Document Library 12 ITEMS

This Integration Guide is part of the Bring Your Own Key (BYOK) Deployment Service Package for Microsoft Azure and covers the creation and transfer of a cryptographic key for use with Azure Key Vault. This cryptographic key, known as a tenant key if used with Azure Rights Management Service and Azure Information Protection, is created within the protection of the nShield Security World on the customer's premises and then securely transferred to Microsoft Azure and the protection of an nShield Security World hosted within Azure via Key Vault.

Always Encrypted is a feature in Windows SQL Server 2019 designed to protect sensitive data both at rest and in flight between an on-premises client application server and Azure or SQL Server database(s). Data protected by Always Encrypted remains in an encrypted state until it has reached the on–premises client application server, this effectively mitigates man in the middle attacks and provides assurances against unauthorized activity from rogue DBAs or admins with access to Azure/SQL server Databases. Always Encrypted was designed to be used in conjunction with Transparent Data Encryption (TDE) however; TDE is NOT a requisite for implementing Always Encrypted.