Azure Security and Encryption

Azure Active Directory is used for access controls. Azure AD can be used stand-alone. It offers Single sign-on, MFA, providing identities to services.

Encryption is the process of making data unreadable and unusable to unauthorized viewers. To read encrypted data, it must be decrypted, which requires the use of a secret key. There are two top-level types of encryption: symmetric and asymmetric. Symmetric encryption uses the same key to encrypt and decrypt the data.

Asymmetric encryption uses a public key and private key pair. Either key can encrypt but a single key can’t decrypt its own encrypted data. To decrypt, you need the paired key. Asymmetric encryption is used for things like Transport Layer Security (TLS), used in HTTPS.

By default, Azure encrypt/decrypt file storage data. It’s transparent to the user. Azure SQL Database used Transparent data encryption. It performs real-time encryption/decryption of the database at rest without requiring changes to the application. It’s enabled by default. TDE uses symmetric key called database encryption key. By default, Azure provides a unique encryption key per logical SQL server instance and handles all the details.

Azure key vault is used to keep application secrets.

Azure Security Monitor. Monitoring service that provides threat protection across all of your services. Azure Security Center is offered on Standard tier subscription. It’s $15 per node per month.

Does Azure commercial follow FEDRAMP guidelines?

This is the first question that will always be asked if you are setting up Azure for a client that works with government.

Both Azure and Azure Government uses same security controls. They are accessed and authorized at the FedRAMP high impact level. Azure Government provides an additional layer of protection to customers to screened US persons. This is used to store and process data subject to US export control regulation’s such as EAR, ITAR, and DoE 10 CFR Part 810.

Refer to this Microsoft article for details;

https://azure.microsoft.com/en-us/blog/all-us-azure-regions-now-approved-for-fedramp-high-impact-level/

Take time to see which environments meet your needs.  Many people are surprised at how robust the Azure [commercial] compliance space is.  https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings

Resources;