TechnologyApr 26, 2012

Is it Safe? Security and Redundancy in Windows Azure

Forrest Kyle

The phrase “cloud computing” may not instill in one a sense of strength, security, and reliability. It sounds vaporous and opaque; quite the opposite of what a manager is looking for in his IT infrastructure. However, Microsoft has leveraged a tremendous investment in the success of its cloud offering, Windows Azure, and as such has built stringent security concerns into every aspect of the architecture. A single, marquee security failure would be a devastating blow to the brand of any company offering cloud computing services. Azure should be thought of less as “the cloud,” than as a robust IT infrastructure service that frees businesses from the financially exhausting task of building a scalable, secure IT operation and allows them to focus on their core competencies.

Right now, some bank run by some guy you’ve never met has nearly all of your money. Why is that? It is because his company has evolved a wide array of skills, infrastructure, and knowledge such that his ability to protect and distribute your money has exceeded anything you could hope to match, barring major investment and training. Similarly, Microsoft has brought to bear upon the problem of computing infrastructure vast experience, resources, and knowledge. Migrating data to Azure eliminates the expensive and failure-prone task of double specializing in both the business you are actually in and the IT industry.

Microsoft has constructed several hardened facilities around the globe in which to house their Azure services. In North America, those facilities are in Chicago, IL and San Antonio, TX. Each facility has the ability to remain fully functional in the event of power outages, including extended off-grid operation. Environmental controls are self-contained and will remain online for as long as the facility remains powered, either by the grid or by fail-safe mechanisms. Customers can also leverage geo-replication. Thus, if the Chicago facility suddenly explodes, your millions of dollars’ worth of data can be restored from the San Antonio backup. In addition, only a small number of operations personnel have access to the facility. They must regularly change their administrative access credentials and cannot access customer accounts without following a formal process that can only be initiated by the customer. The access each member of the operational staff has to the systems is proportional to the depth and breadth of background verification performed by Microsoft.

Modernize applications and support business initiatives with Microsoft Azure

Explore Our Microsoft Consulting Services  →

From a software perspective, redundancy and security are at the very core of Azure’s architecture. Each hosted service is divided up into a number of virtual machines (VM,) each of which runs an instance of a role within an application. The software for these roles is not granted administrative privileges for these VM’s. Any communication between the VM’s, as well as that of all internal components of the Azure architecture, is protected by SSL encryption. The various underlying components of the Azure system are also isolated. The Hypervisor (the daemon that manages the multiple VM’s as well as the root operating system) strictly enforces VM isolation, and is equipped with additional security abilities such as packet filtering (to prevent, for instance, VM’s creating spoofed traffic and other well-known security exploits).

It should be noted that while Azure automatically encrypts communications, it does not automatically encrypt your data. If you wish to store encrypted information in your Azure storage account, your application must first perform this encryption before sending the data to Azure. The .Net framework provides a convenient and powerful cryptography namespace that makes implementing the highest levels of encryption as simple as making a few function calls. No math degree required. Additionally, Azure will not protect data from an application whose design is inherently flawed from a security perspective. If you write an application that is blatantly vulnerable to SQL injection attacks, Azure will not compensate for your design. It is as secure as an application hosting and execution environment can be, but there is no substitute for a developer who designs with security in mind.

Another important safety factor for your data is availability. If the VM on which one of your role instances runs crashes, Microsoft has created software agents that constantly monitor such events and will gracefully move your role to a new VM. This will even protect from hardware failures, as the software agents can traverse the entire networked landscape to create new VM’s. There is also a sophisticated monitoring agent that engages in profuse logging and reporting, the contents of which are processed into human readable reports and made available to customers.

Microsoft has gone to great lengths to make Windows Azure an elegantly architected, high performance fortress. With guaranteed 99.95% uptime, stringent physical security, and robust failover mechanisms in terms of both electricity and software virtualization, customers can sleep well knowing their data is safe.