See Jim O'Neil's post detailing the New, Improved, No-Risk Windows Azure Trial!
While writing the series of posts, I kept running into more best practices. So here are a few more items you should consider in securing your Windows Azure application.
Here are some tools, coding tips, and best practices:
In Windows Azure Security Best Practices -- Part 1: The Challenges, Defense in Depth, I described the threat landscape and introduces the plan for your application to employ defense in depth.
In this part, I explain that security with Windows Azure is a shared responsibility, and Windows Azure provides your application with security features than you may have employed in your on premises application. But then, it also exposes other vulnerabilities that you should consider. And in the end, you should be proactive in your application development to secure your application.
This section is meant to provide an overview of what Windows Azure provides. For more in depth information, see Global Foundation Services Online Security. The Global Foundation Services team delivers trustworthy, available online services that create a competitive advantage for you and for Microsoft’s Windows Azure.
Windows Azure Toolkit for Windows 8 helps you create Windows 8 Metro Style applications that can harness the power of Windows Azure. The idea is to connect your Windows application to data in the cloud.
Claims-based identity is a simple but powerful way of handling identity and access for your web sites and web services, whether you work on-premises or you are targeting the cloud. You can create more secure applications by reducing custom implementations and using a single simplified identity model based on claims.
Windows Identity Foundation (WIF) is a set of .NET Framework classes. It is a framework for implementing claims-based identity in your applications.
Several Windows Azure services help you extend your application security into the cloud.
Three services can help you in providing identity mapping between various providers, connections between an on premises data center, and abilities for applications (where ever they reside) to send messages to each other:
So which security threats are mitigated by the Windows Azure environment and which security threats must be mitigated by the developer?
The paper, Security Best Practices for Developing Windows Azure Applications, describes what you should consider as key threats that your an application running on the Windows Azure. And it shows specifically where Azure provides the mitigation and those you need to call APIs and those which you need to handle yourself. (It does not address regulatory compliance issues.)
When you are building out your cloud application, security should be front and center in your Windows Azure planning and execution.
In this part, I explore how you can examine the architecture of your application. The pattern and practices teams provide the idea of a Security Frame as a way to look at your application to determine treats and your responses, before you even begin coding.
I also describe how you can use the The Microsoft Security Development Lifecycle (SDL) in a prescribed way that you can adapt in your organization to address security in every process of your application’s lifecycle.
In a series of blog posts, I’ll provide a look into how you can secure your application in Windows Azure. This six-part series describes the threats, how you can respond, what processes you can put into place for the lifecycle of your application, and prescribes a way for you to implement best practices around the requirements of your application. I’ll also show ways for you to incorporate user identity and some of services Azure provides that will enable your users to access your cloud applications in new says.
Microsoft has announced plans to release an additional limited preview of an Apache Hadoop-based service for Windows Azure in the first half of 2012.
Since the first limited preview released in December, customers such as Webtrends and the University of Dundee are using the Hadoop-based service to glean simple, actionable insights from complex data sets hosted in the cloud.
Customers interested in signing up for the latest preview should visit http://www.hadooponazure.com.