Microsoft has decades-long experience building enterprise software and running some of the largest online services in the world. It has leveraged this to implement and continuously improve security-aware software development, operational management, and threat mitigation practices that are essential to the strong protection of data in the cloud.
Security is built into Azure from the ground up, starting with the Secure Development Lifecycle, a mandatory development process that embeds security requirements into every phase of the development process.
Microsoft ensures that the Azure infrastructure is resilient to attack by mandating that our operational activities follow the rigorous security guidelines laid out in the Operational Security Assurance (OSA) process.
This page would be too long to cover all measures taken by Microsoft, so instead you can download the Windows Azure Security Overview v1 01 white paper.