Ensure that the SSL connection to your Azure Redis Cache servers is enabled in order to meet cloud security and compliance requirements. Enforcing an SSL connection helps prevent unauthorized users from reading sensitive data that is intercepted as it travels through the network, between clients/applications and cache servers, known as data in transit.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
The use of secure connections ensures authentication between the cache server and the service or application, and protects data in transit against network layer attacks such as man-in-the-middle (MITM), eavesdropping and session hijacking. When working with production data, it is highly recommended to implement encryption in order to protect it from unauthorized access and fulfill compliance requirements for data encryption within your organization. For example, a compliance requirement is to protect sensitive data that could potentially identify a specific individual such as Personally Identifiable Information (PII) data, usually used in Financial Services, Healthcare and Telecommunications sectors.
Audit
To determine the data-in-transit encryption configuration status for your Azure Redis Cache servers, perform the following actions:
Remediation / Resolution
To enable in-transit encryption for your Microsoft Azure Redis Cache servers by allowing access only via SSL on port 6380, perform the following actions:
References
- Azure Official Documentation
- Azure Cache for Redis
- How to configure Azure Cache for Redis
- Azure Command Line Interface (CLI) Documentation
- az redis list
- az redis show
- az redis update