THE SQL Server Blog Spot on the Web

Welcome to SQLblog.com - The SQL Server blog spot on the web Sign in | |
in Search

Buck Woody

Carpe Datum!

Windows Azure Security Links

Research shows that companies that are considering a “cloud” platform have various concerns, and that security is at the top of that list. I’ve put together a list of the resources I use for explaining our security posture, and the steps that you need to take to be secure in Windows and SQL Azure. I’ll try and keep this list current – if you don’t see something that you need, leave me a comment below and I’ll research that for you.

 

Security in any technology should use a multi-layered approach, and that holds true for cloud computing as well. There are things that Microsoft does for security, and things that you need to do to secure your own code and environment. As always, it’s best to discuss these items with a technical professional, but these links should provide you some good background to have those discussions.

This isn’t an exhaustive list; there will be other sources you can use for that, but I have it in a format that I think is easy to follow. Most of the links I show here have references to yet other sources as you need them.

 

General Information on Cloud Computing Security:

·         General Security Whitepaper – answers most questions: http://blogs.msdn.com/b/usisvde/archive/2010/08/10/security-white-paper-on-windows-azure-answers-many-faq.aspx

·         Windows Azure Security Notes from the Patterns and Practices site: http://blogs.msdn.com/b/jmeier/archive/2010/08/03/now-available-azure-security-notes-pdf.aspx

·         Great Overview of Azure Security: http://www.windowsecurity.com/articles/Microsoft-Azure-Security-Cloud.html

·         Azure Security Resources: http://reddevnews.com/articles/2010/08/19/microsoft-releases-windows-azure-security-resources.aspx

·         Cloud Computing Security Considerations: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=68fedf9c-1c27-4642-aa5b-0a34472303ea&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+MicrosoftDownloadCenter+%28Microsoft+Download+Center

·         Security in Cloud Computing – a Microsoft Perspective: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7c8507e8-50ca-4693-aa5a-34b7c24f4579&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+MicrosoftDownloadCenter+%28Microsoft+Download+Center

 

Physical Security for Microsoft’s Online Computing:

·         The Global Foundation Services group at Microsoft handles our physical security. It’s quite robust, and meets ISO 27001 and SAS-70 requirements. More here: http://www.globalfoundationservices.com/security/index.html

·         Microsoft’s Security Response Center: http://www.microsoft.com/security/msrc/

 

Software Security for Microsoft’s Online Computing:

·         Windows Azure is developed using the Trustworthy Computing Initiative - you should follow this as well: http://www.microsoft.com/about/twc/en/us/default.aspx and http://msdn.microsoft.com/en-us/library/ms995349.aspx

·         Identity and Access in the Cloud: http://blogs.msdn.com/b/technology_titbits_by_rajesh_makhija/archive/2010/10/29/identity-and-access-in-the-cloud.aspx

 

Security Steps you should take:

·         Securing your cloud architecture, step-by-step: http://technet.microsoft.com/en-us/magazine/gg296364.aspx

·         Security Guidelines for Windows Azure: http://redmondmag.com/articles/2010/06/15/microsoft-issues-security-guidelines-for-windows-azure.aspx

·         Best Practices for Windows Azure Security: http://blogs.msdn.com/b/vbertocci/archive/2010/06/14/security-best-practices-for-developing-windows-azure-applications.aspx

·         Active Directory and Windows Azure: http://blogs.msdn.com/b/plankytronixx/archive/2010/10/22/projecting-your-active-directory-identity-to-the-azure-cloud.aspx

·         Understanding Encryption (great overview and tutorial): http://blogs.msdn.com/b/plankytronixx/archive/2010/10/23/crypto-primer-understanding-encryption-public-private-key-signatures-and-certificates.aspx

·         Securing your Connection Strings: http://blogs.msdn.com/b/sqlazure/archive/2010/09/07/10058942.aspx

·         Getting started with Windows Identity Foundation (WIF) quickly: http://blogs.msdn.com/b/alikl/archive/2010/10/26/windows-identity-foundation-wif-fast-track.aspx

Published Monday, November 01, 2010 9:59 AM by BuckWoody
Filed under: , , ,

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

No Comments

Leave a Comment

(required) 
(required) 
Submit

About BuckWoody

http://buckwoody.com/BResume.html

This Blog

Syndication

Powered by Community Server (Commercial Edition), by Telligent Systems
  Privacy Statement