Professional Documents
Culture Documents
Data Security in The Cloud
Data Security in The Cloud
th
March 2011
Windows Azure Security Overview
Data Security in the Cloud
Module Manual
Authors: David Tesar
2
The information contained in this document represents the current view of Microsoft Corporation
on the issues discussed as of the date of publication. Because Microsoft must respond to
changing market conditions, it should not be interpreted to be a commitment on the part of
Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the
date of publication.
This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES,
EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the
rights under copyright, no part of this document may be reproduced, stored in or introduced into a
retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission
of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
2011 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, Hyper-V, SQL Azure, Visual Basic, Visual C++, Visual C#, Visual Studio,
Windows, Windows Azure, Windows Live and Windows Server are either registered trademarks or
trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
3
Contents
Overview .................................................................................................................................... 4
Customer Concerns ................................................................................................................... 4
Azure Storage Architecture ....................................................................................................... 5
Data Protection ......................................................................................................................... 5
Protection Against Data Loss ................................................................................................. 6
Secure communication .......................................................................................................... 6
Isolation ................................................................................................................................. 6
Access Control ....................................................................................................................... 6
Privacy in Microsoft ................................................................................................................... 7
Windows Azure Access Control ................................................................................................. 8
Shared Access Signatures ...................................................................................................... 8
Container Policy ..................................................................................................................... 9
AppFabric Cache Access Control ............................................................................................. 10
SQL Azure Security Model ....................................................................................................... 10
Encryption ............................................................................................................................... 12
Hybrid Applications ................................................................................................................. 14
Conclusion ............................................................................................................................... 14
4
Overview
The security of ones data is one of the most important elements that decision
makers must take under consideration. Data is an extremely valuable asset, and
most customers feel insecure regarding the cloud environment because they do
not know the exact location of their data and exactly how it is protected. This is a
serious barrier for customers considering using the cloud; customers must be
sure that their data is safe and private before entrusting it to a shared storing
infrastructure.
Under the traditional information technology (IT) model, an organization is
accountable for all aspects of its data protection regime, from how it uses
sensitive personal information to how it stores and protects such data stored on
its own computers. Cloud computing changes the paradigm because information
is moved offsite to data centers owned and managed by cloud providers.
Responsibility for the physical hosting and protection of data is taken away from
the customers, yet even though the data physically resides in a cloud providers
data centers cloud customers still own their data and remain ultimately
responsible for controlling its use and protecting the legal rights of individuals
whose information they have gathered.
Microsoft understands its responsibilities concerning customer data. The challenge
of storing and protecting such data is not new to the company; Microsofts on-line
services such as Hotmail and Live Services have hosted customer data since the
launch of the MSN