Users of Microsoft Azure now have access to the cloud service's SQL Database Transparent Data Encryption (TDE) feature that can encrypt databases, associated backups and transaction logs at rest in real-time. The aim is to give Azure SQL Database customers peace of mind that their data protection and compliance requirements are being met.
There has already been a TDE feature for SQL Server since 2008 and the SQL Database TDE is based off that technology, which encrypts the storage of a whole database through an industry standard AES-256 symmetric key. Microsoft has made updates to this core technology to adapt it to the cloud. This includes adding AES-NI hardware acceleration encryption to reduce resource demands when turning on the feature.
Azure SQL Database TDE is able to protect the database encryption keys with a built-in managed certificate that is unique to each SQL Database server. Microsoft automatically rotates these certificates at least every 90 days.
Azure users can enable SQL Database TDE feature for their databases through the Azure Preview Portal.
[Via SQL Server Security Blog]