Ensure that Microsoft Azure MySQL server data is encrypted in transit in order to meet security and compliance requirements. In-transit data encryption helps prevent unauthorized users from reading sensitive data available on your MySQL databases.
When working with production data, it is strongly recommended to enable in-transit encryption by enforcing Secure Sockets Layer (SSL) connections between MySQL database servers and client applications. This will protect your data against Man-In-the-Middle (MITM) attacks and fulfill compliance requirements for in-transit encryption within your organization. For example, a compliance requirement is to protect sensitive data that could potentially identify a specific individual such as Personally Identifiable Information (PII), usually used in Financial Services, Healthcare and Telecommunications sectors.
Audit
To determine in-transit encryption configuration for your Azure MySQL database servers, perform the following actions:
Remediation / Resolution
To enable in-transit encryption by enforcing SSL connections between your MySQL database servers and client applications, perform the following actions:
References
- Azure Official Documentation
- SSL connectivity in Azure Database for MySQL
- Configure SSL connectivity in your application to securely connect to Azure Database for MySQL
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az mysql server
- az mysql server list
- az mysql server show
- az mysql server update
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable In-Transit Encryption for MySQL Servers
Risk Level: High