More and more organizations are moving SharePoint and SQL workloads into Microsoft Azure in the cloud because of the simplicity of spinning up servers in the cloud, adding more capacity, decreasing capacity without having to BUY servers on-premise. What used to cost organizations $20,000, $50,000, or more in purchasing servers, storage, network bandwidth, replica disaster recovery sites, etc and delay SharePoint and SQL rollouts by weeks or month is now completely managed by spinning up virtual machines up in Azure and customizing and configuring systems in the Cloud.
But the question always comes up, is it "safe" to put SQL data and SharePoint content up in the cloud? The answer is absolutely YES, that SQL and SharePoint up in Azure are perfectly safe to store protected content up in the cloud AS LONG AS the systems are configured properly! And in fact, we have configured SharePoint and SQL to actually be MORE SAFE (significantly more safe!) up in Azure than most organizations can claim their security today on-premise.
Here's the layers of security that can be put in place to PROTECT SharePoint and SQL up in Azure:
- Microsoft Azure Security: First of all, specific to what Microsoft does for security, a visit to Microsoft's Azure "Trust Center" (http://www.windowsazure.com/en-us/support/trust-center/security ) can provide organizations information about what Microsoft does built-in to their Azure cloud services. There's a whitepaper on Microsoft's security (http://go.microsoft.com/fwlink/?linkid=392408&clcid=0x409) up on the Trust site. Within the Trust site, if you click on Privacy it'll go through their statements and audits on privacy and security, and if you click on Compliance, it'll provide you information about their compliance to ISO, HIPAA, SOC 1 / SOC 2 / SSAE / ISAE Attestations, etc... There's a LOT there, and I'd say that MOST organizations that question Microsoft's Azure datacenter security need to ask themselves if they have 7-layers of defense, 3rd party audited security controls, security and compliance certifications, and the like.
BUT, the concern most security and compliance officers have is what if Microsoft is subpoenaed to hand over information OR what if somebody happens to hack their way past the 7-layers of defense, or potentially a rogue employee compromises the system, the above standards, audits, etc are good but not foolproof. SO, my recommendation has been to ENCRYPT your content and YOU keep your encryption key. Here's what can be layered ON TOP OF what Microsoft provides:
- Encrypt SQL: With Microsoft providing virtual machines that organizations can install SQL Server on those VMs, what an organization can (and should do) is to ENCRYPT their SQL databases! Microsoft has what is called "Transparent Data Encryption" (TDE) that allows an organization to encrypt the ENTIRE database and KEEP the key! TDE encryption will protect data in a SQL database, including obviously SharePoint content since SharePoint content is stored in a SQL database. This is a highly effective manner in keeping you in charge of your information, see Section 5 in this SQL on Azure Tutorial on encrypting the SQL data http://msdn.microsoft.com/en-us/library/dn466438.aspx
Sign up for CIO Asia eNewsletters.