Azure Data Box Disk 安全性和数据保护Azure Data Box Disk security and data protection

本文介绍帮助保护每个 Data Box 解决方案组件及其存储的数据的 Azure Data Box 磁盘安全功能。This article describes the Azure Data Box Disk security features that help protect each of the Data Box solution components and the data stored on them.

通过组件运行的数据流Data flow through components

Azure Data Box 解决方案由四个彼此交互的主要组件构成:The Azure Data Box solution consists of four main components that interact with each other:

  • Azure 中托管的 Azure Data Box 服务 – 用于创建磁盘订单、配置磁盘,然后跟踪订单完成状态的管理服务。Azure Data Box service hosted in Azure – The management service that you use to create the disk order, configure the disks, and then track the order to completion.
  • Data Box 磁盘 – 寄送给你的,用于将本地数据导入 Azure 的物理磁盘。Data Box Disks – The physical disks that are shipped to you to import your on-premises data into Azure.
  • 连接到磁盘的客户端/主机 – 基础结构中的客户端,它们通过 USB 连接到 Data Box 磁盘,并包含需要保护的数据。Clients/hosts connected to the disks – The clients in your infrastructure that connect to the Data Box disk over USB and contain data that needs to be protected.
  • 云存储 – Azure 云中存储数据的位置。Cloud storage – The location in the Azure cloud where data is stored. 这通常是链接到所创建的 Azure Data Box 资源的存储帐户。This is typically the storage account linked to the Azure Data Box resource that you created.

下图指示了通过 Azure Data Box 磁盘解决方案运行的从本地到 Azure 的数据流。The following diagram indicates the flow of data through the Azure Data Box Disk solution from on-premises to Azure.

Data Box 磁盘安全性

安全功能Security features

Data Box 磁盘确保只有经过授权的实体能够查看、修改或删除你的数据,为数据保护提供安全的解决方案。Data Box Disk provides a secure solution for data protection by ensuring that only authorized entities can view, modify, or delete your data. 此解决方案的安全功能适用于该磁盘,以及用于确保磁盘中存储的数据安全性的关联服务。The security features for this solution are for the disk and for the associated service ensuring the security of the data stored on them.

Data Box 磁盘保护Data Box Disk protection

Data Box 磁盘受以下功能的保护:The Data Box Disk is protected by the following features:

  • 始终对磁盘进行 BitLocker AES-128 位加密。BitLocker AES-128 bit encryption for the disk at all times.
  • 磁盘安全更新功能。Secure update capability for the disks.
  • 寄送的磁盘处于锁定状态,只能通过 Data Box 磁盘解锁工具解锁。Disks are shipped in a locked state and can only be unlocked via a Data Box Disk unlock tool. Data Box 磁盘服务门户中提供了解锁工具。The unlock tool is available in the Data Box Disk service portal.

Data Box 磁盘数据保护Data Box Disk data protection

流入和流出 Data Box 磁盘的数据受以下功能的保护:The data that flows in and out of Data Box Disk is protected by the following features:

  • 始终对数据进行 BitLocker 加密。BitLocker encryption of data at all times.
  • 将数据上传到 Azure 后,从磁盘中安全擦除数据。Secure erasure of data from disk once data upload to Azure is complete. 数据擦除根据 NIST 800-88r1 标准进行。Data erasure is in accordance with NIST 800-88r1 standards.

Data Box 服务保护Data Box service protection

Data Box 服务受以下功能的保护。The Data Box service is protected by the following features.

  • 访问 Data Box 磁盘服务要求组织具备包含 Data Box 磁盘在内的 Azure 订阅。Access to the Data Box Disk service requires that your organization has an Azure subscription that includes Data Box Disk. 订阅决定可以在 Azure 门户中访问的功能。Your subscription governs the features that you can access in the Azure portal.
  • 由于 Data Box 服务在 Azure 中托管,因此受 Azure 安全功能的保护。Because the Data Box service is hosted in Azure, it is protected by the Azure security features. 有关 Azure 提供的安全功能的详细信息,请转到 Azure 信任中心For more information about the security features provided by Azure, go to the Azure Trust Center.
  • Data Box 磁盘在服务中存储用于解锁磁盘的磁盘支持密钥。The Data Box Disk stores disk passkey that is used to unlock the disk in the service.
  • Data box 磁盘服务在服务中存储订单详细信息和状态。The Data box Disk service stores order details and status in the service. 删除订单会删除这些信息。This information is deleted when the order is deleted.

管理个人数据Managing personal data

备注

本文介绍如何删除设备或服务中的个人数据,并且可为 GDPR 下的任务提供支持。This article provides steps for how to delete personal data from the device or service and can be used to support your obligations under the GDPR. 如需关于 GDPR 的常规信息,请参阅服务信任门户的 GDPR 部分If you're looking for general info about GDPR, see the GDPR section of the Service Trust portal.

Azure Data Box 磁盘在服务中收集并显示以下关键实例中的个人信息:Azure Data Box Disk collects and displays personal information in the following key instances in the service:

  • 通知设置 - 创建订单时,需在通知设置下配置用户的电子邮件地址。Notification settings - When you create an order, you configure the email address of users under notification settings. 此信息可由管理员查看。This information can be viewed by the administrator. 当作业进入终止状态或者删除订单时,服务会删除此信息。This information is deleted by the service when the job reaches the terminal state or when you delete the order.

  • 订单详细信息 – 创建订单后,用户的寄送地址、电子邮件和联系信息将存储在 Azure 门户中。Order details – Once the order is created, the shipping address, email, contact information of users is stored in the Azure portal. 保存的信息包括:The information saved includes:

    • 联系人姓名Contact name

    • 电话号码Phone number

    • 电子邮件Email

    • 街道地址Street address

    • 城市City

    • 邮政编码Zip/postal code

    • 状态State

    • 国家/地区/省/区域Country/Province/Region

    • 驱动器 IDDrive ID

    • 承运商帐号Carrier account number

    • 运输跟踪号Shipping tracking number

      作业完成或者删除订单时,Data Box 服务会删除订单详细信息。The order details are deleted by the Data Box service when the job completes or when you delete the order.

  • 寄送地址 – 下单后,Data Box 服务会向第三方承运人提供寄送地址。Shipping address – After the order is placed, Data Box service provides the shipping address to third party carriers.

有关详细信息,请在信任中心查看 Azure 隐私策略。For more information, review the Azure Privacy policy at Trust Center.

后续步骤Next steps