encryption is the last line of defense for your data.
Let's see how azure helps you encrypt your data and protect it. Even if a breach occurs,
Encryption is the process of encoding the information in a way that only authorized parties can read it.
Here's an example where the plane Lauren Ipsum text is encrypted with the V's encryption command.
Unless you know the encryption key that is used to do the encryption, you will not be able to decrypt the file and read its contents.
There are two types of encryption,
symmetric and asymmetric.
The one we've shown in the previous slide is a symmetric encryption because it uses the same key to encrypt and decrypt the data.
Here's how it works.
The sender uses a key to encrypt the data
on the receiver side. The same key is used to decrypt the data.
If the receiver wants to send some data back,
she can use the same key to encrypt the data and send it over.
Because the key needs to remain secret, both parties need to find a way to distribute the key without compromising it.
This makes it hard to distribute the key over public infrastructure
to solve the issue. With the distribution of keys, asymmetric encryption was developed
instead of a single key to related keys are generated
a public key and a private key.
The public. He is derived from the pipe Ricky.
However, you cannot use the public key to generate the private key
the public. He is published so that anyone who needs it can have access to it, while the private key is kept secure with the receiving party.
When a sender wants to send information to the receiver, she uses the public key to encrypt the information.
The receiver uses the private key to decrypt the information and read It's content.
Asymmetric encryption is used to implement a negotiation part of protocols like Transport Layer Security, or TLS, as well as message signing, where only the owner of the private key can sign the message. But everybody else can verify the signature. Using the public key
data in transit is when the data is actively moving from one location to another.
The purpose of encryption is to protect the data from outside observers and limit the exposure.
You can achieve this by encrypting the data for the sending party before sending it over the network
Protocols like SSL, TLS and https help you do that at the application layer.
You can also use a secure channel like a VPN that encrypts all the traffic between the two parties Transparent to the application
at rest is data that is stored on a physical medium.
The purpose of encryption is to render the data unusable without an encryption key. If an authorized party gains access to the wrong medium,
regulatory requirements require that sensitive data be encrypted both at rest and in transit
as your provides several features and services to help you with the encryption of your data.
You should utilize those if you're looking to achieve regulatory compliance or certification
as your storage service. Encryption is a feature of azure storage that automatically encrypts the data before persisting it to azure blob as your disk, as your files or as your cue
as your disk. Encryption is a feature that helps you encrypt your Windows or Linux virtual machines.
It leverages bit locker for Windows and DM crypt for Lennox to provide encryption for the operating system and the data disks attached to the virtual machine.
H E is integrated with azure key vault to store the encryption keys,
and it uses the managed services identities functionality to obtain the keys to decrypt the disks.
Transparent data encryption is used to protect SQL databases in azure data warehouse instances against malicious activities,
T D e encrypts and decrypt the data base Any associated backup files as well as the transaction logs in real time,
and it is transparent to your application.
It does so using a symmetric key called the database Encryption Key that is generated for each unique database. Instance,
Integration with azure key vault allows you to also bring your own key.
Now we've mentioned Azure Key vault on several occasions already.
In addition to integrating with many services in azure and storing encryption keys as your key vault can be used to store and manage application secrets,
you can configure your application to use a managed services identity and retrieve the necessary secrets from azure key vault using API coats.
This way, you remove the need to store secrets and configuration files
as your key vault can also be used to manage certificates.
It integrates with external certificate authorities and allows you to easily provision deploy and manage DLS certificates for your application
as a key vault. Keys and secrets can also be protected by a software or hardware security module called HSN, validated by Phipps. 1 40 Dash to level two
With This will wrap up our discussion on encryption, and in the next video, we'll take a look at the network security options in Azure.