Today we are announcing the general availability of Always Encrypted
in Azure SQL Database.
Always Encrypted is an industry-first solution offering unparalleled data security against breaches involving the theft of critical data such as social security or credit card numbers. For example, an admitting nurse may have a business need to access a patientís unencrypted social security number, but that data does not need to be visible anywhere else in the system. With Always Encrypted, patientsí social security numbers are stored encrypted in the database at all times even during query processing, allowing decryption at the point of use by authorized staff or applications that need to process that data.
Always Encrypted is simple to use, transparent, and ready to protect your data. Client drivers have been enhanced to work in conjunction with the database engine to decrypt and encrypt data at the point of use, requiring only minimal modifications to your applications. Encryption keys are managed outside of the database for maximum safety and separation of duties. Only authorized users with access to the encryption keys can see unencrypted data while using your applications.
Always Encrypted in Azure SQL Database
By ensuring the encrypted data and its corresponding keys are never revealed in plaintext to the database system, Always Encrypted allows you to confidently store your sensitive information in Azure SQL Database. You can also use Always Encrypted to restrict high privilege users in your own organization, for example DBAs managing your Azure-hosted databases, from accessing sensitive data, to further prevent information disclosure.
Always Encrypted is currently supported in .NET Framework Data Provider for SQL Server and will be supported in JDBC and ODBC soon.
For more information: