Crypto Services and Data Security in Windows Azure
Many early adopters of the Windows Azure platform still have a lot of
questions about platform security and its support of cryptography. My hope here
is to introduce some of the basic concepts of cryptography and related security
within the Windows Azure platform. The details of this topic could fill whole
books, so I am only intending to demonstrate and review some of the cryptography
services and providers in Windows Azure. There are also some security
implications for any transition to Windows Azure.
As with any new platform or service delivery method, you’ll be faced with new
challenges. You’ll also be reminded that some of the classic problems still
exist and even that some of the same solutions you’ve used in the past will
still work very well. Any application engineer or designer should think about
this topic as it relates to the kind of data you may be storing as well as what
you need to persist. Combine this into a methodical approach and you and your
customers will be well-served.
So why would I think this information is needed within the developer
community? Over the last several months I’ve seen an increasing number of posts
on the community sites regarding security in general with Azure. Microsoft has
suggested encryption as part of securing application-layer data with Azure
projects. However, proper understanding of both encryption and the .NET security
model will be needed by product designers and developers building on the Windows
One thing I noticed was an increasing percentage of posts specific to crypto
services and key storage. This was especially true with regards to Windows Azure
Storage services. It got my own curiosity going, and I discovered it was a
worthy topic to discuss in some depth.
During the course of this article, I’ll be making heavy use of Cryptographic
Service Providers (CSPs), which are implementations of cryptographic standards,
algorithms and functions presented in a system program interface. For the
purposes of this article I’ll be using the symmetric encryption algorithm
provided by the Rijndael cryptography class.