Back in September, Microsoft unveiled something called Azure confidential computing, an initiative it had been working on with Intel and other partners for quite some time. In essence, it provided both hardware and software solutions for securing data in use on the cloud platform. Now, the Redmond giant has unveiled that it's bringing encryption of data at rest to Azure Search.
In case you're not familiar, data (in the cloud in this case) can exist in three states: at rest, in motion, and in use. The first refers to data which is stored on things like HDDs, SSDs, or in databases, while the second is specifically referring to the data that is being moved from one location to another. Finally, the third state is the data which is stored in RAM or cache and is required for or being actively used as part of the current task.
The cloud component in question here is what Microsoft calls 'Search-as-a-service'. It's a set of tools and APIs that developers can use to create so-called 'rich search experiences' on the web, on mobile or in enterprise applications. Among other things, there's support for geo-search and linguistic analysis, beyond the indexing and simple search queries a service like this is geared towards, at its core.
While this means that starting today every part of the indexing pipeline is encrypted, there is a bit of an asterisk that comes with it. Data that has been indexed on January 24 and after is automatically encrypted, something that can't be turned on or off as it is being handled by Microsoft. What this means is that data which was indexed prior to this date would have to be re-indexed in order to take advantage of the encryption. It's particularly important to note this because encryption status isn't visible either, through the Azure portal or the API.
However, a form of user identity access control has been implemented, meaning that as a developer, you can impose restrictions on which documents or files the user sees. In other words, they only see the documents or files that they are authorized to see.
Encryption of data at rest in Azure Search is from here on out turned on by default in all regions and for all SKUs. More information about pricing and methods of implementation can be found at the dedicated portal.