for cloud providers looking to guarantee privacy for their customers’ data and information. Microsoft just announced the public availability for Storage Service Encryption (SSE) for Azure Managed Disks, with no additional cost.

Azure Storage Service Encryption

Azure Managed Disks were introduced by Microsoft some while back to facilitate the storage administration for Azure admins. Previously, admins had to create storage accounts to hold the disks (VHD files) for your Azure VMs. As new VMs and/or new disks were being added, the admin had to make sure you created additional storage accounts so you didn’t exceed the IOPS limit for storage with any of your disks. With Managed Disks, the storage account limits do not apply anymore (such as 20,000 IOPS / account).

Storage Service Encryption (SSE) enables encryption-at-rest, automatically encrypts data prior to persisting to storage and decrypts prior to retrieval. The encryption, decryption, and key management are totally transparent to users. All data is encrypted using 256-bit AES encryption.

Storage Account Encryption window

SSE can be used for Azure Blob Storage and File Storage. It works for the following:

  • Standard Storage: General purpose storage accounts for Blobs and File Storage and Blob Storage accounts
  • Premium storage
  • All redundancy levels (LRS, ZRS, GRS, RA-GRS)
  • Azure Resource Manager storage accounts (but not classic)
  • All regions.

Storage Service Encryption has some limitations to consider, to name a few: Encryption of classic storage accounts is not supported; SSE only encrypts new data (encrypting existing data will be available in the near future); table and queues data will not be encrypted.

Azure Storage service encryption window

The keys used by SSE are fully managed by Microsoft, for the moment it’s not supported the scenario where customers use their own keys for encryption but it could be available as an upcoming feature.

It is also important to note that Storage Service Encryption it’s not the same as Azure Disk Encryption, the latter is used to encrypt OS and data disks within the Azure VMs, while SSE encrypts data in Azure Blob Storage.

Related materials:

Views All Time
9
Views Today
13

Please rate this

To download the software products, please, make your choice below. An installer link and a license key will be sent to the e-mail address you’ve specified. If you consider StarWind Virtual SAN but are uncertain of the version, please check the following document Free vs. Paid. The recent build of Release Notes. A totally unrestricted NFR (Not For Resale) version of StarWind Virtual SAN is available for certain use cases. Learn more details here.



Return to all posts

Setting statistics collection levels for the VMware vCenter Server and estimating the size of its database
StarWind VVols for VMware vSphere Environment
The following two tabs change content below.
Augusto Alvarez
Augusto Alvarez
Augusto is currently working as Principal Consultant in Dell EMC, originally from Argentina and now based in the US. His role currently is designing customer requirements into specific systems and processes; also performing technical briefings; leading architectural design sessions and proofs of concept. Augusto is also the author from two published App-V books: “Getting Started Microsoft Application Virtualization 4.6” and “Microsoft Application Virtualization Advanced Guide”.