In survey after survey, IT managers nominate ‘security’ as one of the prime reasons they are tentative about embracing public cloud servers.
Two of the most common security concerns for users of public cloud storage include data confidentiality and data integrity.
Data confidentiality means that data stored in that cloud should not be disclosed to unauthorised persons or devices, while data integrity refers to the owner of the data being made aware of any unauthorised changes.
As public cloud services have matured, the major providers have attempted to address both of these issues with new features.
Microsoft Azure is addressing cloud security using virtual private storage based on Searchable Encryption. Amazon Web Services has also responded with its own tools.
Today we compare the architecture level security and the application level security of the two from a theoretical perspective. Both these cloud service providers include significant provisions for dealing with cloud security issues – but one offers a clear differentiator.
Security in the public cloud
Using a shared hosting server has always been a threat to business, whether it is using a database management system on the host or a file system provided by the operating system of the server.
In a public cloud, the infrastructure is owned and controlled by the cloud service provider. Thus, infrastructure and computational resources are shared by several organisations - each with their own data privacy and security concerns - and customer data falls outside direct customer control.
The Azure approach to cloud security
The Microsoft Azure Platform is the central component of Microsoft cloud computing services, providing mechanisms to increase and decrease the computing resources of applications and services.
Windows Azure Environment - the operating system of the Azure platform - provides all features for hosting services in the cloud and it is split into five sub-components: Compute, Storage, Fabric Controller, Content delivery network (CDN) and Connect.
These sub-components are related to our investigation of data security. Each component provides a service that aims to deal with some of the main security issues. In Table1, we list the features of each sub-component:
|
Windows Azure Sub-Component |
What they provide |
How |
|
Compute |
1.Confidentiality 2.Availability |
1. Based on the number of role instances, it creates and runs a VM for each role instance. 2. It can run many different kinds of applications and support them for a very large number of simultaneous users. |
|
Storage |
Integrity |
Each Storage Account has two storage account keys and they provide full control over the associated data. |
|
Fabric Controller |
Availability |
By deciding where new applications should run and by choosing physical servers in order to optimise hardware utilisation. |
|
Content Delivery Network |
Availability |
Users anywhere around the world can have fast access to frequently accessed data. |
|
Connect |
Confidentiality |
By providing a way to establish a secure connection between a Window’s Azure application and a group of computers running Windows. |
Table 1: The Azure approach to security.
The Amazon approach to cloud security
In 2006, Amazon began to offer IT infrastructure services based on web services. The Amazon AWS cloud provides an infrastructure for deploying web-scale solutions and offers a variety of infrastructure services such as Amazon Simple Storage service (Amazon S3) and Amazon Elastic Compute Cloud (Amazon EC2). In Table 2, we list the security and availability elements of each of these services, with longer explanations included below.
|
Amazon AWS Services |
What they provide |
How |
|
Amazon Elastic Compute Cloud (Amazon EC2) |
Confidentiality |
Confidentiality is provided in Amazon EC2 on multiple levels: the OS of the host system, the virtual instance OS or guest OS, a firewall, and a signed API call. |
|
Amazon Simple Storage Services (S3) |
Availability |
It provided by Versioning. Users can recover its overwritten or deleted objects. |
Table 2: The Amazon approach to security.
Comparing the security features: Microsoft Azure and Amazon AWS
In comparing Amazon AWS and Microsoft Azure from the point of view of security features, we focus on the two main security issues mentioned earlier: data confidentiality and data integrity. Below we present a condensed overview of the way both service providers attempt to address these needs.
|
Security Issues |
Amazon AWS components |
Microsoft Azure components |
|
Confidentiality |
AWS Identity and Access Management (IAM) AWS Multi-Factor Authentication (MFA) Key rotation |
Identity and Access Management(IAM) Isolation Encryption |
|
Integrity |
S3 server side encryption (SSE) Hash-based Message Authentication Code (HMAC) |
Cryptographic Cloud storage Services |
|
Availability |
23.5 minutes per month |
43 minutes per month |
Table 3: Security comparisons.
Read on as we look at confidentiality and integrity in detail...
Hi! You've reached one of our premium articles. This is available exclusively to subscribers.
It's free to register, and only takes a few minutes.
Once you sign up you'll have unlimited access to the full catalogue of Australia's best business IT content, as well as a daily news bulletin delivered straight to your inbox.
Register nowAlready have an account? Log in to read this article.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
