Azure 客户数据保护Azure customer data protection

默认情况下,拒绝 Microsoft 运营和支持人员访问客户数据。Access to customer data by Microsoft operations and support personnel is denied by default. 授权访问与支持案例相关的数据时,只能通过实时 (JIT) 模型授予该权限,其中该模型使用针对合规性和隐私策略进行审核和审查的策略。When access to data related to a support case is granted, it is only granted using a just-in-time (JIT) model using policies that are audited and vetted against our compliance and privacy policies. 访问控制要求由以下 Azure 安全策略制定:The access-control requirements are established by the following Azure Security Policy:

  • 默认情况下无权访问客户数据。No access to customer data, by default.
  • 客户虚拟机 (VM) 上没有用户帐户或管理员帐户。No user or administrator accounts on customer virtual machines (VMs).
  • 授予完成任务所需的最低特权;审核并记录访问权限请求。Grant the least privilege that's required to complete task; audit and log access requests.

Microsoft 为 Azure 支持人员分配独特的企业 Active Directory 帐户。Azure support personnel are assigned unique corporate Active Directory accounts by Microsoft. Azure 依赖于 Microsoft 信息技术 (MSIT) 管理的 Microsoft Corporate Active Directory 来控制对关键信息系统的访问。Azure relies on Microsoft corporate Active Directory, managed by Microsoft Information Technology (MSIT), to control access to key information systems. 要求执行多重身份验证,只从安全的控制台授予访问权限。Multi-factor authentication is required, and access is granted only from secure consoles.

所有访问尝试受到监视,可以通过一组基本报告来显示。All access attempts are monitored and can be displayed via a basic set of reports.

数据保护Data protection

Azure 按默认或者以客户选项的形式为客户提供可靠的数据安全性。Azure provides customers with strong data security, both by default and as customer options.

数据隔离 :Azure 是一项多租户服务,这意味着,多个客户的部署和 VM 存储在同一物理硬件上。Data segregation : Azure is a multi-tenant service, which means that multiple customer deployments and VMs are stored on the same physical hardware. Azure 使用逻辑隔离将每个客户的数据与其他客户的数据分离开来。Azure uses logical isolation to segregate each customer's data from the data of others. 分离提供多租户服务的缩放和经济优势,同时严格防止客户访问其他人的数据。Segregation provides the scale and economic benefits of multi-tenant services while rigorously preventing customers from accessing one another's data.

静态数据保护 :客户负责确保按标准加密 Azure 中存储的数据。At-rest data protection : Customers are responsible for ensuring that data stored in Azure is encrypted in accordance with their standards. Azure 提供各种加密功能,便于客户选择满足自己需求的最佳解决方案。Azure offers a wide range of encryption capabilities, giving customers the flexibility to choose the solution that best meets their needs. Azure Key Vault 可帮助客户轻松保持对密钥的控制,以便云应用程序和服务用于加密数据。Azure Key Vault helps customers easily maintain control of keys that are used by cloud applications and services to encrypt data. 客户可以使用 Azure 磁盘加密来加密 VM。Azure Disk Encryption enables customers to encrypt VMs. Azure 存储服务加密可以加密客户存储帐户中的所有数据。Azure Storage Service Encryption makes it possible to encrypt all data placed into a customer's storage account.

传输中数据保护 :Microsoft 提供了许多选项,客户可使用它们保护在 Azure 网络内部传输和跨 Internet 外部传输到最终用户的数据。In-transit data protection : Microsoft provides a number of options that can be utilized by customers for securing data in transit internally within the Azure network and externally across the Internet to the end user. 其中包括通过虚拟专用网(使用 IPsec/IKE 加密)、传输层安全性 (TLS) 1.2 或更高版本(通过 Azure 组件,例如应用程序网关或 Azure Front Door)、直接在 Azure 虚拟机上的协议(例如 Windows IPsec 或 SMB)等进行通信。These include communication through Virtual Private Networks (utilizing IPsec/IKE encryption), Transport Layer Security (TLS) 1.2 or later (via Azure components such as Application Gateway or Azure Front Door), protocols directly on the Azure virtual machines (such as Windows IPsec or SMB), and more.

此外,对于在 Azure 数据中心之间传输的所有 Azure 流量,启用使用 MACsec(数据链路层的 IEEE 标准)的“默认加密”,以确保客户数据的机密性和完整性。Additionally, "encryption by default" using MACsec (an IEEE standard at the data-link layer) is enabled for all Azure traffic travelling between Azure datacenters to ensure confidentiality and integrity of customer data.

数据冗余 :出现网络攻击或者数据中心遭到物理损坏时,Microsoft 可帮助确保数据受到保护。Data redundancy : Microsoft helps ensure that data is protected if there is a cyberattack or physical damage to a datacenter. 客户可以选择:Customers may opt for:

  • 出于合规或延迟方面的考虑使用国内/区域内存储。In-country/in-region storage for compliance or latency considerations.
  • 出于安全或灾难恢复目的使用国外/区域外存储。Out-of-country/out-of-region storage for security or disaster recovery purposes.

数据可在选定的地理区域中进行复制以实现冗余,但不会传输到此区域以外。Data can be replicated within a selected geographic area for redundancy but cannot be transmitted outside it. 客户可以使用多个选项来复制数据,包括指定副本数量,以及复制数据中心的数量和位置。Customers have multiple options for replicating data, including the number of copies and the number and location of replication datacenters.

创建存储帐户时,请选择以下复制选项之一:When you create your storage account, select one of the following replication options:

  • 本地冗余存储 (LRS) : 本地冗余存储保留数据的三个副本。Locally redundant storage (LRS) : Locally redundant storage maintains three copies of your data. LRS 会在单个区域的单个设施内复制三次。LRS is replicated three times within a single facility in a single region. LRS 可以保护数据免受普通的硬件故障损害,但无法保护数据免受单个设施故障的损害。LRS protects your data from normal hardware failures, but not from a failure of a single facility.
  • 区域冗余存储 (ZRS) :区域冗余存储保留数据的三个副本。Zone-redundant storage (ZRS) : Zone-redundant storage maintains three copies of your data. ZRS 在两到三个个设施之间复制三次,其持久性比 LRS 更高。ZRS is replicated three times across two to three facilities to provide higher durability than LRS. 复制在单个区域中或者在两个区域之间进行。Replication occurs within a single region or across two regions. ZRS 帮助在单个区域内确保数据持久保存。ZRS helps ensure that your data is durable within a single region.
  • 异地冗余存储 (GRS) :创建存储帐户时,默认会为该存储帐户启用异地冗余存储。Geo-redundant storage (GRS) : Geo-redundant storage is enabled for your storage account by default when you create it. GRS 维护数据的六个副本。GRS maintains six copies of your data. 使用 GRS 时,数据将在主要区域中复制三次。With GRS, your data is replicated three times within the primary region. 数据还会在离主要区域数百英里的次要区域中复制三次,从而提供最高级别的持久性。Your data is also replicated three times in a secondary region hundreds of miles away from the primary region, providing the highest level of durability. 当主要区域发生故障时,Azure 存储会故障转移到次要区域。In the event of a failure at the primary region, Azure Storage fails over to the secondary region. GRS 帮助在两个不同的区域中确保数据持久保存。GRS helps ensure that your data is durable in two separate regions.

数据销毁 :当客户删除数据或离开 Azure 时,Microsoft 会在重复使用之前遵循严格的规则覆盖存储资源,并对已退役的硬件执行物理销毁。Data destruction : When customers delete data or leave Azure, Microsoft follows strict standards for overwriting storage resources before their reuse, as well as the physical destruction of decommissioned hardware. 在客户提出请求和合同终止时,Microsoft 会执行完全数据删除。Microsoft executes a complete deletion of data on customer request and on contract termination.

客户数据所有权Customer data ownership

Microsoft 不会检查、审批或监视客户在 Azure 中部署的应用程序。Microsoft does not inspect, approve, or monitor applications that customers deploy to Azure. 此外,Microsoft 不知道客户选择在 Azure 中存储哪种类型的数据。Moreover, Microsoft does not know what kind of data customers choose to store in Azure. Microsoft 不会基于客户在 Azure 中输入的信息声索数据所有权。Microsoft does not claim data ownership over the customer information that's entered into Azure.

记录管理Records management

针对后端数据,Azure 已制定内部记录保留要求。Azure has established internal records-retention requirements for back-end data. 客户负责确定其自己的记录保留要求。Customers are responsible for identifying their own record retention requirements. 对于存储在 Azure 中的记录,客户需负责提取其数据,并根据自己指定的保留期在 Azure 的外部保留内容。For records that are stored in Azure, customers are responsible for extracting their data and retaining their content outside of Azure for a customer-specified retention period.

Azure 可让客户从产品中导出数据和审核报告。Azure allows customers to export data and audit reports from the product. 导出内容保存在本地,并根据客户定义的保留期保留信息。The exports are saved locally to retain the information for a customer-defined retention time period.

电子发现Electronic discovery (e-discovery)

Azure 客户在使用 Azure 服务时需负责遵守电子发现要求。Azure customers are responsible for complying with e-discovery requirements in their use of Azure services. 如果 Azure 客户必须保留其客户数据,可在本地导出并保存数据。If Azure customers must preserve their customer data, they may export and save the data locally. 此外,客户可以请求从 Azure 客户支持部门导出其数据。Additionally, customers can request exports of their data from the Azure Customer Support department. 除了允许客户导出其数据以外,Azure 还会在内部展开广泛的日志记录和监视。In addition to allowing customers to export their data, Azure conducts extensive logging and monitoring internally.

后续步骤Next steps

若要详细了解 Microsoft 如何保护 Azure 基础结构,请参阅:To learn more about what Microsoft does to secure the Azure infrastructure, see: