Microsoft has recently released Azure Stack TP3. I was fascinated by the sheer scale of cloud migration in last three year. The big question is,
1 What about existing data centers? – computonomics of underutilised computing power! 2 Retrospective inclusion of limitation?
Client-side encryption is an engineering pattern provides granular control over content encryption. The pattern handle secrets, all encryption and decryption, all of the key or secretes management functions and the server (or storage) cannot decrypt or read the payload data. The pattern is also known as Payload Encryption.
Blogging as private technology citizen is a new experience for me, I would try to aggregate my previous contribution to company blogs, posts, articles and journals under one domain. Last 18 years were a true rollercoaster ride, from
C++ programmer to
Linux directory permissions to
Client-side encryption with Azure Storage Service improves data protection ranking. Zero-Knowledge Environment is a good risk mitigation strategy in absent of network or storage level isolation. Payload encryption or client-side encryption can help to achieve both.
Azure Disk Encryption helps to secure privacy and sovereignty of the data on VM or disks. The feature encrypts Windows and Linux IaaS Virtual Machine Disks, it applies BitLocker feature for Windows IaaS and DM-Crypt feature of Linux IaaS.
The feature would integrate with Azure Key Vault where it manages the disk encryption keys and secrets. Azure Disk Encryption encrypt all data on the Virtual Machine Disks are Encrypted at Rest. The Feature is necessary for satisfying many compliance guidelines, and it improves organisation data security.
Data at Rest is the state of data where the
Data is stored on a physical disk, logical disk, tape, or any other equivalent persistence mechanism.
As discussed earlier in series, let’s go from
Compliance. So as a first step, we need to evaluate the risks, and then we would discuss the countermeasures available in Microsoft Azure.
The following is STRIDE - Threat Model and Countermeasures those applies to
Data Protection, for detail understanding of individual countermeasures and risk please refer to
OWASP Threat Modelling - STRIDE
What is data security? – the question that has evolving and incremental answers since we started asking during the late 1980s.
Data security refers to protective digital privacy measures that are applied to prevent unauthorised access to computers, databases and websites. Data security also protects data from corruption. Data security is an essential aspect of IT for organisations of every size and type.
Source: Definition from Techopedia