Protection of Data in Storage

Messenger v5 uses Microsoft Windows Azure SQL storage, located in the Europe North territory and protected by international statute.  The following are the most frequent discussion points centring on use of Windows Azure as a service delivery platform.

What provisions are in place to protect data from unauthorised access in Azure?

Windows Azure is subject to an extensive array of physical, logical and procedural measures to protect the security, confidentiality and integrity of data.  More information is available via the Windows Azure Trust Centre (see below) but the highlights are:

  • Edge packet filtering[1] and firewalling[2] protects our virtual machine instances
  • Developer access requires mutual SSL authentication using client-specific certificates[3]
  • Limited physical access to datacentres, and strict physical disk disposal policies[4]
  • Automated and integrated security patch management[5]

Are these measures independently verified?

  • Microsoft carries out regular penetration testing to identify security flaws[6]
  • Please see the ISO27001 certification for Windows Azure[7]
  • Please see the Cloud Security Alliance STAR submission for Windows Azure[8]

Is data encrypted in storage?

Both personal information and metadata are stored in Azure SQL unencrypted.  While at first glance this may seem inconsiderate to data security there is a sound rationale for this approach.

  • Encrypting data stored in the platform would indicate an absence of trust in the Windows Azure platform.  This is not the case and Groupcall have deemed the platform to meet/exceed an adequate level of data security for the purposes of Messenger v5.  This assessment takes into account the information provided in this document and further detail from Microsoft provided documentation.

Encrypting data does not significantly reduce the risk of exposure.  In order for Messenger v5 to display contacts, deliver messages and provide history and search functionality it would be necessary for data to be decrypted when required.  If Groupcall Messenger v5 or Windows Azure were compromised then the code to achieve this decryption would also be compromised and data would effectively be unprotected despite being encrypted.