WindowsAzure™SecurityOverviewByCharlieKaufmanandRamanathanVenkatapathyAbstractWindowsAzure,asanapplicationhostingplatform,mustprovideconfidentiality,integrity,andavailabilityofcustomerdata.Itmustalsoprovidetransparentaccountabilitytoallowcustomersandtheiragentstotrackadministrationofservices,bythemselvesandbyMicrosoft.ThisdocumentdescribesthearrayofcontrolsimplementedwithinWindowsAzure,socustomerscandetermineifthesecapabilitiesandcontrolsaresuitablefortheiruniquerequirements.Theoverviewbeginswithatechnicalexaminationofthesecurityfunctionalityavailablefromboththecustomer’sandMicrosoftoperations’perspectives-includingidentityandaccessmanagementdrivenbyWindowsLiveIDandextendedthroughmutualSSLauthentication;layeredenvironmentandcomponentisolation;virtualmachinestatemaintenanceandconfigurationintegrity;andtriplyredundantstoragetominimizetheimpactofhardwarefailures.Additionalcoverageisprovidedtohowmonitoring,logging,andreportingwithinWindowsAzuresupportsaccountabilitywithincustomers’cloudenvironments.Extendingthetechnicaldiscussion,thisdocumentalsocoversthepeopleandprocessesthathelpmakeWindowsAzuremoresecure,includingintegrationofMicrosoft’sgloballyrecognizedSDLprinciplesduringWindowsAzuredevelopment;controlsaroundoperationspersonnelandadministrativemechanisms;andphysicalsecurityfeaturessuchascustomer-selectablegeo-location,datacenterfacilitiesaccess,andredundantpower.Thedocumentcloseswithabriefdiscussionofcompliance,whichcontinuestohaveongoingimpactonITorganizations.Whileresponsibilityforcompliancewithlaws,regulations,andindustryrequirementsremainswithWindowsAzurecustomers,Microsoft'scommitmenttoprovidingfundamentalsecuritycapabilitiesandanexpandingrangeoftoolsandoptionstomeetcustomers'specificchallengesisessentialtoMicrosoft'sownsuccess,andkeytoourcustomers'successwithWindowsAzure.August,2010WindowsAzureSecurityOverviewMicrosoft2TableofContents1INTRODUCTION.........................................................................................................................................31.1AUDIENCEANDSCOPE..........................................................................................................................................................31.2SECURITYMODELBASICS.....................................................................................................................................................31.2.1CustomerView:Compute,Storage,andServiceManagement...................................................................31.2.2WindowsAzureView:Fabric...................................................................................................................................62CLOUDSECURITYDESIGN........................................................................................................................72.1CONFIDENTIALITY..................................................................................................................................................................72.1.1IdentityandAccessManagement..........................................................................................................................82.1.2Isolation........................................................................................................................................................................102.1.3Encryption....................................................................................................................................................................122.1.4DeletionofData........................................................................................................................................................132.2INTEGRITY............................................................................................................................................................................132.3AVAILABILITY.......................................................................................................................................................................142.4ACCOUNTABILITY................................................................................................................................................................153SECURITYINTHEDEVELOPMENTLIFECYCLE......................................................................................154SERVICEOPERATIONS............................................................................................................................164.1MICROSOFTOPERATIONSPERSONNEL............................................................................................................................164.2SECURITYRESPONSE..........................................................................................................................................................174.3NETWORKADMINISTRATION............................................................................................................................................174.3.1RemoteAdministra