Security for Azure Platform

Question

After reading through GFS's "Securing Microsoft's Cloud Infrastructure", I came away wondering how much of what was described now applies or will apply to the Azure hosting platform (for v1), as one of many parts of Microsoft's "cloud environment".

Specifically, I'm very interested in whether the types of network security described on page 17 of the whitepaper will apply, e.g., firewalls, intrusion prevention devices, segmented VLANs, deep packet inspection, and redundant/fault tolerant DNS.

Also for data security, it discusses how "high impact data ... is subject to encryption requirements for storage and for internal system and network transfers". Will these capabilities be available for Azure (e.g., table storage or SDS relational), and not just other Microsoft cloud environments?

---

Vaughn Hughes

Answer 1

Hi Vaughn,

As Windows Azure is deployed within GFS datacenters, all the benefits provided by GFS in terms of network security and availability at the perimeter are enjoyed by Windows Azure deployments.

Data security however is slightly different, in that, it is the responsibility of the application developer to ensure their application data is secured at the application layer, as we or GFS do not make any assumptions as to the business impact rating of an applications data, therefor, do not do any encryption/etc on the customers behalf.

Hope this is helpful,

Dave.

Answer 2

Thanks for the quick response. That's great to hear on the network security front.

The second half of my question probably should have been directed to the SDS team instead of here, since it was a direct question about what capabilities will be available. I am very well familiar with the need for app owners to be responsible for data security. My question was around what is available to enable it. I'll check with the team directly.

---

Vaughn Hughes