There are several things that comes to my mind when thinking about the stuff that needs to be secured on Windows Azure. At the infrastructure level, I am sure it is well-taken care off by Microsoft data centers and there are tonnes of whitepapers that we can find in the Microsoft Global Foundation Services website to read about it.
On the application level, we would still need to practice standard security principles such as encrypting our sensitive data, hashing passwords, using HTTPS for transport where applicable, impose proper authentication and authorization mechanisms in our applications and securing any WCF end-points that we are exposing from Windows Azure. Some people may assume that cloud solutions are either a silver-bullet to their security problems or they are very insecure because "everyone can access it".
There is no difference at the application-level. Cloud or on-premise, proper security practices should be in-place. I realized that from interactions with people, the main concerns of security are usually the infrastructure and application, However, there is a tiny concern that most people seem to overlook. The weakest point to our Windows Azure assets is neither the infrastructure or application, it is the Windows Live ID that is used to login to the Windows Azure Portal. Yup! The same ID we used for our Live Messenger and XBOX Live.
If the Windows Live ID is compromised, an attacker can easily delete services, change certs, hi-jack administrative control, block access to data or just provision extra instances to bomb your credit card (Luckily, the default maximum instance is only 20). It is very common that organizations will either use the Infra Manager's or CTO's Live ID for Windows Azure. This is somewhat dangerous because the Windows Live ID is a personal thing and we are unsure whether the Live ID is compromised (i.e. clicked on those "Hey! Here is a picture of you" links in Live Messenger).
Therefore, I would suggest creating a separate "Company Windows Live ID" for your organization, tie the credit card to that ID and entrust it with the person who is in-charge of deploying the applications. This Windows Live ID should not be used for e-mail, chat or even XBOX :p
P.S. Remember to change the password of the Windows Live ID when the person changes role or no longer works for the company.
Popular Post
-
Photo: Russell Bates, 2010. Red Car Property neighborhood beekeepers in LA Times. (Click on photo to enlarge.)
-
V12 / 5.576 cc / 385 PS / 406 ft/lb (550 Nm) @ 4.000 / 0 - 62 mph (100 km/h): 6,6 s / Vmax: 155 mph (250 km/h) (click images for a larger ...
-
Photo: Diane Edwardson, February 18, 2012. Native California Black Walnuts are sprouting leaves on the Red Car Property. (Click on photo t...
-
A special edition Racer Ford P68 has been made by Racer for Great Traditions in Philadelphia for the Racer Resin National Final race for 201...
-
Series Imola: SC-4031C2 15.8x8mm. Imola Black SC-4031C3 15.8x8mm. Imola Blue SC-4046C2 16.5x8mm. Imola Black SC-4046C3 16.5x8mm. Imola Blue...
-
S4 / 1.984 cc / 200 PS / 207 ft/lb (280 Nm) @ 1.700 - 5.000 / turbo / AWD (click images for a larger view)
-
Subject line: Amazing Hi Jesse, Congratulations on an awesome site. After I read the other guy's compliment this morning I felt ashamed...
-
The human tides which inhabit the HMO's of Aberdeen's Broomhill Road are a constant source of trouble to their entrepreneurial landl... -
Survivors Of Gas Station Explosion Mourn Tragic Loss Of Gasoline
-
The next version of SQL Server Mobile - SQL Server 2005 Everywhere Edition . Currently, still in CTP. Weird name....
No comments:
Post a Comment