Data encryption
Data encryption protects data confidentiality; however, applying encryption to all data is not always required, nor is it efficient or cost effective when not needed. The cloud platform provider and tenant can mutually decide on a use case-specific data encryption policy, considering the scope of encryption, where to apply encryption, and also the organizational and regulatory requirements.
The scope of encryption defines which data types need encryption, encryption key usage, and so on. If these parameters are user configurable, then the platform provider needs to implement a default encryption mechanism to enable less educated customers protect themselves. When data needs to be persistently stored outside the data center and on-premises, such as in a mobile device, then encryption methodologies must be decided as part of the deployment requirements (device policies and so on).
Encryption of data in transit typically uses connectivity framework mechanisms (for example, DDS...