Sprinto Dashboard

How to resolve Sprinto check for encrypting Azure SQL database

About

Sprinto Check: Azure SQL database should be encrypted

Transparent Data Encryption (TDE) for Azure SQL Database ensures data encryption at rest, adding an essential layer of security. This article guides you through the features of TDE, its benefits, and the steps to manage TDE settings in the Azure portal.

Purpose

The Sprinto check for Azure SQL Database TDE aims to ensure that databases are encrypted at rest, protecting sensitive data from unauthorized or offline access. This implementation helps you:

  • Data Security: Enhance the security of Azure SQL databases by encrypting the entire database at rest.

  • Compliance Requirements: Fulfill encryption compliance and regulatory requirements for sensitive data storage.

  • Azure Portal Management: Understand how to enable, disable, and manage TDE settings in the Azure portal.

  • Sprinto Check Passing: Update the Sprinto check status to "Passing" after implementing the recommended encryption measures.

How to Implement

To manage Transparent Data Encryption (TDE) for Azure SQL Database, follow these steps in the Azure portal:

Before you Begin

  • Ensure you have the necessary permissions (Azure Owner, Contributor, or SQL Security Manager) to configure TDE in the Azure portal.

  • Log in to Sprinto as an administrator.

Azure Portal TDE Configuration

  1. Service-Managed TDE:

    • For Azure SQL Database and Azure Synapse, sign in to the Azure portal with the Azure Administrator or Contributor account.

    • Navigate to your user database and find TDE settings under your database.

    • Service-managed TDE is enabled by default, and a TDE certificate is automatically generated for the server containing the database.

  2. TDE with BYOK Support:

    • To use TDE with Bring Your Own Key (BYOK) support, open TDE settings under your server.

    • Set the TDE master key (TDE protector) at the server or instance level.

    • Protect databases with a key from Azure Key Vault.

Additional Information

  • TDE encrypts the entire database using an AES encryption algorithm without requiring changes to existing applications.

  • Certificate maintenance and rotation are managed by the Azure service.

  • Customers preferring control over encryption keys can manage keys in Azure Key Vault.

With the above action, Sprinto retrieves the changes from your Azure account and set the checks against the SQL database to “Passing.”

For additional assistance or queries regarding Sprinto check, please contact Sprinto Support.

PreviousHow to resolve Sprinto check for enabling server access logs on AWS S3NextHow to resolve Sprinto check for enabling versioning on AWS S3 buckets