There are several things that comes to my mind when thinking about the stuff that needs to be secured on Windows Azure. At the infrastructure level, I am sure it is well-taken care off by Microsoft data centers and there are tonnes of whitepapers that we can find in the Microsoft Global Foundation Services website to read about it.
On the application level, we would still need to practice standard security principles such as encrypting our sensitive data, hashing passwords, using HTTPS for transport where applicable, impose proper authentication and authorization mechanisms in our applications and securing any WCF end-points that we are exposing from Windows Azure. Some people may assume that cloud solutions are either a silver-bullet to their security problems or they are very insecure because "everyone can access it".
There is no difference at the application-level. Cloud or on-premise, proper security practices should be in-place. I realized that from interactions with people, the main concerns of security are usually the infrastructure and application, However, there is a tiny concern that most people seem to overlook. The weakest point to our Windows Azure assets is neither the infrastructure or application, it is the Windows Live ID that is used to login to the Windows Azure Portal. Yup! The same ID we used for our Live Messenger and XBOX Live.
If the Windows Live ID is compromised, an attacker can easily delete services, change certs, hi-jack administrative control, block access to data or just provision extra instances to bomb your credit card (Luckily, the default maximum instance is only 20). It is very common that organizations will either use the Infra Manager's or CTO's Live ID for Windows Azure. This is somewhat dangerous because the Windows Live ID is a personal thing and we are unsure whether the Live ID is compromised (i.e. clicked on those "Hey! Here is a picture of you" links in Live Messenger).
Therefore, I would suggest creating a separate "Company Windows Live ID" for your organization, tie the credit card to that ID and entrust it with the person who is in-charge of deploying the applications. This Windows Live ID should not be used for e-mail, chat or even XBOX :p
P.S. Remember to change the password of the Windows Live ID when the person changes role or no longer works for the company.
Popular Post
-
The BIG question Two contributions to the debate on climate change on last week's edition of BBC1's Question Time deserve to be rec...
-
London Low Sense Zone The likely harmful effect on Londoners' health of Livingstone's policy of piling more and more buses onto Lond...
-
You can be sure that whenever Mercedes-Benz presents a new model, the tuning crew at Brabus will follow up with a package of aftermarket goo... -
Photo: Diane Edwardson, May 18, 2011. Believe it or not, that's one of those new tiny trash trucks taking up the entire street, backing...
-
Photo: Diane Edwardson, January 26, 2011. The Red Tailed Hawks have been refurbishing their nest at the corner of Rosebud & Allesandro,...
-
Honda hits back against anti-4x4 lobby Car makers are starting to fight their corner against the irrational victimisation of 4x4s and their ...
-
With only four days remaining until the end of the current contract between the Canadian Auto Workers’ union (CAW) and the Detroit's Big... -
Mom and I reunited in the empty waiting room. How small she looked. Seemed as though the chemicals that streamed through her bloodstream had...
-
Developing an enterprise layered application can be a daunting task especially when the layered samples provided, contains a barrage of Visu...
No comments:
Post a Comment