dcsimg

Microsoft Azure Security Resources Released

WEBINAR:
On-Demand

Application Security Testing: An Integral Part of DevOps


A recorded chat by security architect for Microsoft Azure, Charlie Kaufman was published earlier this week by Microsoft. In this chat session, Kaufman described the broad concepts that enable security for Microsoft Azure customers, and he conceded at one point that Microsoft Azure security is "secure enough for some applications and not secure enough for others." Basically Microsoft Azure tenants (term used for Microsoft Azure customers) access virtual machines that tap into Microsoft Azure's pooled resources in the internet cloud environment. Access to these services are tied to each user's account which is established through a subscription portal. Tenants gain access to the service through a Windows Live ID. Kaufman said that the "cryptography behind Live ID is good."

Microsoft Azure has three basic components: storage, compute and SQL Azure (another form of storage). All these components run on separate hardware and communication is established via HTTP or SSL requests. Although all of the data on Microsoft Azure is stored in a single pool, access is only enabled via a secret key for each account, Kaufman explained. Microsoft Azure uses a different file system for its multi-tenant architecture. Existing applications need to be modified to use different types of storage, mainly blob (Binary Large Object) storage, Kaufman said. The C:, D: and E: drives that users see actually are virtual hard disks in the root operating system. Inputs and outputs go to the root OS and it makes sure that customers can only talk to their own disks. A network packet filter protects users from attacks from the outside, he added. Some attacks are possible with Microsoft Azure. The customer administration interface could be used to launch attacks. However, Microsoft typically keeps watch by checking for any malformed requests.

Customers have some security controls. They can determine how many role instances are needed. Each role instance creates a new C:, D: and E: drive structure and only one IP address is applied to a role instance. Customers can determine the size of each Virtual Machine that runs application software. Customers also specify what certificates, passwords and secret keys each Virtual Machine can use. If that isn't enough information about how Microsoft Azure enables security, Kaufman coauthored a white paper, "Microsoft Azure Security Overview," released this month, that goes into greater detail. The white paper is written for developers and "technical decision makers." Last month, Microsoft also released "Security Best Practices for Developing Windows Azure Applications." It describes Microsoft's Security Development Lifecycle, a process used internally by Microsoft to create its software products.

Microsoft provided more information about security for Microsoft Azure.

View Article



Comments

  • There are no comments yet. Be the first to comment!

  • You must have javascript enabled in order to post comments.

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • Mobility is reaching an inflection point in enterprise. Smart enterprises are moving away from tactical point solutions for mobile device management, looking instead for a secure, comprehensive, unified, and future-proof mobile-app platform. Enterprise applications are now at the heart of mobile productivity, data is shared outside the enterprise walls, and the data itself may reside on multiple devices and clouds. Read this guide to learn how a unified endpoint management (UEM) solution is critical to …

  • IDC estimates that more than 70% of organizations have a cloud-first application deployment strategy to align with digital transformation initiatives. As such, many organizations are transitioning to Microsoft Office 365 and utilizing public clouds such as Microsoft Azure. However, IT leaders are discovering that default data protection schemes are not as robust as they desire. As a result, many are turning to Veeam® to provide the necessary data management and protection policies demanded by the …

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date
×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.