The Always Encrypted feature for Microsoft’s Azure SQL Database and SQL Server 2016 is now generally available, the company said. It keeps data encrypted at all times, showing it in plaintext only to authorized users with access to the encryption keys.
Always Encrypted is designed to prevent security breaches that would reveal data such as social security or credit card numbers. For example, an admitting nurse may have a business need to access a patient’s unencrypted social security number, but that data does not need to be visible anywhere else in the system.
With Always Encrypted, patients’ social security numbers are stored encrypted in the database at all times, even during query processing, allowing decryption only at the point of use by authorized staff or by applications that need to process that data.
The feature is currently supported in .NET Framework Data Provider for SQL Server and will be supported in JDBC and ODBC soon, Microsoft said.