Comprehensive software reviews to make better IT decisions

Sr hero 001 Sr hero 002 Sr hero 003 Sr hero 004

Microsoft Announces Server-Side Encryption for Azure Managed Disks, Customer-Managed Keys Included!

Microsoft’s announcement that server-side encryption with customer managed keys for Azure Managed Disks is now available is welcome news for security-minded public cloud customers. Managing one’s own keys in a cloud environment can be an important step in complying with regulatory requirements, and this new feature should open Azure Managed Disks to a wider group of customers who may have held back for this reason.

Customer data on Azure Managed Disks has been encrypted using Microsoft’s Storage Service Encryption since shortly after the service became generally available in 2017. Encryption was automatic, though the keys were managed by Microsoft. Shared responsibility is an inherent characteristic of cloud services, but in some cases, customers may want or need additional security.

Customer managed keys (stored in an Azure Key Vault) may be a valuable alternative to Microsoft-managed keys for organizations that have more stringent compliance requirements.

Our Take

The cloud brings a host of new and advanced services and opportunities. But it also comes with trade-offs, one of which is giving up control of at least part of the infrastructure stack to the provider. That trade-off will now be a little less painful for some customers, as they will be able to repatriate management of Azure Managed Disks encryption keys. Perhaps this will be enough to convince some customers that the service is worth the risk.

After all, in the words of Info-Tech core infrastructure practice lead, Fred Chagnon, “If you didn't encrypt it, then it's not being encrypted for your needs.”


Want to Know More?

Modernize Enterprise Storage

Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019