I just read the Windows Azure Security Architecture whitepaper, which is describing security practices used with Windows Azure platform. Definitely interesting for anyone that is wondering how the data is protected in the cloud. A specially interesting section (for me, at least) was the one that describes how the integrity of the data is enforced – on the VM level. Here is a short excerpt:
“… The primary mechanism of integrity protection for customer data lies within the Fabric VM design itself. Each VM is connected to three local Virtual Hard Drives (VHDs):
- The D: drive contains one of several versions of the Guest OS, kept up-to-date with relevant patches, selectable by the customer.
- The E: drive contains an image constructed by the FC based on the package provided by the customer.
- The C: drive contains configuration information, paging files, and other storage….”
So (for one thing) it is pretty clear how the OS with the patches is protected and moved away from the configuration files (that can change, even during execution)…