If it can be network-enabled, it should be discussed and reported!

Telecom Innovation

Subscribe to Telecom Innovation: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Telecom Innovation: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Televation Authors: Cliff Beek, Elizabeth White, Pat Romanski, Carmen Gonzalez, Lori MacVittie

Related Topics: Cloud Computing, PC Security Journal, SSL Journal, Azure Cloud on Ulitzer, Security Journal, Mixed Network Integration, Microsoft Developer, CIO/CTO Update, Telecom Innovation, Java in the Cloud

Blog Feed Post

Windows Azure Overview Part 4: Security

Listed below are some of the precautions Microsoft has implemented for Windows Azure

This blog post is part of the series on Windows Azure. You can read the rest of this series here (Part 1 ; Part 2 ; Part 3).

There are very few organizations that apply as many security measures as Microsoft does for its Windows Azure service.

Listed below are some of the precautions Microsoft has implemented for Windows Azure to secure your applications and data:

  • Secret Locations of Datacenters

For almost every organization, the datacenter is somewhere inside it. It’s not that hard for an intruder to find out the exact location. Microsoft keeps the information on the wherabouts of their datacenters strictly confidential.

  • Secure Perimeter

In case someone finds out the location of a datacenter and tries to get in, they’ll face an extremely secured perimeter with fences, video surveillance, guards, and motion detectors. All these precautions make it extremely difficult, if not impossible, for someone to get in unauthorized.

  • Biometric Scanners

Even though the external perimeter is secured, there has to be implemented measures to limit the access each individual working in the datacenter is granted. Biometric scanners make sure everyone goes only where they’re authorized to go.

  • Internal Firewalls and Policies

In the unlikely event that someone actually gets unauthorized access to a server and plugs in, they won’t know which data is on which server.  They will have very limited choices to do malicious activities.

  • Reduced OS Attack Surface

The operating system of the servers hosting applications in Windows Azure is a stripped version of Windows Server 2008 R2, with only the services needed for hosting applications. This drastically reduces the attack surface for malicious users.

  • Software Firewalls

If someone actually gets access to a virtual machine that is hosting your application, they will not be able to interact with other virtual machines — even on the same hosting server – because of the implementation of the hypervisor that is running the virtual machines and its capability of completely isolating the virtual machines from each other.

  • Virtual Machine Firewalls

Each virtual machine hosting your application has a built-in firewall that is completely closed by default, and you configure it to allow certain traffic to and from your application.

  • DDoS Defense

All of the Microsoft data centers are connected to the Internet over very big pipes that make it very hard for an intruder to attack the application using (Distributed) Denial of Service attacks.

  • Distributed Data

The data your application is using is stored in three different physical locations by default, to avoid a single point of failure. Furthermore, you have the ability to replicate the data to your on-premise storage server, or even to a different datacenter.

  • SSL certificates

Windows Azure allows you to implement SSL certificates in different places. There are Management certificates for the developers that are creating the application, and there are Application certificates that can be used between the clients and the application, or, between the application and the storage.

  • Domain Identification

The Connect feature of Windows Azure allows you to connect your application to your on-premise Active Directory domain and use AD credentials for authentication in your application.

Stay tuned to Monitis blog posts for future articles on Windows Azure. We will show you how you can use Monitis to monitor the performance of your cloud applications as part of your overall IT infrastructure.

This blog post is part of the blog post series on Windows Azure. You can read the rest of this series here (Part 1Part 2Part 3).

Read the original blog entry...

More Stories By Hovhannes Avoyan

Hovhannes Avoyan is the CEO of PicsArt, Inc.,

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.