First published on MSDN on Jan 12, 2017
  
  
Hello Everyone,
  
Nowdays, the security is a key element for all databases, for this reason, in Azure SQL we have several options depending on our needs. In this picture you could see the different available options that we have right now.
  
In this post, I would like to share some points about two important topics for our applications that are running on Azure:
  
Although, all these options are available on Azure SQL Database , unfortunately, in Azure SQL Datawarehouse are not available these ones: Always Encrypted, Data Masking and Row Level Security.
  
  
  
  
  
  
  
  
  
Hello Everyone,
Nowdays, the security is a key element for all databases, for this reason, in Azure SQL we have several options depending on our needs. In this picture you could see the different available options that we have right now.
   
  
In this post, I would like to share some points about two important topics for our applications that are running on Azure:
- Data Encryption .
- Data Protection .
Although, all these options are available on Azure SQL Database , unfortunately, in Azure SQL Datawarehouse are not available these ones: Always Encrypted, Data Masking and Row Level Security.
- 
    
     TDE
    
    ( Transparent Data Encryption ) encrypts the data files, protecting data on SQL database physical storage from unauthorized access.
    
 - Server-side encryption of the data on physical disk.
- Zero application changes.
- Support for all database operations (ex. joins) on data.
- SQL Database service manages your keys.
 
 
 
 
 
 
 
- 
    
     Always Encrypted
    
    protects the highly sensitive data in-use from high privilege SQL users.
    
 - Client-side encryption of sensitive data using keys that are never given to the database system.
- Support for equality comparison, incl. join, group by and distinct operators.
- Minimal application changes via server and client library enhancements.
 
 
 
 
 
 
- 
    
     Data Masking
    
    that limit the exposure of sensitive data by obfuscating query results for application users.
    
 - Protects against unauthorized access to sensitive data in the application, using built-in or custom masking rules. Privileged users can still see unmasked data.
- Data is masked on-the-fly, underlying data in the database remains intact. Transparent to the application and applied according to user privilege
 
 
 
 
 
- 
    
     Row Level Security
    
    , centralize your row access logic within the database.
    
 - Control both read/write-access to specific rows of data.
- Flexible access criteria (user identity, role/group memberships, etc).
- Works transparently at query time, no application changes needed and reduces application maintenance and code complexity.
 
 
 
 
 
 
Updated Mar 14, 2019
Version 2.0Jose_Manuel_Jurado Microsoft
Microsoft
Joined November 29, 2018
Azure Database Support Blog 
Follow this blog board to get notified when there's new activity