There are several things that comes to my mind when thinking about the stuff that needs to be secured on Windows Azure. At the infrastructure level, I am sure it is well-taken care off by Microsoft data centers and there are tonnes of whitepapers that we can find in the Microsoft Global Foundation Services website to read about it.
On the application level, we would still need to practice standard security principles such as encrypting our sensitive data, hashing passwords, using HTTPS for transport where applicable, impose proper authentication and authorization mechanisms in our applications and securing any WCF end-points that we are exposing from Windows Azure. Some people may assume that cloud solutions are either a silver-bullet to their security problems or they are very insecure because "everyone can access it".
There is no difference at the application-level. Cloud or on-premise, proper security practices should be in-place. I realized that from interactions with people, the main concerns of security are usually the infrastructure and application, However, there is a tiny concern that most people seem to overlook. The weakest point to our Windows Azure assets is neither the infrastructure or application, it is the Windows Live ID that is used to login to the Windows Azure Portal. Yup! The same ID we used for our Live Messenger and XBOX Live.
If the Windows Live ID is compromised, an attacker can easily delete services, change certs, hi-jack administrative control, block access to data or just provision extra instances to bomb your credit card (Luckily, the default maximum instance is only 20). It is very common that organizations will either use the Infra Manager's or CTO's Live ID for Windows Azure. This is somewhat dangerous because the Windows Live ID is a personal thing and we are unsure whether the Live ID is compromised (i.e. clicked on those "Hey! Here is a picture of you" links in Live Messenger).
Therefore, I would suggest creating a separate "Company Windows Live ID" for your organization, tie the credit card to that ID and entrust it with the person who is in-charge of deploying the applications. This Windows Live ID should not be used for e-mail, chat or even XBOX :p
P.S. Remember to change the password of the Windows Live ID when the person changes role or no longer works for the company.
Popular Post
-
Much has been made of late of Toyota and other automakers claims they will commercialize hydrogen fuel cell vehicles in 2015. Of course, we...
-
Size no obstacle to safety The latest version of Land Rover's smallest 4x4 model, the Freelander 2, has been awarded the maximum five st... -
Good morning, y'all! In today's Writing in my Car, author Patricia Sands talks about starting her writing journey -- the surprises,...
-
F ollowing my post, Exploring Unchartered Regions , I've finally managed to pull through 'the feat' today. It was actually the 0...
-
Photo: Diane Edwardson, September 28, 2011. California Black Walnuts help keep the upper plateau in the controversial 16-lot subdivision fr...
-
In case you missed it, here is a press release from the council for a "Planned Walk" which took place in the week before Christmas... -
Is this another future car previewed by a die-cast model? It seems so. After a Hot Wheels toy model gave us our first look at the 2013 SRT... -
Santa Monica AltFuel Expo was by all standard measure an overwhelming success. Thousands packed the hangar to meander through exhibits by c...
-
I 'm currently preparing the second edition of my Application Architecture workshop which is a revision to the previous Application Arch...
-
Photo: Diane Edwardson, January 21, 2011. Looks like this is 2055 El Moran, this week. **UPDATE BELOW Developers lie. All the ...
No comments:
Post a Comment