Hey everyone! I'm looking to hear from anyone using Customer Managed Keys (CMKs) for encrypting OS and data disks in Azure VMs. What has your experience been like with CMK? Is it challenging to manage, or do you find it straightforward? Also, do you think it's crucial to set up CMK for better security, or are the built-in options adequate? I appreciate your insights! Thanks!
1 Answer
We use CMK due to our cybersecurity necessities. It works fine for the most part, but key rotation can be a hassle. Personally, I think that Platform Managed Keys (PMK) offer enough security unless you have specific legal reasons to maintain control over your keys.
Was there a specific regulatory requirement that prompted you to choose CMK? We've talked to our info security team and they believe that Microsoft's managed keys meet our needs since we don't have any strict legal requirements.