General Availability Of Always Encrypted In Azure SQL Database Announced
Microsoft has announced the general availability of Always Encrypted in Azure SQL Database. It is a solution that offers unparalleled data security against theft of sensitive data. The sensitive data includes, social security number, credit card numbers, etc.
Azure SQL Database, Senior Program Manager, Jakub Szymaszek stated,
Always Encrypted is an industry-first solution offering unparalleled data security against breaches involving the theft of critical data such as social security or credit card numbers. For example, an admitting nurse may have a business need to access a patient’s unencrypted social security number, but that data does not need to be visible anywhere else in the system. With Always Encrypted, patients’ social security numbers are stored encrypted in the database at all times even during query processing, allowing decryption at the point of use by authorized staff or applications that need to process that data.
Image Source: Edited from azure.microsoft.com
Always Encrypted is transparent, ready to protect your data, and easy to use. The client drivers have been improved to work simultaneously with the database engine to decrypt and encrypt data at the point of use. Meanwhile, this requires only minimal modifications to your applications, isn’t it great?
The Encryption keys are managed outside of the database for more safety. While using your applications, only authorized users with access to the encryption keys can see unencrypted data. The keys are never revealed in plaintext to the database system, that is it allows to confidently store sensitive information in Azure SQL Database. So, your sensitive information gets saved.
Always Encrypted can also be used to restrict the high privilege users in your own organization, for example: DBAs managing your Azure-hosted databases, Restriction to access sensitive data. This is done to prevent information disclosure again..
Currently supported in .NET Framework Data Provider for SQL Server. Soon will be supported in JDBC and ODBC.