Cosmos DB Adds Always Encrypted Security

• Azure Cosmos DB adds encryption technology to protect data in transit using customer-managed keys.
• The technology could lift a barrier to using Cosmos DB for heavily regulated or sensitive data.
• It requires application changes, and the first release has query limitations.

Azure Cosmos DB adds Always Encrypted security technology to help protect data by encrypting and decrypting data at the client side (inside the customer’s application), ensuring that the data is protected before sending it to Cosmos DB. Always Encrypted is a mature technology, but using it requires application changes and potentially redeploying databases.

Service Overview

Cosmos DB is a multimodal database service designed for distributed data applications that need global scaling and high performance. It can support multiple data formats such as documents, graphs, and relational data, and multiple open-source query languages in a single instance. This configuration allows developers to use multiple languages and work with several different data types in the same service where the data can share security settings and replication features.