Understanding Windows Azure Security

Whenever I talk with clients about Windows Azure or lead a training class on Windows Azure security is always one of the first, and most passionate, topics discussed.  People want, even need, to feel comfortable that the data and application logic is going to be safe when they give up physical control of that data or logic (the “secret sauce”).  When it comes to cloud computing, there is a lot of FUD about security.  In order to feel comfortable and knowledgeable about the security aspects of Windows Azure, it’s important to spend some time educating yourself on the security aspects of the platform.

Microsoft has recently published several great resources for learning more about Windows Azure security.  The first place I’d recommend checking out is the Windows Azure Trust Center.  The Windows Azure Trust Center provides security, compliance, trust, and FAQs related to Windows Azure.  This should provide the current answers and information on security for Windows Azure.  There is a lot of guidance and whitepapers here related to security of the Windows Azure datacenters, the platform itself, and developing secure applications on Windows Azure.

The Cloud Security Alliance (CSA) also has a Cloud Controls Matrix (CCM) that provides a framework which aligns to the CSA’s guidance for cloud security.  The CCM is part of the CSA’s Security, Trust & Assurance Registry (STAR).  Microsoft has recently provided a document which outlines how the core Windows Azure services meet the requirements outlined in the CSA’s Cloud Controls Matrix.  The document contains a lot of good information – check it out here.  You can also get the same document as it applies to Office 365 and Microsoft Dynamics CRM Online by going here.

Finally, for the developers amongst us, there is a great series on the ISV Developer Community Blog that discusses many aspects of Windows Azure security and how to incorporate secure application development into the development lifecycle.  Be sure to check out the entire seven-part “Windows Azure Security Best Practices” series:

• Part 1: The Challenges, Defense in Depth.
• Part 2: What Azure Provides Out-of-the-Box.
• Part 3: Identifying Your Security Frame.
• Part 4: What Else You Need to Do.
• Part 5: Claims-Based Identity, Single Sign On.
• Part 6: How Azure Services Extends Your App Security.
• Part 7: Tips, Tools, Coding Best Practices.

In the end, security is a partnership.  Those producing applications for cloud platforms such as Windows Azure need to develop robust, secure applications.  Hosting an insecure application in the cloud doesn’t magically make it secure.  Likewise, cloud computing providers and platforms, such as Microsoft’s Windows Azure platform, need to provide provide robust and secure platforms.  They need to provide information about the platform so those looking to use the platform can feel comfortable with it.  It’s about trust.

Once you’re comfortable with the security aspects of Windows Azure, download the tools and sign up for a free trial account (if you don’t already have an account or Windows Azure benefits through a program like MSDN).  Happy coding!