- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
To enhance data security, it is important to ensure that both OS disks (boot volumes) and data disks (non-boot volumes) of IaaS VMs are encrypted using Customer Managed Keys (CMK). CMKs can be achieved through either Azure Disk Encryption (ADE) or Server Side Encryption (SSE).
Encrypting the OS disk and data disks with CMK ensures that the entire content can only be accessed with the corresponding key, preventing unauthorized access. While Azure-managed disks enable encryption at rest by default using Platform Managed Keys (PMKs), using CMK provides customers with the ability to have more control over the encryption and decryption processes, allowing for key rotation and increased security.
Organizations should evaluate their security requirements for the data stored on the disks. For high-risk data, the use of CMK is strongly recommended, as it offers additional layers of security. However, for low-risk data, PMK, which is enabled by default, provides sufficient data security.
Note: Disks must be detached from VMs to change encryption.