14 DAY TRIAL // Customers will not be able to dismiss responsibilities related to the security of their offerings and protecting their users just because they move away from on-premise environments. A new resource available from Microsoft is designed to provide insight into the process of bulletproofing applications running on top of Windows Azure.
Authored by a small cross-group team within Microsoft, which included the Security Development Lifecycle (SDL) group, the Security Best Practices for Developing Windows Azure Applications whitepaper can be grabbed free of charge from the Redmond company. Cloud platforms come with their own security challenges, and the documentation from the software giant streamlines the usage of security defenses built into Windows Azure. Still, Windows Azure’s default security measures are not sufficient.
According to Michael Howard, principal security program manager of Microsoft’s Security Development Lifecycle team, customers also need to take matters into their own hands. In this regard, developers can apply SDL practices in order to make sure that their Windows Azure solutions are bulletproofed as much as possible.
“Specifically, the paper details proven practices for secure design, development and deployment, including: service-layer/application security considerations; protections provided by the Azure platform and underlying network infrastructure; sample design patterns for hardened/reduced-privilege services,” Howard revealed.
SDL practices have a proven track record of boosting security for Microsoft’s desktop and server products, including Windows 7, Windows Vista, Windows Server 2008 and Windows Server 2008 R2. One important aspect that needs to be underlined is the fact that companies of all sizes can easily adhere to the SDL best practices, as they’re not required to have the same resources as the Redmond giant.
“We wrote this paper because no matter how many defenses we add to Windows Azure, it is important that people building software or hosting services in ‘The Cloud’ understand that they must also build software with security in mind from the start,” Howard added. “Read the paper if you’re building solutions for Windows Azure so you know the threats your application might face and you know the practices you should use to defend against those threats.”
New Paper: Security Best Practices For Developing Windows Azure Applications from Michael Howard on Vimeo