The Integrity of data on Windows Azure allows the consumer data to be protected from unauthorized changes. The Windows Azure fabric acts as a virtual machine and each virtual machine is connected to three virtual hard drives:
• The D: drive contains one of several versions of the Guest OS, kept up-to-date, selectable by the customer.
• The E: drive contains an image based on the package provided by the customer.
• The C: drive contains configuration information, paging files, and other storage.
The virtual drives E: and D: are read-only and are updated only by the Windows Azure operating system from time to time. This design preserves the integrity of both the operating system and customer application.
Only consumers with the verified digital certificates can access and change the configuration files using SMAPI or the Windows Azure portal.
For Windows Azure storage, security is implemented by the applications that access data. This means that the hosted applications should also contain integrity checks. This also means that a part of Windows Azure security for storage is dependent on the consumers. Other than these, we have talked about the SAK on the previous page.