There are several things that comes to my mind when thinking about the stuff that needs to be secured on Windows Azure. At the infrastructure level, I am sure it is well-taken care off by Microsoft data centers and there are tonnes of whitepapers that we can find in the Microsoft Global Foundation Services website to read about it.
On the application level, we would still need to practice standard security principles such as encrypting our sensitive data, hashing passwords, using HTTPS for transport where applicable, impose proper authentication and authorization mechanisms in our applications and securing any WCF end-points that we are exposing from Windows Azure. Some people may assume that cloud solutions are either a silver-bullet to their security problems or they are very insecure because "everyone can access it".
There is no difference at the application-level. Cloud or on-premise, proper security practices should be in-place. I realized that from interactions with people, the main concerns of security are usually the infrastructure and application, However, there is a tiny concern that most people seem to overlook. The weakest point to our Windows Azure assets is neither the infrastructure or application, it is the Windows Live ID that is used to login to the Windows Azure Portal. Yup! The same ID we used for our Live Messenger and XBOX Live.
If the Windows Live ID is compromised, an attacker can easily delete services, change certs, hi-jack administrative control, block access to data or just provision extra instances to bomb your credit card (Luckily, the default maximum instance is only 20). It is very common that organizations will either use the Infra Manager's or CTO's Live ID for Windows Azure. This is somewhat dangerous because the Windows Live ID is a personal thing and we are unsure whether the Live ID is compromised (i.e. clicked on those "Hey! Here is a picture of you" links in Live Messenger).
Therefore, I would suggest creating a separate "Company Windows Live ID" for your organization, tie the credit card to that ID and entrust it with the person who is in-charge of deploying the applications. This Windows Live ID should not be used for e-mail, chat or even XBOX :p
P.S. Remember to change the password of the Windows Live ID when the person changes role or no longer works for the company.
Popular Post
-
No technical specification available (click images for a larger view)
-
Cash For Clunkers Art Cars During the recent government "cash for clunkers" program this country witnessed an art car renaissance ... -
Pontamafrey-Montpascal - Feissons-sur-Isère: 36 miles (58 km) GPS coordinates: N 45°26´7” E 006° 22´32” Open: june - november The height of...
-
A pair of new special edition models equipped with accessories for off-road enthusiasts, the Grand Cherokee Trailhawk and Wrangler Moab, hav... -
The Message Stick Vehicle Art Car - Via Sacred Oz The message stick vehicle art car is a 1961 Vietnam war era army off road ambulance driven... -
Photo: Diane Edwardson, December 1, 2011. Last night's windstorm knocked down a huge eucalyptus tree on the 5 Freeway onto Riverside Dri...
-
Once again, a conference on plug-in cars. Coming on the heels of the Google/Brookings event in Washington, D.C., Plug-in 2008 in San Jose, ...
-
At this year’s 16th annual Moscow International Auto Show, local carmaker AutoVAZ premiered one of its more impressive concepts to date, the... -
Photo: Diane Edwardson, December 2, 2011. After a day of nervous watching of down power lines sparking spot fires on Lake View Ave. (monito...
-
V8 / 6.750 cc / 200 PS / 406 ft/lb (550 Nm) @ 1.750 / 0 - 62 mph (100 km/h): 11,0 s / Vmax: 118 mph (190 km/h) (click images for a larger v...
No comments:
Post a Comment