One of the key aspects to secure cloud hybrid applications is a secure connection from the cloud based services to the on premise base ones. With Windows Azure this is quite easy. You can use Windows Azure Connect to establish a secure IPV6/IPSec based tunnel from the individual role in Azure, to the individual service( s ) on premise. Channel 9 has a short video on this topic:
Something that tends to be a misunderstanding is that Azure Connect is not a VPN from your network, to the Internet. The connections are configured to go from a specific server, and services on your network, to a specific Role hosted in Azure. It is point to point and secured with IPSec. You aren’t exposing your network to the entire Internet over a VPN type connection.
There are a couple key benefits I see to this from a security angle.
Hybrid applications over Azure Connect provide an excellent means to create highly scalable and robust form filing, and data publication applications for public consumption. Definitely have a look at it.
Have you got an updated version of this post for Windows Azure Virtual Networks and the VPN connectivity? Would be useful!