Encryption of communications and working on Azure keep your data assets safe. Azure provides you the option to implement extra encryption rules and features alongwith managing your cryptographic keys. All customer data on Azure are encrypted irrespective of the configuration set up by the customer. Azure provides you a set of tools and technologies for encrypting and managing cryptographic keys alongwith audit and control access to data. Azure storage is equipped with potent security capabilities to enable development of secure applications.
Azure uses TLS for protection of data when it is flowing from cloud services to customers. The connections between systems and Azure Cloud services are secured using unique keys with Perfect Forward secrecy (PFS). The encryption key length of 2048 bit and RSA based is used by connections. This unique combination makes data inaccessible to unauthorised party during transit. Data is kept safe during transit between the application and the cloud by using HTTPS protocol or SMB 3.0 encryption on the client side. Azure Virtual networks provide you the option to encrypt the traffic flow using IPsec protocol between company VPN gateway and Azure or between the VMs on your virtual network
Azure provides multiple encryption options like AES-256 support for data at rest. Storage service encryption automatically encrypts the data when written to storage of Azure. The OS and data disks required by VMs are also encrypted. Selective and authorised access to Azure storage data objects is provided by Shared Access Signatures.
Azure Disk Encryption
It allows encryption of your Linux infrastructure and Windows. It provides encryption for disks and operating systems leveraging the Windows Bit-locker feature and the Linux DM-crypt feature. The disk encryption is coupled with Azure key vault for controlling and auditing the use of encryption keys
Azure Storage Service Encryption
It encrypts data prior to storage and decrypts it prior to retrieval or fetching of the data. The storage service encryption can be used for Azure files or blob storage. To amp up the security, you can use encryption keys managed by Azure with Storage Service encryption.
Azure Key Vault
It allows you to encrypt access passwords and logins alongwith keys that are saved in hardware security modules (HSM). It is Microsoft recommended security solution of azure for access control of encryption keys employed by cloud services. It zero down the organisation efforts involved in configuring, patching and maintain the HSMs.