Who all have direct or indirect access to Microsoft Managed Keys used for storage service encryption?
Category: azure disk encryption
Dinesh FB on Tue, 25 Sep 2018 10:16:37
According to this page https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption all storage accounts have encryption enabled by default. This is a great thing as some of our clients are not keen on moving their data to cloud otherwise.
On that page, it also says that the encryption keys are managed by Microsoft (unless we want to use our own keys). My question is, who has access to these Microsoft Managed Keys. Who can, directly or indirectly, access these keys and look at my decrypted data.
Thank you for your answer on this.
vikranth s on Tue, 25 Sep 2018 18:20:25
Storage Service Encryption keys will be managed by Microsoft as mentioned in the above documentation. Data will be automatically decrypt for people whoever have authorized to access the data in the storage account.
Dinesh FB on Wed, 26 Sep 2018 04:14:53
That is part of my question. I already know that. I am not sure if you read the question.
My question is when you say the keys are managed by Microsoft, who has access to them? Are there any humans who can access those keys? If yes, how are they vetted or what will make our clients comfortable with them handling those keys?
I understand that we, the owner of that account, will have access to that data.
My question is who on Microsoft Side can access our data. Can you admin access our data? Do you have a compliance policy that you can share with us on who and in what scenarios may access our data?
vikranth s on Thu, 27 Sep 2018 20:06:52
Refer the following documentation for Microsoft security compliance: