Azure 设施、场地和物理安全性Azure facilities, premises, and physical security

本文介绍 Microsoft 如何保护 Azure 基础结构。This article describes what Microsoft does to secure the Azure infrastructure.

数据中心基础结构Datacenter infrastructure

Azure 由全球分布式数据中心基础结构组成,该基础结构支持数千个联机服务,并跨越全球 100 多个高度安全的设施。Azure is composed of a globally distributed datacenter infrastructure, supporting thousands of online services and spanning more than 100 highly secure facilities worldwide.

该基础结构旨在使应用程序更靠近全球用户、预留数据的驻留位置,并为客户提供全面的符合性与复原选项。The infrastructure is designed to bring applications closer to users around the world, preserving data residency, and offering comprehensive compliance and resiliency options for customers. Azure 在全球有 52 个区域,并已在 140 个国家/地区推出。Azure has 52 regions worldwide, and is available in 140 countries/regions.

区域是指通过大规模弹性网络互连的一系列数据中心。A region is a set of datacenters that is interconnected via a massive and resilient network. 该网络默认包含内容分发、负载均衡、冗余和加密功能。The network includes content distribution, load balancing, redundancy, and encryption by default. Azure 包含的全球区域比任何其他云提供商所包含的都多,因此允许你灵活地选择部署应用程序所需的位置。With more global regions than any other cloud provider, Azure gives you the flexibility to deploy applications where you need them.

Azure 区域组织为地域形式。Azure regions are organized into geographies. Azure 地域保证数据驻留、主权、符合性和恢复能力的要求在地域边界内得到遵从。An Azure geography ensures that data residency, sovereignty, compliance, and resiliency requirements are honored within geographical boundaries.

地域允许具有特定数据驻留和符合性要求的客户保持他们的数据和应用程序相邻近。Geographies allow customers with specific data-residency and compliance needs to keep their data and applications close. 通过与专用的高容量网络基础设施相连,地域具有容错能力,可承受整个区域的故障。Geographies are fault-tolerant to withstand complete region failure, through their connection to the dedicated, high-capacity networking infrastructure.

可用性区域是 Azure 区域中的物理上独立的位置。Availability zones are physically separate locations within an Azure region. 每个可用性区域都由一个或多个数据中心组成,这些数据中心都配置了独立电源、冷却和网络。Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking. 可用性区域允许运行任务关键型应用程序,同时具有高可用性和低延迟复制。Availability zones allow you to run mission-critical applications with high availability and low-latency replication.

下图显示了 Azure 全球基础结构如何将同一数据驻留边界内的区域和可用性区域配对,以实现高可用性、灾难恢复和备份。The following figure shows how the Azure global infrastructure pairs region and availability zones within the same data residency boundary for high availability, disaster recovery, and backup.

显示数据驻留边界的示意图

地理分布式数据中心使得 Microsoft 非常靠近客户,以降低网络延迟并实现异地冗余的备份和故障转移。Geographically distributed datacenters enables Microsoft to be close to customers, to reduce network latency and allow for geo-redundant backup and failover.

物理安全性Physical security

Microsoft 设计、构建和运营数据中心的方式能够严格控制对存储数据的区域的物理访问。Microsoft designs, builds, and operates datacenters in a way that strictly controls physical access to the areas where your data is stored. Microsoft 理解保护数据的重要性,并承诺帮助保护包含客户数据的数据中心。Microsoft understands the importance of protecting your data, and is committed to helping secure the datacenters that contain your data. Microsoft 专门设立了一个完整的部门来设计、构建和运营支持 Azure 的物理设施。We have an entire division at Microsoft devoted to designing, building, and operating the physical facilities supporting Azure. 此团队在维持一流物理安全性方面投入了大量的人力物力。This team is invested in maintaining state-of-the-art physical security.

Microsoft 采用分层方法实现物理安全性,以减少未经授权的用户获取数据和数据中心资源的物理访问权限的风险。Microsoft takes a layered approach to physical security, to reduce the risk of unauthorized users gaining physical access to data and the datacenter resources. Microsoft 管理的数据中心具有广泛的保护层:在设施周边、建筑物周边、建筑物内部和数据中心楼层上实施访问权限审批。Datacenters managed by Microsoft have extensive layers of protection: access approval at the facility’s perimeter, at the building’s perimeter, inside the building, and on the datacenter floor. 物理安全层包括:Layers of physical security are:

  • 访问权限请求和审批。Access request and approval. 必须在抵达数据中心之前请求访问权限。You must request access prior to arriving at the datacenter. 必须提供来访的有效业务理由,例如,出于法规或审核目的。You're required to provide a valid business justification for your visit, such as compliance or auditing purposes. Microsoft 员工根据“访问必要性”审批所有请求。All requests are approved on a need-to-access basis by Microsoft employees. “访问必要性”依据有助于将在数据中心完成某个任务所需的人数减到最少。A need-to-access basis helps keep the number of individuals needed to complete a task in the datacenters to the bare minimum. 在 Microsoft 授予权限后,个人只能根据批准的业务理由访问数据中心的所需离散区域。After Microsoft grants permission, an individual only has access to the discrete area of the datacenter required, based on the approved business justification. 权限的有效期限制为特定的一段时间,此后过期。Permissions are limited to a certain period of time, and then expire.

  • 设施周边。Facility’s perimeter. 抵达数据中心时,必须经过完善定义的访问点。When you arrive at a datacenter, you're required to go through a well-defined access point. 通常,由钢筋混凝土制成的高墙会围住周边的每一次土地。Typically, tall fences made of steel and concrete encompass every inch of the perimeter. 数据中心的周围有摄像头,安全团队全时间监控视频。There are cameras around the datacenters, with a security team monitoring their videos at all times.

  • 建筑物入口。Building entrance. 数据中心的入口由专业的保安人员值守,他们经受过严格的培训和背景检查。The datacenter entrance is staffed with professional security officers who have undergone rigorous training and background checks. 这些保安人员还会例行巡视数据中心,同时也会全时间监控数据中心内部的摄像头视频。These security officers also routinely patrol the datacenter, and monitor the videos of cameras inside the datacenter at all times.

  • 建筑物内部。Inside the building. 进入建筑物后,必须使用生物识别特征通过双重身份验证,然后才能继续在数据中心内部走动。After you enter the building, you must pass two-factor authentication with biometrics to continue moving through the datacenter. 如果你的身份通过验证,只能进入已获批访问的数据中心区域。If your identity is validated, you can enter only the portion of the datacenter that you have approved access to. 只能在该区域中逗留批准的一段时间。You can stay there only for the duration of the time approved.

  • 数据中心楼层。Datacenter floor. 你只能进入获批进入的楼层。You are only allowed onto the floor that you're approved to enter. 必须通过全身金属探测扫描。You are required to pass a full body metal detection screening. 为了减少在我们不知情的情况下,未经授权的数据进入或离开数据中心的风险,只有获批准的设备可以进入数据中心楼层。To reduce the risk of unauthorized data entering or leaving the datacenter without our knowledge, only approved devices can make their way into the datacenter floor. 此外,视频摄像头会监控每个服务器机架的正面和背面。Additionally, video cameras monitor the front and back of every server rack. 当你离开数据中心楼层时,同样需要通过全身金属探测扫描。When you exit the datacenter floor, you again must pass through full body metal detection screening. 若要离开数据中心,必须通过其他安全扫描。To leave the datacenter, you're required to pass through an additional security scan.

Microsoft 要求访问者必须在离开 Microsoft 设施时交回徽章。Microsoft requires visitors to surrender badges upon departure from any Microsoft facility.

物理安全性评审Physical security reviews

我们定期对设施执行物理安全性评审,确保数据中心正常满足 Azure 的安全要求。Periodically, we conduct physical security reviews of the facilities, to ensure the datacenters properly address Azure security requirements. 数据中心托管提供商人员不会提供 Azure 服务管理。The datacenter hosting provider personnel do not provide Azure service management. 这些人员无法登录 Azure 系统,且没有 Azure 机房和机舱的物理访问权限。Personnel can't sign in to Azure systems and don't have physical access to the Azure collocation room and cages.

数据承载设备Data bearing devices

Microsoft 使用最佳做法过程和符合 NIST 800-88 的数据擦除解决方案。Microsoft uses best practice procedures and a wiping solution that is NIST 800-88 compliant. 对于无法擦除的硬盘驱动器,我们会使用销毁过程来销毁该驱动器,并避免恢复信息。For hard drives that can't be wiped, we use a destruction process that destroys it and renders the recovery of information impossible. 销毁过程可能包括解体、切碎、粉碎或焚烧。This destruction process can be to disintegrate, shred, pulverize, or incinerate. 我们根据资产类型确定处置方式。We determine the means of disposal according to the asset type. 我们会保留销毁记录。We retain records of the destruction.

设备处置Equipment disposal

在系统使用寿命结束时,Microsoft 操作人员会遵循严格的数据处理过程和硬件处置过程,确保不会将包含数据的硬件提供给不受信任的一方使用。Upon a system's end-of-life, Microsoft operational personnel follow rigorous data handling and hardware disposal procedures to assure that hardware containing your data is not made available to untrusted parties. 对于支持安全擦除方法的硬盘驱动器,我们会使用此方法。We use a secure erase approach for hard drives that support it. 对于无法擦除的硬盘驱动器,我们会使用销毁过程来销毁该驱动器,并避免恢复信息。For hard drives that can’t be wiped, we use a destruction process that destroys the drive and renders the recovery of information impossible. 销毁过程可能包括解体、切碎、粉碎或焚烧。This destruction process can be to disintegrate, shred, pulverize, or incinerate. 我们根据资产类型确定处置方式。We determine the means of disposal according to the asset type. 我们会保留销毁记录。We retain records of the destruction. 所有 Azure 服务使用已批准的介质存储和处置管理服务。All Azure services use approved media storage and disposal management services.

合规性Compliance

Azure 基础结构的设计和管理符合广泛的国际和行业特定标准,例如 ISO 27001、HIPAA、FedRAMP、SOC 1 和 SOC 2。We design and manage the Azure infrastructure to meet a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1, and SOC 2. 此外还符合国家/地区特定的标准,包括澳大利亚的 IRAP、英国的 G-Cloud 和新加坡的 MTCS。We also meet country- or region-specific standards, including Australia IRAP, UK G-Cloud, and Singapore MTCS. 严苛的第三方审核(例如英国标准协会进行的审核)可验证 Azure 是否遵循严格的安全控制标准。Rigorous third-party audits, such as those done by the British Standards Institute, verify adherence to the strict security controls these standards mandate.

有关 Azure 遵守的合规标准的完整列表,请参阅合规性产品For a full list of compliance standards that Azure adheres to, see the Compliance offerings.

后续步骤Next steps

若要详细了解 Microsoft 如何帮助保护 Azure 基础结构,请参阅:To learn more about what Microsoft does to help secure the Azure infrastructure, see: