{"id":28151,"date":"2020-12-24T11:54:12","date_gmt":"2020-12-24T11:54:12","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=28151"},"modified":"2020-12-24T11:54:13","modified_gmt":"2020-12-24T11:54:13","slug":"encrypt-data-at-rest-and-in-motion","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/encrypt-data-at-rest-and-in-motion\/","title":{"rendered":"Encrypt data at rest and in motion"},"content":{"rendered":"\n<p><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/exam-dp-200-implementing-an-azure-data-solution\/\" target=\"_blank\" rel=\"noreferrer noopener\">Go back to DP-200 Tutorials<\/a><\/p>\n\n\n\n<p>In this we will learn about transparent Data Encryption (TDE) for dedicated SQL pool in Azure Synapse Analytics. And, also about how to encrypt data in rest and in motion.<\/p>\n\n\n\n<p><strong>Required Permissions<\/strong><\/p>\n\n\n\n<p><em>To enable Transparent Data Encryption (TDE), you must be an administrator or a member of the dbmanager role.<\/em><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Enabling Encryption<\/strong><\/h4>\n\n\n\n<p><strong>To enable TDE, follow the steps below:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Firstly, open the database in the Azure portal<\/li><li>Secondly, in the database blade, click the Settings button<\/li><li>Thirdly, select the Transparent data encryption option portal settings<\/li><li>then, select the On setting <\/li><li>Lastly, select Save <\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Disabling Encryption<\/strong><\/h4>\n\n\n\n<p><strong>To disable TDE, follow the steps below:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Firstly, open the database in the Azure portal<\/li><li>Secondly, in the database blade, click the Settings button<\/li><li>Thirdly, select the Transparent data encryption option portal settings<\/li><li>Then, select the Off setting portal <\/li><li>Lastly, select Save <\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Information protection and encryption<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Transport Layer Security (Encryption-in-transit)<\/strong><\/h4>\n\n\n\n<p>SQL Database, SQL Managed Instance, and Azure Synapse Analytics secure customer data by encrypting data in motion with Transport Layer Security (TLS). However, it is recommended that in the connection string used by the application, you specify an encrypted connection and not trust the server certificate. This forces your application to verify the server certificate. Thus, it prevents your application from being vulnerable to man in the middle type attacks.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full\"><a href=\"https:\/\/www.testpreptraining.ai\/implementing-an-azure-data-solution-dp-200-free-practice-test\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" width=\"961\" height=\"150\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/dp-200-pracice-tests-1.png\" alt=\"DP-200 practice tests\" class=\"wp-image-18535\" srcset=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/dp-200-pracice-tests-1.png 961w, https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/dp-200-pracice-tests-1-750x117.png 750w\" sizes=\"auto, (max-width: 961px) 100vw, 961px\" \/><\/a><\/figure><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Transparent Data Encryption (Encryption-at-rest)<\/strong><\/h4>\n\n\n\n<p>Transparent data encryption (TDE) for SQL Database, SQL Managed Instance, and Azure Synapse Analytics adds a layer of security to help protect data at rest from unauthorized or offline access to raw files or backups. However, common scenarios include data center theft or unsecured disposal of hardware or media such as disk drives and backup tapes.\u202fTDE encrypts the entire database using an AES encryption algorithm, which doesn&#8217;t require application developers to make any changes to existing applications.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Key management with Azure Key Vault<\/strong><\/h4>\n\n\n\n<p>Bring Your Own Key (BYOK) support for\u202fTransparent Data Encryption (TDE)\u202fallows customers to take ownership of key management and rotation using\u202fAzure Key Vault, Azure&#8217;s cloud-based external key management system. However, if the database&#8217;s access to the key vault is revoked, a database cannot be decrypted and read into memory. Azure Key Vault provides a central key management platform, leverages tightly monitored hardware security modules (HSMs), and enables separation of duties between management of keys and data to help meet security compliance requirements.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Always Encrypted (Encryption-in-use)<\/strong><\/h4>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img decoding=\"async\" src=\"https:\/\/docs.microsoft.com\/en-us\/azure\/azure-sql\/database\/media\/security-overview\/azure-database-ae.png\" alt=\"basics of the Always Encrypted feature.\"\/><figcaption>Image Source: Microsoft<\/figcaption><\/figure><\/div>\n\n\n\n<p>Always Encrypted is a feature designed to protect sensitive data stored in specific database columns from access (for example, credit card numbers, national identification numbers, or data on a need to know basis). This includes database administrators or other privileged users who are authorized to access the database to perform management tasks, but have no business need to access the particular data in the encrypted columns. Moreover, the data is always encrypted. This means the encrypt data can decrypt only for processing by client applications with access to the encryption key. <\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Dynamic data masking<\/strong><\/h4>\n\n\n\n<p>Dynamic data masking limits sensitive data exposure by masking it to non-privileged users. Moreover, Dynamic data masking automatically discovers potentially sensitive data in Azure SQL Database and SQL Managed Instance and provides actionable recommendations to mask these fields, with minimal impact to the application layer. However, it works by obfuscating the sensitive data in the result set of a query over database fields, while there is no change in the data in the database.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Security management<\/strong><\/h3>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Vulnerability assessment<\/strong><\/h5>\n\n\n\n<p>Vulnerability assessment is an easy to configure service that can discover, track, and help remediate potential database vulnerabilities with the goal to proactively improve overall database security. However, VA is part of the Azure Defender for SQL offering. Further, this refers to a unified package for advanced SQL security capabilities. <\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Data discovery and classification<\/strong><\/h5>\n\n\n\n<p>Data discovery and classification (currently in preview) provides advanced capabilities built into Azure SQL Database and SQL Managed Instance for discovering, classifying, labeling, and protecting the sensitive data in your databases. However, discovering and classifying your utmost sensitive data can play a pivotal role in your organizational Information protection stature. It can serve as infrastructure for:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Firstly, various security scenarios, such as monitoring (auditing) and alerting on anomalous access to sensitive data.<\/li><li>Secondly, controlling access to, and hardening the security of, databases containing highly sensitive data.<\/li><li>Thirdly, helping meet data privacy standards and regulatory compliance requirements.<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full\"><a href=\"https:\/\/www.testpreptraining.ai\/implementing-an-azure-data-solution-dp-200-practice-exam\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" width=\"961\" height=\"150\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/dp-200-online-course-1.png\" alt=\"Encrypt data at rest and in motion DP-200 Online course\" class=\"wp-image-18534\" srcset=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/dp-200-online-course-1.png 961w, https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/dp-200-online-course-1-750x117.png 750w\" sizes=\"auto, (max-width: 961px) 100vw, 961px\" \/><\/a><\/figure><\/div>\n\n\n\n<p class=\"has-text-align-right\"><strong>Reference: <\/strong><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/synapse-analytics\/sql-data-warehouse\/sql-data-warehouse-encryption-tde\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Documentation<\/a>, <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/azure-sql\/database\/security-overview#information-protection-and-encryption\" target=\"_blank\" rel=\"noreferrer noopener\">Documentation 2<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.testpreptraining.ai\/tutorial\/exam-dp-200-implementing-an-azure-data-solution\/\" target=\"_blank\" rel=\"noreferrer noopener\">Go back to DP-200 Tutorials<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Go back to DP-200 Tutorials In this we will learn about transparent Data Encryption (TDE) for dedicated SQL pool in Azure Synapse Analytics. And, also about how to encrypt data in rest and in motion. Required Permissions To enable Transparent Data Encryption (TDE), you must be an administrator or a member of the dbmanager role&#8230;.<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[],"tags":[],"class_list":["post-28151","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Encrypt data at rest and in motion - Testprep Training Tutorials<\/title>\n<meta name=\"description\" content=\"Enhance your skills by learning about Encrypt data at rest and in motion using Microsoft DP-200 online course and Practice Exam Now!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/encrypt-data-at-rest-and-in-motion\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Encrypt data at rest and in motion - Testprep Training Tutorials\" \/>\n<meta property=\"og:description\" content=\"Enhance your skills by learning about Encrypt data at rest and in motion using Microsoft DP-200 online course and Practice Exam Now!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/encrypt-data-at-rest-and-in-motion\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2020-12-24T11:54:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/dp-200-pracice-tests-1.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/encrypt-data-at-rest-and-in-motion\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/encrypt-data-at-rest-and-in-motion\/\",\"name\":\"Encrypt data at rest and in motion - Testprep Training Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2020-12-24T11:54:12+00:00\",\"dateModified\":\"2020-12-24T11:54:13+00:00\",\"description\":\"Enhance your skills by learning about Encrypt data at rest and in motion using Microsoft DP-200 online course and Practice Exam Now!\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/encrypt-data-at-rest-and-in-motion\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/encrypt-data-at-rest-and-in-motion\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/encrypt-data-at-rest-and-in-motion\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Encrypt data at rest and in motion\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Encrypt data at rest and in motion - Testprep Training Tutorials","description":"Enhance your skills by learning about Encrypt data at rest and in motion using Microsoft DP-200 online course and Practice Exam Now!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/encrypt-data-at-rest-and-in-motion\/","og_locale":"en_US","og_type":"article","og_title":"Encrypt data at rest and in motion - Testprep Training Tutorials","og_description":"Enhance your skills by learning about Encrypt data at rest and in motion using Microsoft DP-200 online course and Practice Exam Now!","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/encrypt-data-at-rest-and-in-motion\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2020-12-24T11:54:13+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2020\/08\/dp-200-pracice-tests-1.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/encrypt-data-at-rest-and-in-motion\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/encrypt-data-at-rest-and-in-motion\/","name":"Encrypt data at rest and in motion - Testprep Training Tutorials","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2020-12-24T11:54:12+00:00","dateModified":"2020-12-24T11:54:13+00:00","description":"Enhance your skills by learning about Encrypt data at rest and in motion using Microsoft DP-200 online course and Practice Exam Now!","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/encrypt-data-at-rest-and-in-motion\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/encrypt-data-at-rest-and-in-motion\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/encrypt-data-at-rest-and-in-motion\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"Encrypt data at rest and in motion"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/28151","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=28151"}],"version-history":[{"count":7,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/28151\/revisions"}],"predecessor-version":[{"id":28228,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/28151\/revisions\/28228"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=28151"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=28151"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=28151"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}