In today's digital age, where businesses and individuals heavily rely on cloud services for storage and accessibility, the need for robust cybersecurity has never been more pressing. With cyberthreats evolving at an alarming pace, it’s essential for you to understand the concept of cyber resilience and adopt proactive strategies to protect your data from potential breaches and malicious attacks.

Microsoft, in partnership with NetApp®, continues to add new features that make its enterprise-grade file storage service, Azure NetApp Files, even better! Recently, Microsoft announced a new feature that helps keep your data safe and secure, protecting it at the data layer to mitigate the threat of attacks and unplanned data loss. In this blog post, we explore the new Azure NetApp Files features: customer-managed keys, designed to safeguard your data in the Azure cloud.

Customer-managed keys

Microsoft has announced the general availability of customer-managed keys for Azure NetApp Files volume encryption. With customer-managed keys, you can bring your own encryption keys, securely stored in Azure Key Vault, to increase the security of your most important data.

Encryption of data at rest is an essential security practice. It helps you protect your sensitive information, maintain compliance with regulations, mitigate the impact of data breaches, and maintain the integrity and confidentiality of your data throughout its lifecycle.

Data-at-rest encryption is important for your organization because it provides:

• Data confidentiality. With encrypted data at rest, your sensitive information remains confidential and can’t be accessed or understood by unauthorized individuals. If an attacker gains physical access to your storage devices or manages to steal them, your encrypted data is meaningless without the encryption key.
• Compliance with regulations. Many industries and jurisdictions have specific regulations and data protection laws that require organizations to encrypt sensitive data at rest. For example, if you’re in the healthcare industry, your organization must comply with the Health Insurance Portability and Accountability Act (HIPAA). And if your organization handles credit card information, it must follow the Payment Card Industry Data Security Standard (PCI DSS).
• Protection against unauthorized access. By encrypting data at rest, you get an extra layer of protection against unauthorized access. Even if an attacker manages to bypass your other security measures and gain access to your storage service, your encrypted data remains unreadable without the encryption key.

Fundamental to encrypting your data is the encryption key. Customer-managed keys for Azure NetApp Files volume encryption enable you to use your own keys instead of a Microsoft-managed key when creating a new volume. With customer-managed keys, you can fully manage the relationship between a key's lifecycle, a key’s usage permissions, and auditing operations on keys.

By using customer-managed keys, your organization retains full control and ownership over the encryption process and the associated keys. You can enforce your own security policies, comply with data protection regulations, and protect your data from unauthorized access. But keep in mind that to effectively manage encryption keys, you need proper security measures, such as strong authentication, secure storage, and robust key management practices. Your organization should implement industry best practices to maintain the confidentiality, integrity, and availability of your customer-managed keys.

Keep strengthening your cyber resilience

Remember that, although data-at-rest encryption, customer-managed keys is a powerful tool, it’s just part of a comprehensive cyber-resilience strategy. So, let's keep the conversation going!

Take the first step. Watch this video on how to configure customer-managed keys for Azure NetApp Files volume encryption.