Data protection

SQL Server missing BYOK encryption

Risk Level

Informational (4)

Platform(s)

Description

In {AzureSqlDbServer} BYOK is missing. TDE with Customer-managed key support provides increased transparency and control over the TDE Protector, increased security with an HSM-backed external service, and promotion of separation of duties.
  • Recommended Mitigation

    under 'Transparent data encryption', set 'Use your own key' to YES and assign a key. check 'Make selected key the default TDE protector'