We are thrilled to announce the Public Preview of Transparent Data Encryption (TDE) and Service-Managed Credential Rotation for Arc-enabled SQL Managed Instance. With a strong focus on data security and management, this release introduces cutting-edge features that ensure your sensitive information is protected.
Transparent Data Encryption Overview
Azure Arc-enabled SQL Managed Instance now supports a managed solution for encrypting-at-rest all your databases within a managed instance. TDE offers robust encryption to safeguard your data against unauthorized access.
Transparent Data Encryption Modes
There are two modes that a user can specify when using Transparent Data Encryption: Customer-managed and Service-managed. This feature can be enabled via the Kubernetes spec and az CLI.
Customer-managed keys (CMK)
Service-managed keys (SMK)
Businesses that would like full control on the certificates encrypting their data.
Businesses that would like the arc-enabled data controller to manage the certificates for them.
Businesses would like to manually manage encryption of each database and their managed instance themselves.
User managed. Users bring the certificate to encrypt their data.
Service managed. The service will create the certificate automatically.
User managed. Users must manually load and enable encryption-at-rest on their managed instances.
Users must create a Kubernetes secret with their certificate, then update their SQL MI Custom Resource spec.
Users update their SQL MI Custom Resource spec.
A series of Kubernetes exec commands as well as T-SQL commands for each database.
Service Managed Credential Rotation Overview
Azure Arc-enabled SQL Managed Instance now supports a simple way to rotate some service-managed credentials in your SQL Managed Instance for both the general purpose and business critical service tiers. The primary benefit of credential rotation is enhanced security. By automatically and regularly refreshing access credentials, potential security vulnerabilities due to compromised or outdated credentials are mitigated. This proactive approach significantly reduces the risk of unauthorized access and data breaches, ensuring that only authorized users have valid and up-to-date credentials to access sensitive information or critical systems.
In conclusion, the Public Preview release of Transparent Data Encryption (TDE) and Credential Rotation for Arc-enabled SQL Managed Instance is aimed towards bolstering data security and management. With TDE, your sensitive information remains shielded from prying eyes, while Credential Rotation ensures that access credentials are automatically and seamlessly refreshed, providing protection against potential cyber threats. We invite you to take advantage of these cutting-edge features to fortify your data infrastructure and stay one step ahead of evolving security challenges.