In Azure SQL Database, Always Encrypted with Secure Enclaves is now broadly available.

Azure SQL Database

Always Encrypted protects sensitive data from unscrupulous DBAs, administrators, and cloud operators. Your information encrypts and decodes invisibly on the client-side. It exposes in plaintext in the database system.

Because of the deployment of safe enclaves and data encrypting, they were kept safe at all times. It enables sensitive data to decrypt within a secure enclave, a section of memory within the database system process that is kept secure. It appears to the database system and other hosting machine operations as a black box. There is no way to see any data or code inside the enclave from the outside. As a result, the enclave can safely perform computations on plaintext data within the database system.

Always Encrypted with Secure Enclaves, now widely accessible in Azure SQL Database, offers two key advantages: in-place encryption and rich confidential queries.

Encryption on the fly ​

Setting up Always Encrypted without safe enclaves can be difficult. The database system has no access to cryptographic keys by design; therefore, encrypting a column requires data to be transported and encrypted outside the database. As a result, the encryption process can be slow and vulnerable to network faults. You’ll face the same issues if you need to re-encrypt your column later, such as rotating the column encryption key or altering the kind of encryption.

If your database system has a secure enclave, there’s no need to relocate your data for cryptographic operations. Because the enclave trustees, your application’s client driver or a tool can safely transfer keys during cryptographic functions. The enclave can encrypt or re-encrypt columns while they are still in use. It frequently leads to a significant decrease in the time needed to complete such tasks.

Detailed confidential inquiries

Within a database server, most client-side encryption solutions prevent activities on protected data. Always Encrypted only supports one action on encrypted columns: equality comparison. On the other hand, many applications demand more complex data processing. For personally identifiable information (PII), such as people’s names, addresses, national identity numbers, or credit card numbers, pattern matching or sorting is frequently necessary. Moving the data to the client-side and processing it within your application is the only way to safeguard your data from rogue admins and do such computations without enclaves. This strategy, however, does not scale to enormous data quantities and necessitates significant program changes.

Always Encrypted with Secure Enclaves allows you to perform pattern matching, range comparisons, sorting, and other operations on encrypted columns. It will enable you to use the database system for what it builds for querying your data. There’s no need to restructure your apps or spend money on data migration. 

​​About Enteros

IT organizations routinely spend days and weeks troubleshooting production database performance issues across multitudes of critical business systems. Fast and reliable resolution of database performance problems by Enteros enables businesses to generate and save millions of direct revenue, minimize waste of employees’ productivity, reduce the number of licenses, servers, and cloud resources and maximize the productivity of the application, database, and IT operations teams.