There are several things that comes to my mind when thinking about the stuff that needs to be secured on Windows Azure. At the infrastructure level, I am sure it is well-taken care off by Microsoft data centers and there are tonnes of whitepapers that we can find in the Microsoft Global Foundation Services website to read about it.
On the application level, we would still need to practice standard security principles such as encrypting our sensitive data, hashing passwords, using HTTPS for transport where applicable, impose proper authentication and authorization mechanisms in our applications and securing any WCF end-points that we are exposing from Windows Azure. Some people may assume that cloud solutions are either a silver-bullet to their security problems or they are very insecure because "everyone can access it".
There is no difference at the application-level. Cloud or on-premise, proper security practices should be in-place. I realized that from interactions with people, the main concerns of security are usually the infrastructure and application, However, there is a tiny concern that most people seem to overlook. The weakest point to our Windows Azure assets is neither the infrastructure or application, it is the Windows Live ID that is used to login to the Windows Azure Portal. Yup! The same ID we used for our Live Messenger and XBOX Live.
If the Windows Live ID is compromised, an attacker can easily delete services, change certs, hi-jack administrative control, block access to data or just provision extra instances to bomb your credit card (Luckily, the default maximum instance is only 20). It is very common that organizations will either use the Infra Manager's or CTO's Live ID for Windows Azure. This is somewhat dangerous because the Windows Live ID is a personal thing and we are unsure whether the Live ID is compromised (i.e. clicked on those "Hey! Here is a picture of you" links in Live Messenger).
Therefore, I would suggest creating a separate "Company Windows Live ID" for your organization, tie the credit card to that ID and entrust it with the person who is in-charge of deploying the applications. This Windows Live ID should not be used for e-mail, chat or even XBOX :p
P.S. Remember to change the password of the Windows Live ID when the person changes role or no longer works for the company.
Home » Windows Azure » Securing Windows Azure Assets
Popular Post
-
I'm stil revisiting old sketches but this time i took a very old sketch, from two years ago that i made before coming to italy.
-
Costco, the big box retailer, has for over a decade been the business with more electric vehicle charge stations in more places around Calif...
-
Photo: Diane Edwardson, October 10, 2011. Since breaking ground in 2006, the Corralitas Pits of Doom are living up to their name. (Click o...
-
There were lots of issues to contend with up to the end, but got through with flying colors. Consumer reports had something to say about our...
-
Step one is admitting you have a problem. So here goes: I am a book junkie. I love books. I buy them whenever I can. They are the only thing...
-
http://www.pressandjournal.co.uk/Article.aspx/2543951 THE man in charge of ensuring traffic flows freely in Aberdeen has urged shoppers to l...
-
S ince I'm on a tight schedule to Seattle, I've came up with a plan to avoid jet-lag (HaH! As if so simple!). Here is how it goes......
-
Extremobile is brought to you but none other than Extremo the Clown creator of the world famous Mirabilis Statuarius Vehiculum. This is the...
-
The debate over plans for a drastic hike in car tax is starting to get interesting, amid increasing fears within government that the revised...
-
I think this dash must be Bakelite, the fore runner of plastic
No comments:
Post a Comment