My wife has been asking me to create a web application for her business and from what I've read using SQL Azure would be perfect. Except for a couple of small (really really big) gotchas.
- She works in the financial industry and is HEAVILY regulated.
- The data she works with is very sensitive and has to have a minimum risk of exposure.
So my question is, if I put her companies information on SQL Azure how secure will it be? I'm not asking about general SQL Server/Azure security. I'm talking about the fact that this is a shared space. How possible is it to hack into the data, bypassing the security that I put into place?
Best Answer
Irrelevant. Seriously. It is irrelevant how secure it IS - if she is in a regulated industry, the provider has to provide the necessary guarantees, whether he fullfills them or not.
And you will find that Azure tells you nothing in the contracts. It is thus not good to use them, regardless how good their factual security is.
Example answer:
https://stackoverflow.com/questions/11167152/hosting-a-pci-compliant-app-on-azure
about azure PCI compliance - the asnwer is: not.
Check:
https://www.windowsazure.com/en-us/support/trust-center/compliance/
for more information. This is what you are guaranteed - the factual implementation is then not your problem.