Before
diving in to the specifics of SQL Azure, let's look at a general
security framework to assess how Database as a Service can impact you.
The following discussion is based on the basic security principles
encapsulated by confidentiality, integrity, and availability (CIA). This
is referred to as the CIA triad
and is one of the most accepted forms of security categorization. SQL
Azure shifts the balance of the CIA triad from traditional SQL Server
installations.
1. Confidentiality
Confidentiality
is the ability to ensure that data can be accessed only by authorized
users. It's about protecting your data from prying eyes or from
inadvertent leakage by using multiple technologies, including the
following:
Encryption. Creates a ciphertext (encrypted information) that can be decrypted through the use of a shared key or a certificate
Hashing. Generates a ciphertext that can't be decrypted (typically used for password storage)
Access control. Controls access to data based on contextual information
Authentication. Controls who can access the database and which objects in the database a user can access
Firewall. Uses technology to limit network connectivity to a list of known machines
SQL Azure offers new
features, such as a firewall (as previously discussed); however, it
doesn't yet support data encryption natively (such as Transparent Data
Encryption [TDE] and field-level encryption), which places more emphasis
on the other confidentiality techniques.
SQL Server, on the other
hand, doesn't provide a native firewall (although it's possible to
purchase after-market database firewalls), but it offers strong
encryption capabilities. Finally, both SQL Server and SQL Azure offer
hashing capabilities.
Because SQL Azure
doesn't provide native encryption, your code needs to do all the hard
work. Not to worry! In this article, you see how to implement hashing
and encryption using C# and how to store the ciphertext in SQL Azure (or
SQL Server, for that matter).
2. Integrity
Data integrity
refers to the objective of ensuring that information is modified only
by authorized users. Integrity of data can be compromised in multiple
ways, such as a malicious SQL Injection attack or the unintentional
execution of a TRUNCATE statement on a table, wiping out all the records. You can implement integrity measures in a database as follows:
Authorization. Controls who can change what data
Backup. Creates a transactionally consistent database snapshot from which data can be recovered
Roles-based access. Provides the minimum access rights to different roles in a company, such as developers and support
Auditing. Tracks database access and data changes to provide an audit trail for forensic analysis
From an integrity
standpoint, SQL Azure doesn't yet provide the same capabilities as SQL
Server. SQL Azure does deliver strong authorization capabilities,
similar to SQL Server 2008. However, regular database backups and
activity auditing aren't available as of this writing. Microsoft is
building new backup mechanisms for SQL Azure, above and beyond the BCP
(Bulk Copy Program) operations available now.
3. Availability
Availability
ensures service uptime so your data can be accessed when it's needed.
Designing highly available systems can be very complex and requires
advanced knowledge in multiple areas including disk configuration,
system administration, disaster-recovery locations, and more. The
following are some of the technologies involved in high availability:
Redundant disks. Can recover from the loss of a disk spindle. Usually involves a RAID configuration.
Redundant networks. Can survive the loss of multiple network components, such as a network card or a router.
Redundant services. Can survive the interruption of services such as security and databases. An example is the use of Microsoft Cluster Service.
Redundant hardware. Can survive the loss of machine hardware, such as a CPU or a memory chip.
Scalability. Delivers information at near constant speed under load.
DOS prevention. Prevents successful denial of service (DoS) attacks that would otherwise prevent data availability.
In addition
to ensuring redundancy of infrastructure components, you need to
understand the recovery objectives of your business to determine how to
best implement your availability requirements.
SQL Azure offers a unique
platform because all the areas just listed are automatically provided
for. SQL Azure offers a 99.9% availability guarantee through its
service-level agreement (SLA). In order to deliver this high
availability, SQL Azure transparently keeps two additional standby
databases for each user database you create. If anything happens to one
of your user databases, one of the two backups takes over within a few
seconds; you may not even notice the failover process. SQL Azure also
provides automatic handling of DoS attacks.
SQL Azure accomplishes failover using the architecture shown in Figure 1.
You interact with a proxy that directs your request to whichever of
your databases is current. The standby databases aren't accessible to
you.
NOTE
In terms of availability,
SQL Azure far surpasses SQL Server; SQL Azure is built on a scalable
and highly available platform that doesn't require configuration or
tuning. None of the typical SQL Server configuration settings are
available in SQL Azure (such as CPU Affinity, Replication, Log Shipping,
and so on).
Let's take an example of a project
that needs to deploy a new application with high availability
requirements. The following items would need to be planned for in a
traditional SQL Server installation but are provided to you
automatically with SQL Azure:
Clustered SQL Server instance. Install and configure Microsoft Cluster Service and SQL Server instances in an active/active or active/passive configuration.
RAID configuration.
Purchase new disks and hardware to install and configure a RAID 10 (or
RAID 0+1) disk array (for disk redundancy and performance).
Disaster-recovery server. Purchase similar hardware and configure it at a disaster-recovery site.
Replication topology.
Create a mechanism to transfer the data from the primary site to the
secondary site using log shipping, replication, disk-level replication,
or another technique, depending on your needs.
Database tuning.
In larger systems, tuning SQL Server for high performance can be very
difficult and involves CPU and I/O affinitization, degree of
parallelism, and many other considerations.
Testing. Plan and execute a disaster-recovery plan once a year, to make sure it's working as intended.
And of course, you must
consider the costs associated with all these activities, the time it
takes to plan and execute such a project, and the specialized resources
needed to implement a highly available database environment.
By now, you can see that
although SQL Azure falls short in certain areas of security, it excels
in others, especially its availability model. Deploying a highly
available SQL Azure database is quick and extremely simple.