Protecting Your Data in the Microsoft Windows Azure Cloud
I’m often asked if we can protect sensitive data in the Microsoft Windows Azure cloud. The answer is YES, and I’ll try to summarize our support on the different flavors of Windows Azure here:
First, Windows Azure has both a Platform-as-a-Service offering (PaaS) to run applications and store data in SQL Azure, and an Infrastructure-as-a-Service (IaaS) offering that allows you to run full Virtual Machines. Our data protection solutions run in all versions of Windows Azure – anywhere you run applications in Azure, we provide encryption and key management solutions to protect your data.
Windows Azure Platform-as-a-Service:
In this environment we provide .NET libraries that perform encryption key retrieval from our Alliance Key Manager, a FIPS 140-2 certified key management HSM. Any data store you choose for your sensitive data is supported by our client libraries and include SQL Azure. Our .NET software libraries are add-ins to your Visual Studio project and let you seamlessly retrieve encryption keys from the HSM.
Windows Azure Infrastructure-as-a-Service:
In this environment we provide a broad set of data protection solutions for both Microsoft and non-Microsoft operating systems and applications. These include the following:
Microsoft SQL Server Extensible Key Management (EKM)
The Townsend Security EKM Provider software fully supports SQL Server Transparent Data Encryption (TDE) and Cell Level Encryption integrated with Townsend Security's Alliance Key Manager key server, a FIPS 140-2 certified HSM. Because no code or database application changes are required, TDE encryption is the fastest path to compliant data protection.
Microsoft SQL Server Standard and Web Editions
Many Microsoft customers use SQL Server Standard or Web editions in the Azure cloud. These editions of SQL Server do not support EKM and TDE. For these versions of SQL Server Townsend provides .NET software libraries to implement automatic column level encryption using SQL Views and Triggers.
Microsoft SharePoint provides a user-friendly collaboration platform for sharing documents, spreadsheets, and other files. When you need to protect sensitive information in SharePoint documents, Townsend provides TDE encryption of the SharePoint database, and full encryption for files stored in Remote Blob Storage (RBS). All document information and document files are encrypted with 256-bit AES encryption using the Alliance Key Server HSM. **
Microsoft Dynamics CRM, GP, AX, etc.
Microsoft customers using the popular Dynamics applications need to protect customer and employee information stored in these applications. Townsend Security's SQL Server TDE software provides full application data encryption and integrates with their Alliance Key Manager HSM.
Many Microsoft users create custom applications using a variety of Microsoft technologies. For customers developing applications in any .NET language such as C#, VBNET, and so forth, Townsend provides .NET software libraries to perform encryption key retrieval and encryption. These libraries support the protection of unstructured data and purpose-built applications that need encryption support.
Non-Microsoft databases, languages, and operating systems
Townsend supports a wide variety of non-Microsoft databases, languages and operating systems in Windows Azure. You can use Oracle Database, MySQL, and other commercial and open source databases on Azure. Townsend provides appropriate client-side libraries to help you protect data. Townsend also provides a rich set of language libraries to help you achieve your data protection goals. Language support includes Java, Perl, PHP, Python, C/C++, and others. And these work in other operating systems supported by Windows Azure such as Linux.
At this point I hope you are getting the idea that we can help you with any of your data protection needs in the Microsoft Azure cloud. With key management solutions on hardware HSMs, hosted facilities, and VMware platforms, I think we’ve got your back when it comes to Azure data protection.
** RBS encryption available in late 2013.