Implementing encryption at rest
Anytime the topic of storage security comes up, a common concern for organizations is ensuring that data is encrypted at rest and in transit. In many cases, this is a mandatory measure required for compliance with industry and government regulations such as PCI, HIPAA, and FedRAMP.
The great thing about Azure Storage is that encryption at rest is automatic and enabled by default for all services, including Blob and Files. This encryption is powered by a feature called Storage Service Encryption (SSE). This feature is also referred to as service-level encryption. SSE is enabled for all new and existing storage accounts at no additional cost and cannot be disabled.
SSE ensures that data written to any Azure Storage service is encrypted with a 256-bit Advanced Encryption Standard (AES) cipher, which is one of the strongest block ciphers available. The process transparently decrypts data that is read from Azure Storage before returning it to a client...
