By Jordan Smith, March 10, 2026
Managed IT Services Utah
We are pleased to announce the public preview of Customer-managed key (CMK) capabilities for Azure Databricks and Databricks workspaces on AWS (Amazon Web Services), offering full support for production deployments. Microsoft Azure users can now utilize their own keys to encrypt notebooks and queries managed by Azure Databricks. This functionality is available in the Premium pricing tier across all Azure Databricks regions. Likewise, users on the AWS platform can apply their own keys to encrypt data on DBFS and cluster volumes, with this option included in the Enterprise pricing tier across all AWS regions supporting E2 architecture. The feedback we’ve garnered from our global customers during the private previews has been overwhelmingly positive, as these capabilities empower them to leverage the full potential of the Databricks Lakehouse Platform for processing highly sensitive and confidential data.
Understanding Customer-Managed Key Services for Azure Databricks
An Azure Databricks workspace serves as a managed application within the Azure Cloud, designed to deliver enhanced security capabilities through an intuitive and well-integrated architecture. With the Customer-managed key sourced from an Azure Key Vault instance, users can encrypt their notebooks, queries, and secrets stored within the Azure Databricks regional infrastructure. This offering, now in public preview, enables you to harness these capabilities for robust production deployments.
Currently, it is feasible to utilize your own key from Azure Key Vault to encrypt data stored on DBFS (Blob Storage) alongside Azure-native data sources such as ADLS Gen2 and Azure SQL. Users can process such data smoothly with Azure Databricks without requiring extensive configuration for a workspace.
| Use Case | Status |
| CMK Managed Services (notebooks, queries, and secrets stored in control plane) | Public Preview |
| CMK Workspace Storage (DBFS) | Generally Available (GA) |
| CMK for your own data sources | Already works seamlessly |
Exploring CMK Workspace Storage for Databricks on AWS
A Databricks workspace on AWS provides equivalent security features, matching those available on Azure, as outlined previously. By leveraging a customer-managed key from an AWS KMS instance, users are able to encrypt their data stored on DBFS and Cluster EBS Volumes. This offering is currently in public preview. If you have already set a default encryption key for your EBS volumes within your AWS account, we afford flexibility by allowing you to opt-out of using the CMK option for Cluster EBS Volumes.
Additionally, customer-managed keys are available to encrypt the notebooks, queries, and secrets stored in the Databricks regional infrastructure, also undergoing public preview. It’s worth noting that the use of a customer-managed key for encrypting data from AWS-native sources like S3 and RDS is already operational. For further information, it is advisable to consult the documentation to enable your Databricks clusters to encrypt/decrypt data in non-DBFS S3 buckets.
| Use Case | Status |
| CMK Workspace Storage (DBFS and Cluster EBS Volumes) | Public Preview |
| CMK Managed Services (notebooks, queries, and secrets stored in control plane) | Public Preview |
| CMK for your own data sources | Already works seamlessly |
To embark on utilizing these enhanced security capabilities, one can begin by deploying Azure Databricks and Databricks on AWS Workspaces with customer-managed keys for Managed Services and Workspace Storage. Below are essential resources to explore:
- CMK Managed Services for Azure Databricks
- CMK DBFS for Azure Databricks
- CMK Managed Services for Databricks on AWS
- CMK Workspace Storage for Databricks on AWS
For a comprehensive understanding of how we incorporate a security-first mindset into building the most popular lakehouse platform available on Azure and AWS, it is beneficial to refer to the Platform Security for Enterprises.
Improving Security Posture and Enhancing Data Governance
As organizations increasingly shift towards cloud solutions, ensuring the security of sensitive data becomes paramount. The convergence of managed services for Azure Databricks and AWS solutions not only enhances the overall security landscape but also aids in maintaining a robust data governance framework. Implementing managed services for Azure allows enterprises to confidently manage their data encryption, compliance, and accessibility. This provides peace of mind that sensitive information, whether in use, transit, or at rest, is adequately safeguarded.
In addition, the comprehensive control provided by customer-managed keys strengthens data governance processes. Organizations are empowered to dictate how their data is encrypted, ensuring that sensitive data complies with regulations like GDPR or HIPAA, which govern data security and privacy. By utilizing these advanced encryption options across both platforms, businesses can navigate complex regulatory environments with increased agility.
Next Steps for Organizations
The journey towards enhanced data security and streamlined operations through managed IT services in Utah begins with an assessment of your organization’s specific needs. As companies expand their cloud footprint, they must consider the implications of data governance, compliance, and long-term strategic goals.
Engagement with an expert provider of managed IT services can facilitate the transition, whether it involves leveraging managed services for Azure or integrating cloud services across multiple platforms, such as AWS. Having dedicated support from knowledgeable professionals ensures that your organization not only implements strong security measures but also maximizes the utility of the Databricks Lakehouse Platform, including customer-managed key capabilities for Azure.
The future of data management and analytics is contingent upon robust security practices. Undertaking steps today to enhance security through managed services will not only protect sensitive data but will also position organizations competitively in the marketplace.
Conclusion
As we embrace these significant developments with Azure Databricks and AWS, the advent of customer-managed key features represents a leap forward in managing data security and integrity. From encryption capabilities to industry-leading compliance standards, organizations can now tailor their data handling practices to meet specific security requirements. By leveraging managed IT services in Utah, businesses can confidently embark on their journey towards advanced data resilience and governance.
To stay ahead, it is crucial to understand the evolving landscape of cloud technologies and security measures. Keeping abreast of innovations and adopting proven strategies will ensure long-term success and sustainability in an increasingly interconnected digital ecosystem.
Disclaimer: The content provided in this article is for informational purposes only and does not constitute professional advice. Always consult with a qualified professional for guidance specific to your circumstances.