Can I use Microsoft Azure in zero-trust provider mode?

J

jmmb2yy2020-07-08 12:23:12

Encryption

jmmb2yy, 2020-07-08 12:23:12

Hello!

Introductory . My job as an administrator is to migrate Terminal Services from on-premise while maintaining full control over data ownership. Microsoft Azure resources seem to be the most attractive for this task than, for example, a dedicated server. But there is a problem of trust to the service provider. If in the case of a dedicated server, I can rent hardware with a TPM device on board, thereby ensuring transparent encryption of the host and all resources on it, then in the case of Microsoft Azure, the situation does not look so clear and simple to me. Azure offers its infrastructure for encryption and protection of hosts, but is it reliable enough in terms of data privacy.

Question. Is it possible to deploy Remote Desktop Services in Microsoft Azure in zero-trust and zero-knowledge modes? If so, how are these conditions secured?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

C

CityCat4, 2020-07-08
@CityCat4

Any device placed outside the perimeter works in zero-trust mode :) Because you have to take the word of the provider that the situation is exactly as he describes it. Depending on what kind of organization you represent, the provider can organize an imitation of anything for you - it's only a matter of resources, whether it is reasonable to involve them or not :)
reliability is not about protecting data from leakage and controlling it. This is about the fact that the servers work without failures 99.9 (9)% of the time, that Azure data is not processed with herring, etc. - and here azur has quite reliable
control over data- this is just about data protection, and here no one can give you a guarantee that Azur will not have access to your data - no matter how they swear and no matter how many encryption keys they offer - because they will generate these keys! :)