Reputation:
Reason to not enable encryption on Azure Blob Storage?
I've noticed that Azure blob storage now has the option to encrypt your data at rest.
There's no financial cost to this as far as I can tell and there's no indication/documentation anywhere that states how much of a performance impact this will have on access speeds (If any).
My question is, is there a good reason to not turn it on in most cases?
I imagine that if you've got a scenario where every millisecond counts and security isn't an issue (Such as for public containers perhaps), then maybe you might not want to, but otherwise it sounds like a nice feature to turn on for free (No such thing as a free lunch, but I can't find evidence of a downside beyond speculation).
Upvotes: 1
Views: 1051
Answers (1)
Reputation: 399
If you enable SSE for your blobs, there is no distinguishable impact on performance.
The only case where you might think twice about it is if the storage account only holds VHD files that are being used by VMs. It is better to use Azure Disk Encryption for VMs, which uses DMCrypt for Linux VMs and Bitlocker for Windows VMs. Bitlocker, for example, will go back and encrypt everything on the disk.
SSE only encrypts newly written data. This means if you have a storage account with 100 GB of data and you enable SSE, that 100 GB of data is not encrypted unless you copy it to another container or something like that so it will encrypt it. However, any blobs added to that storage account WILL be encrypted.
Upvotes: 1
Related Questions
- Are Azure Blobs encrypted when they are stored in Microsoft?
- Encrypting Images in azure blob storage
- Azure blob customerProvidedKey vs EncryptionPolicy
- disadvantages of storing secrets in Blob Storage
- Indexing Encrypted Blobs on Azure storage
- In motion encryption of Azure Blobs
- Azure storage enable encryption in ARM
- Does Azure Blob Storage support Server Side encryption
- Transparent encryption of data when moving to azure blob?
- Why use HTTPS for Azure Blob Storage