Microsoft Azure Storage Client-Side Encryption Goes into General Availability

imageWhen it comes to preventing compromise of your data, no matter where it lives, data encryption is the most powerful tool in your toolkit. Data can be encrypted over the wire and at rest. When talking about encrypting data over the wire, we usually speak of SSL/TLS and IPsec as the data moves over networks. When talking about encrypting data at rest, most of the time we’re talking about storage encryption using modern encryption methods such as AES.

This is where Azure Client-Side encryption comes in. Using this feature, you can encrypt data contained within Azure Blobs, Tables and Queues. The new client-side encryption library is designed for optimal performance, helps you implement security best practices, makes it easy for you to implement encryption in common use-case scenarios, and best of all, it’s interoperable across a number of programming languages.

To learn more about client-side encryption in Microsoft Azure storage, check out the following articles:

I hope you enjoy these articles and the encryption capabilities as much as we do, and please let us know if there’s any more information or additional features you’d like to see in Azure Storage client-side encryption that you need to become successfully with encrypting your data at rest.


Tom Shinder
Project Manager, Azure Security – Content / Community / Connection
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!


Comments (2)

  1. Kevin Remde says:

    Good stuff, Tom.  

    Only slightly off-topic.. Would you happen to know where I can point a customer to where we have documented the encryption used for Geo-replication of storage?  The compliance center only says "standard protocols for in-transit data", which isn't good enough for this gentleman.



  2. Hi Kevin –

    We use SSL for geo-replication of data. Great question and we'll make sure that we get this information into docs on



Skip to main content