Forum Discussion
Azure Disk Encryption(ADE) vs Storage Side Encryption(SSE)
Wanted to pick everyone's brain on Azure Disk Encryption(ADE) vs Storage Side Encryption(SSE).
ADE vs SSE is a burning topic at work for me right now as we are trying to define what our standards should be.
SSE + CMK was launched in April 2020 which is said to be an improvement on ADE but Azure Security Center still flags you if you don't have ADE.
Also, MS came out with two news types of Disk Encryption - Encryption at Host and Double Encryption. Encryption at Host is supposed to be better than ADE but is incompatible with ADE.
There are not a lot of resources out there on this. I have scoured through whatever I could find.
Would love to hear thoughts on ADE and SSE. Do you think SSE + CMK is better than ADE ?
5 Replies
it could be helpful to respond your question:
Azure Disk Encryption leverages either the DM-Crypt feature of Linux or the BitLocker feature of Windows to encrypt managed disks with customer-managed keys within the guest VM. Server-side encryption with customer-managed keys improves on ADE by enabling you to use any OS types and images for your VMs by encrypting data in the Storage service.
more references you could visit: https://docs.microsoft.com/en-us/azure/virtual-machines/disk-encryptionBR
Juan Goncalves
There is an awesome video covering this topic
https://youtu.be/EOXgzTqceok?t=925In short:
SSE is better and newer than ADE
(with some minor exceptions like cache & data in transit encryption)
The new best practice is called host-based encryption. Still in preview as of writing
( https://docs.microsoft.com/en-us/azure/virtual-machines/disks-enable-host-based-encryption-portal )- The missing link! Awesome info, many thanks!
deepakmishraHi, Curious if you received any responses to your query, I'm in exactly the same boat and looking for information on changes/updates.
Thanks!
