
close
close
In today’s Ask the Admin, I’ll show you how to enable encryption for blob storage in Microsoft Azure.
advertisment
Microsoft announced the availability of Storage Service Encryption (SSE) in September 2016. This service allows you to add 256-bit AES encryption to new or existing storage accounts. Azure encrypts and decrypts data transparently to users and applications, as well as managing the service keys for you. Microsoft is also working on an option that will allow you to manage the service keys yourself.
Data is encrypted as it is written or rewritten to disk. This means that if you want to encrypt an entire blob, encryption needs to be enabled from the get go. Microsoft claims that the performance hit associated with SSE is inconsequential. Additionally, SSE is only supported for Azure Resource Manager (ARM) storage and blob storage accounts (i.e., those created using the new management portal or ARM PowerShell cmdlets).
advertisment
SSE is available for blob storage in all regions. SSE for Azure File Service is available in preview. At the time of writing this article, SSE for Azure File Service can only be enabled for newly created ARM storage accounts in East US, East US2, Central US, North Central US, South Central US, West Central US, West US, West US2, East Asia, North Europe, West Europe, Australia East, and Australia Southeast regions. For more details on Azure storage accounts, see Understanding Azure Storage: Managed Disks and Storage Accounts on the Petri IT Knowledgebase.
Before enabling encryption, you’ll need at least one storage account. For more information on creating storage accounts, see Create an Azure Premium Storage Account on Petri. For the purposes of this demonstration, a standard tier storage account can be used.
Enable Storage Service Encryption (SSE) in Azure (Image Credit: Russell Smith)
Azure will take a few moments to update the encryption settings for the storage account. If encryption is later disabled, new writes will not be encrypted. Keep in mind, existing data remains encrypted unless it gets rewritten to disk.
In this article, I showed you how to enable encryption in Azure for data at rest.
advertisment
More from Russell Smith
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Cloud Computing
Build 2022: Microsoft Introduces New Dev Box Cloud PC Service for Developers
May 24, 2022 | Rabia Noureen
Use Azure ExpressRoute Private Peering & Azure Virtual WAN to Connect Privately to Microsoft 365
Apr 21, 2022 | Flo Fox
Microsoft to Make Changes to Cloud Licensing Restrictions after Customer Complaints
Apr 18, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group