What is encryption?

Encryption is about converting meaningful information into something that appears meaningless, such
as a random sequence of letters and numbers.

The process of encryption uses some form of key as part of the algorithm that creates the encrypted
data.

A key is also needed to perform the decryption. Keys may be symmetric, where the same key is used for
encryption and decryption, or asymmetric, where different keys are used.

How many types of encryption?

There are two types of encryptions.

1. Symmetric
2. Asymmetric

What is symmetric encryption?

Symmetric encryption is a type of encryption where only one key (a secret key) is used to both encrypt
and decrypt electronic information. The entities communicating via symmetric encryption must
exchange the key so that it can be used in the decryption process. This encryption method differs from
asymmetric encryption where a pair of keys, one public and one private, is used to encrypt and decrypt
messages.

What is asymmetric encryption?

There are two sides in an encrypted communication: the sender, who encrypts the data, and the
recipient, who decrypts it. As the name implies, asymmetric encryption is different on each side; the
sender and the recipient use two different keys. Asymmetric encryption, also known as public key
encryption, uses a public key-private key pairing: data encrypted with the private key can only be
decrypted with the public key, and vice versa.

What are difference between Symmetric encryption and asymmetric encryption?

Now that we have a basic understanding of both the encryption types, let’s glance through the key
differences between them.

1. Symmetric encryption is an old technique, while asymmetric encryption is the newer one.
2. Asymmetric encryption takes longer to execute because of the complex logic involved. For this
reason, symmetric encryption is used when transmitting data in bulk.
3. Asymmetric data is more secure because it uses different keys for the encryption and decryption
process.

How many disk encryption technologies are used by Azure?

There are two encryption technologies are used by azure

 Storage Service Encryption (SSE)

 Azure Disk Encryption (ADE)
What is Storage Service Encryption (SSE)?

Azure Storage Service Encryption (SSE) is an encryption service built into Azure used to protect data at
rest.

1. Storage Service Encryption is performed on the physical disks in the data center. If someone
were to directly access the physical disk the data would be encrypted. When the data is
accessed from the disk, it is decrypted and loaded into memory.
2. The Azure storage platform automatically encrypts data before it's stored to several storage
services, including Azure Managed Disks. Encryption is enabled by default using 256-bit AES
encryption, and is managed by the storage account administrator.
3. Storage Service Encryption is enabled for all new and existing storage accounts and cannot be
disabled.
4. Your data is secured by default; you don't need to modify your code or applications to take
advantage of Storage Service Encryption.
5. Storage Service Encryption does not affect the performance of Azure storage services.

What is Azure Disk Encryption (ADE)?

1. Azure Disk Encryption encrypts the virtual machine's virtual hard disks (VHDs). If VHD is
protected with ADE, the disk image will only be accessible by the virtual machine that owns the
disk.
2. Azure Disk Encryption (ADE) is managed by the VM owner. It controls the encryption of
Windows and Linux VM-controlled disks.
3. It use BitLocker on Windows VMs and DM-Crypt on Linux VMs.
4. With ADE, VMs boot under customer-controlled keys and policies.
5. ADE is integrated with Azure Key Vault for the management of these disk-encryption keys and
secrets.

Note: - ADE does not support the encryption of Basic tier VMs, and you cannot use an on-premises Key
Management Service (KMS) with ADE.

What is bit locker and DM-Crypt?

BitLocker Drive Encryption is a data protection feature that integrates with the operating system, and
addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned
computers. Similarly, DM-Crypt encrypts data at rest for Linux before writing to storage.

Which service control the encryption on the windows?

We can encrypt data on Windows VMs by Bit Locker?

Which service control the encryption on the Linux?

We can encrypt data on Windows VMs by DM-Crypt?

What are prerequisites to enable Azure Disk Encryption?

Before you can encrypt your VM disks, you need to:

1. Create a key vault.

2. Set the key vault access policy to support disk encryption.
3. Use the key vault to store the encryption keys for ADE.