Another important step in security is encryption. We want our data to be encrypted always—in rest and transit. Everything is redundant to ensure there is no data is lost, and even with three copies of that, all of them encrypted, we have the option to create additional redundancy with geo-replication and other settings.

All resources in Azure are encrypted at rest by default. But sometimes we need additional security to ensure data is more protected. For example, disks for our Azure VMs are encrypted inside the Azure data center, and even if the disk was accessed without authorization, no one could read data on that disk. But what if the disk was downloaded? In this case, the disk could be used. Data could be read or attached to another VM, or a VM could be created with that disk.

We can apply additional encryption and make our resources more secure by using Azure Key Vault.