1
00:00:01,040 --> 00:00:05,200
In summary, I would have you walk away from this lesson thinking more

2
00:00:05,200 --> 00:00:09,720
deeply about data security in all of its states. We've got data at

3
00:00:09,720 --> 00:00:12,600
rest, data in transit, and data in use.

4
00:00:12,600 --> 00:00:15,910
So what we saw in this lesson is thinking about BitLocker.

5
00:00:15,910 --> 00:00:21,640
It is largely an at rest data security mechanism. You might

6
00:00:21,640 --> 00:00:23,460
think to yourself, for example, okay,

7
00:00:23,460 --> 00:00:28,590
I've got an Azure VM and I'm using Azure Disk Encryption. If I export or

8
00:00:28,590 --> 00:00:32,890
download the disk from that VM to on‑prem, does that mean it comes down to

9
00:00:32,890 --> 00:00:37,570
my local environment encrypted still or unencrypted? It's important to know

10
00:00:37,570 --> 00:00:40,300
this. It stays encrypted. And yes,

11
00:00:40,300 --> 00:00:45,410
you can save or back up or export keys out of your Key Vault if you

12
00:00:45,410 --> 00:00:49,820
do indeed need to take a cloud‑based disk on‑prem. You'd probably be

13
00:00:49,820 --> 00:00:53,870
better off decrypting it in the cloud and then doing your export and

14
00:00:53,870 --> 00:00:56,340
then lastly re‑encrypting it.

15
00:00:56,340 --> 00:00:59,130
But just think about those different states. Something else that you

16
00:00:59,130 --> 00:01:02,340
saw in the demo is Storage Service Encryption,

17
00:01:02,340 --> 00:01:07,470
which is an at rest encryption that takes place for your Azure virtual

18
00:01:07,470 --> 00:01:12,730
machine disks when the VMs are stopped and deallocated and when the VHDs

19
00:01:12,730 --> 00:01:18,910
are simply resident in Azure managed storage. This allows you to confirm

20
00:01:18,910 --> 00:01:22,500
to your compliance department that you're either trusting Microsoft with

21
00:01:22,500 --> 00:01:27,160
those Storage Service Encryption keys or you as the customer managing

22
00:01:27,160 --> 00:01:28,440
those as well.

23
00:01:28,440 --> 00:01:33,240
Data in transit leads me to always think of TLS and making sure you're doing

24
00:01:33,240 --> 00:01:38,890
HTTPS in your applications. And then data in use, well, that is going to be

25
00:01:38,890 --> 00:01:43,280
outside the purview of BitLocker. Once your VM data,

26
00:01:43,280 --> 00:01:45,970
whether it's an on‑premises machine or an Azure machine,

27
00:01:45,970 --> 00:01:48,840
once the data is in memory and in use,

28
00:01:48,840 --> 00:01:52,660
then that's a case of thinking about some of the other tools that we've examined

29
00:01:52,660 --> 00:01:56,140
throughout this course and how we can bring those to bear.

30
00:01:56,140 --> 00:01:57,260
So that's it for the course.

31
00:01:57,260 --> 00:01:59,450
I want to thank you one more time for your

32
00:01:59,450 --> 00:02:01,920
participation. I appreciate you very much.

33
00:02:01,920 --> 00:02:05,230
You can look at all of my Pluralsight courses by going to

34
00:02:05,230 --> 00:02:10,710
timw.info/ps. It's actually an alias from my personal website,

35
00:02:10,710 --> 00:02:15,620
timw.info. And then email is tim@timw.info.

36
00:02:15,620 --> 00:02:18,000
My twitter handle I don't have on this slide. It's

37
00:02:18,000 --> 00:02:21,690
different. It's techtrainertim. I post on Microsoft and

38
00:02:21,690 --> 00:02:23,940
certification just about every day.

39
00:02:23,940 --> 00:02:25,150
Happy studying to you.

40
00:02:25,150 --> 00:02:30,000
I look forward to hearing about your exam success in the future. Take good care