Forum Discussion

deepakmishra's avatar
deepakmishra
Copper Contributor
Aug 15, 2020

Azure Disk Encryption(ADE) vs Storage Side Encryption(SSE)

Wanted to pick everyone's brain on Azure Disk Encryption(ADE) vs Storage Side Encryption(SSE). ADE vs SSE is a burning topic at work for me right now as we are trying to define what our standards sh...
egodigitus's avatar
egodigitus
Copper Contributor
Aug 26, 2021

There is an awesome video covering this topic
https://youtu.be/EOXgzTqceok?t=925

In short:

SSE is better and newer than ADE

(with some minor exceptions like cache & data in transit encryption)

The new best practice is called host-based encryption. Still in preview as of writing
( https://docs.microsoft.com/en-us/azure/virtual-machines/disks-enable-host-based-encryption-portal )

deepakmishra's avatar
deepakmishra
Copper Contributor
Aug 26, 2021

egodigitus Haha - this is insane. I found the video 2 days ago and this clarified the questions I had a year ago.

Still cant believe the video was posted 6 months ago and I missed it.

John is the man!!!

 

Encryption at Host should covers most of the qualms around Disk Encryption. However, it doesn't address someone with the right permissions copying a VHD. This remains addressed only by ADE.

This can be resolved through creating a custom role that doesn't allow most users to export the VHD.

Resources