Ensure that 'Data encryption' is set to 'On' on a SQL Database

Azure SQL Database transparent data encryption helps protect against threats and malicious activity by performing real-time encryption and decryption of your database, backups, and transaction logs at rest without requiring any changes to the application.

Risk Level: High
Cloud Entity: Azure SQL Database
CloudGuard Rule ID: D9.AZU.CRY.11
Covered by Spectral: Yes
Category: Database

GSL LOGIC

SQLDB should have encryption.status='Enabled'

REMEDIATION

From Portal

  1. Go to 'SQL databases' and choose your database
  2. Select 'Transparent data encryption' under 'Security' in the navigation menu
  3. Set 'Data encryption' to 'On'
  4. Save

From Command Line
Run

az sql db tde set --resource-group RESOURCE GROUP --server DATABASE SERVER --database DATABASE --status Enabled

Note: By default, 'Data encryption' is set to 'On'.

References

  1. https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-tde-overview
  2. https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption
  3. https://docs.microsoft.com/en-us/cli/azure/sql/db/tde?view=azure-cli-latest#az_sql_db_tde_set

Azure SQL Database

Azure SQL Database is the intelligent, fully managed relational cloud database service that provides the broadest SQL Server engine compatibility, so you can migrate your SQL Server databases without changing your apps. Accelerate app development and make maintenance easy and productive using the SQL tools you love to use. Take advantage of built-in intelligence that learns app patterns and adapts to maximize performance, reliability, and data protection.

Compliance Frameworks

  • AZU PCI-DSS 4.0
  • Azure CIS Foundations v. 1.0.0
  • Azure CIS Foundations v. 1.1.0
  • Azure CIS Foundations v. 1.2.0
  • Azure CIS Foundations v. 1.3.0
  • Azure CIS Foundations v. 1.3.1
  • Azure CIS Foundations v. 1.4.0
  • Azure CIS Foundations v. 1.5.0
  • Azure CIS Foundations v.2.0
  • Azure CSA CCM v.3.0.1
  • Azure CSA CCM v.4.0.1
  • Azure CloudGuard Best Practices
  • Azure CloudGuard CheckUp
  • Azure Dashboard System Ruleset
  • Azure GDPR Readiness
  • Azure HIPAA
  • Azure HITRUST v9.5.0
  • Azure ISO 27001:2013
  • Azure ITSG-33
  • Azure LGPD regulation
  • Azure NIST 800-171
  • Azure NIST 800-53 Rev 4
  • Azure NIST 800-53 Rev 5
  • Azure NIST CSF v1.1
  • Azure New Zealand Information Security Manual (NZISM) v.3.4
  • Azure PCI-DSS 3.2
  • CloudGuard Azure All Rules Ruleset
  • Microsoft Cloud Security Benchmark