From the course: Modern Cloud Security: Shift-Left, Observability, and Automated Defense

Unlock this course with a free trial

Join today to access over 25,300 courses taught by industry experts.

Encryption at rest: Techniques and tools

Encryption at rest: Techniques and tools

From the course: Modern Cloud Security: Shift-Left, Observability, and Automated Defense

Start my 1-month free trial Buy for my team

Encryption at rest: Techniques and tools

- [Instructor] In this video, we're diving into encryption at rest, the techniques and tools that keep your stored data safe in the cloud. Regardless of talking about databases, files, or virtual machines, encryption at rest ensures that even if someone gains physical access to your storage devices, they can't read your data without the keys. Let's walk through how this works in practice across Azure, GCP, and AWS. First, application-level encryption. This is the strongest layer of protection because you encrypt data before it even reaches the cloud. For example, if your app handles credit card numbers, encrypt those fields using keys you control. In Azure, use Azure Key Vault to store encryption keys. Pair it with the Azure Storage client-side encryption library to encrypt data in your app code before saving it to Blob Storage. For instance, in a .NET app, use the Azure Key Vault SDK to fetch a key from Key Vault and encrypt data locally. In the GCP universe, Cloud Key Management…

Contents