Speech service encryption of data at rest
Speech service automatically encrypts your data when it's persisted it to the cloud. Speech service encryption protects your data and to help you to meet your organizational security and compliance commitments.
About Azure AI services encryption
Data is encrypted and decrypted using FIPS 140-2 compliant 256-bit AES encryption. Encryption and decryption are transparent, meaning encryption and access are managed for you. Your data is secure by default and you don't need to modify your code or applications to take advantage of encryption.
About encryption key management
When you use custom speech and custom voice, Speech service might store the following data in the cloud:
- Speech trace data - only if your turn the trace on for your custom endpoint
- Uploaded training and test data
By default, your data are stored in Azure's storage and your subscription uses Azure-managed encryption keys. You also have an option to prepare your own storage account. Access to the store is managed by the Managed Identity, and Speech service can't directly access to your own data, such as speech trace data, customization training data and custom models.
For more information about Managed Identity, see What are managed identities.