Ensure that Microsoft Azure MySQL server data is encrypted in transit in order to meet security and compliance requirements. In-transit data encryption helps prevent unauthorized users from reading sensitive data available on your MySQL databases.
When working with production data, it is strongly recommended to enable in-transit encryption by enforcing Secure Sockets Layer (SSL) connections between MySQL database servers and client applications. This will protect your data against Man-In-the-Middle (MITM) attacks and fulfill compliance requirements for in-transit encryption within your organization. For example, a compliance requirement is to protect sensitive data that could potentially identify a specific individual such as Personally Identifiable Information (PII), usually used in Financial Services, Healthcare and Telecommunications sectors.
To determine in-transit encryption configuration for your Azure MySQL database servers, perform the following actions:
Remediation / Resolution
To enable in-transit encryption by enforcing SSL connections between your MySQL database servers and client applications, perform the following actions:
- Azure Official Documentation
- SSL connectivity in Azure Database for MySQL
- Configure SSL connectivity in your application to securely connect to Azure Database for MySQL
- CIS Microsoft Azure Foundations
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Enable In-Transit Encryption for MySQL Servers
Risk level: High