Thursday, February 02, 2012

I'm from the Cloud and I'm here to help... No really, trust me... Looking at Microsoft Codename "Trust Services"

TechNet Articles - Microsoft Codename "Trust Services" Getting Started Tutorial

Table of Contents

  • Introduction
  • Prerequisites
  • Tutorial scenario
    • Step 1. Create certificates
    • Step 2. Create a Trust Server for your organization
    • Step 3. Install Trust Services SDK
    • Step 4. Create Data Policy using PowerShell
    • Step 5. Encrypt and decrypt data using PowerShell
  • Next Steps
  • Links


This tutorial shows how to perform the basic tasks in Trust Services.

Trust Services is a collection of components and Azure Service that enables secure information sharing through the Cloud. It enables you to encrypt your data before uploading it to cloud storage, saving it on a disk or sending it to your partner.

In this tutorial, you will learn how to subscribe to Trust Services, define policies that enforce protection of data, and use the policies to encrypt and decrypt sample data.
The demo scenario involves four parties:

  • Trust Services Administrator (TSA) manages account for his organization, creates a subscription for his organization and manages set of users (also known as principals) that can access Trust Services.
  • Trust Services Policy Administrator (TSPA) defines and manages security policies about the data that his organization owns.
  • Data Publisher is a user that runs an application that encrypts the data based on the policies defined by the TSPA.
  • Data Subscriber is a user that runs an application that decrypts the data encrypted by Data Publisher based on the policies defined by the TSPA.




Learn More about Microsoft Codename "Trust Services"

"Protect your data in the Cloud

Trust and Security have been hot topics for the public cloud since its inception. Corporate IT departments and CIOs have repeatedly expressed concerns over the loss of control associated with moving various levels of sensitive data to a public cloud. At the same time, the overall benefits of a public cloud are tremendous and continue to gain momentum. This means that many organizations have a pressing need to migrate to public cloud infrastructure in spite of ongoing concerns about security.

Encryption is one of the fundamental required tools for protecting data in the cloud. However, encrypting the data in the cloud, and then storing the encryption keys in the cloud in order to be able to access the data, provides only a very minor improvement over simply storing the data in the cloud in the first place.

Trust Services provides a unique combination of end-to-end application level encryption and power of the cloud to roam encryption keys in a totally secure way. It enables data driven applications to work with sensitive data, securely stored in different cloud-based storages while continuing to maintain control over access to this data.


I've not seen much in my stream on this, but really like the idea behind it, end to end encryption, encrypting my data before it hits the cloud. Since data privacy/security is one of the main roadblocks I'm seeing/hearing when "cloud" discussions come up, this project is very timely and one that I'll now be watching for more news on...

No comments: