The cloud computing model is different from your on premise systems, which can see major concerns around compliance with privacy regulations. Privacy regulations are not consistent worldwide, so there is a risk of liability if an organization starts using Azure. The European Union (EU) has very strict privacy protections, and failure to follow these can result in substantial financial penalties. There are two main privacy related issues: 1) loss of control over data, and 2) dependence on an external cloud provider.
Don’t sweat though guys….Azure has the most comprehensive compliance coverage over any cloud provider with more certificates you can shake a stick at, being the key industry leader for customer privacy protection and having unique data residency guarantees.
Every organization should have data privacy & data sovereignty rules and regulations in place….Azure’s Security is exactly the same so this enables you to control your Azure hosted data through a range of advanced technologies to encrypt, control and manage encryption keys, control & audit access of data.
For a lot of organizations, data sovereignty has been a grey area,…. So Microsoft has regionalised a data centre strategy. This means the customer’s country or region, which is specified during the initial setup of the services, determines the primary storage location for that customer’s data.
What is Protection? And do I need it?
Protection of an IaaS VM is basically classed as using Disk Encryption, using this you’ll be meeting regulatory requirements, meaning your data will be encrypted at rest with 128-bit AES-based level encryption.
So, just to be clear …disk encryption in IaaS VM’s in Azure doesn’t protect you from Viruses and malicious software…..that’s a totally separate technology…
Using Azure Disk Encryption solution, you can be sure it’s going to meet your business needs
- IaaS VMs are secured at rest, using industry-standard encryption technology (either BitLocker or DM-Crypt) meeting organizational security and compliance requirements.
- IaaS VMs boot under customer-controlled keys and policies, and you can audit their usage in your key vault
So you’ve deploy some VM’s in Azure they’re running…..now that’s it, just leave them… Azure is safe, it has a tonne of compliance certs, happy days right?….No…don’t be daft, what about if someone stole these Disks, exported the VHD, or if your Azure Subscription becomes compromised for whatever reason, then if you don’t encrypt your IaaS VM’s then you’re putting your Organizations data at risk,
Let’s say this scenario happens, a colleague leaves your business, for whatever reason….they want to do harm, or take some of the VM’s with them…without disk encryption, they can do what they want with that VHD, they could attach it as a separate disk to a VM and access the data, so when you get asked the question from your senior management team “why wasn’t there a way to protect these VMs” ….well there is.
So yes you do need Disk Encryption on IaaS VM’s, it makes perfectly logical sense because if those VM’s are stolen or compromised, the data residing on them is still encrypted and protected from the types of attacks that they would be exposed to, meaning no-one can see your stuff.Follow @CraigCloudITPro