Answer-first summary for fast verification
Answer: Implement Azure Key Vault for managing encryption keys and Databricks secret scopes to securely access those keys.
1. **Azure Key Vault**: This cloud service offers a secure repository for keys, secrets, and certificates. Utilizing Azure Key Vault allows for the secure storage and management of encryption keys for Delta Lake, ensuring keys are kept separate from the data they encrypt. 2. **Databricks secret scopes**: These enable secure access to secrets, like encryption keys, from within Databricks, avoiding the need to hardcode sensitive information into your code. 3. **Encryption at rest**: By integrating Azure Key Vault with Delta Lake, sensitive data is encrypted at rest, making it inaccessible without the encryption keys. 4. **Encryption in transit**: Enabling SSL in Databricks clusters encrypts data moving between clusters and other services, safeguarding data in transit. This approach provides a robust security framework for protecting PII in Delta Lake on Databricks.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How would you secure personally identifiable information (PII) in Delta Lake on Databricks by encrypting data both at rest and in transit?
A
Use Transparent Data Encryption (TDE) provided by Azure Storage and enable SSL in Databricks clusters for data in transit.
B
Activate Delta Lake‘s built-in encryption capabilities and manage keys manually within Databricks notebooks.
C
Implement Azure Key Vault for managing encryption keys and Databricks secret scopes to securely access those keys.
D
Rely on network security controls, such as Azure Virtual Network service endpoints, to encrypt data in transit.
No comments yet.