| By Hovhannes Avoyan |
Article Rating: |
|
| April 20, 2012 05:00 AM EDT |
Reads: |
5,666 |
This blog post is part of the series on Windows Azure. You can read the rest of this series here (Part 1 ; Part 2 ; Part 3).
There are very few organizations that apply as many security measures as Microsoft does for its Windows Azure service.
Listed below are some of the precautions Microsoft has implemented for Windows Azure to secure your applications and data:
- Secret Locations of Datacenters
For almost every organization, the datacenter is somewhere inside it. It’s not that hard for an intruder to find out the exact location. Microsoft keeps the information on the wherabouts of their datacenters strictly confidential.
In case someone finds out the location of a datacenter and tries to get in, they’ll face an extremely secured perimeter with fences, video surveillance, guards, and motion detectors. All these precautions make it extremely difficult, if not impossible, for someone to get in unauthorized.
Even though the external perimeter is secured, there has to be implemented measures to limit the access each individual working in the datacenter is granted. Biometric scanners make sure everyone goes only where they’re authorized to go.
- Internal Firewalls and Policies
In the unlikely event that someone actually gets unauthorized access to a server and plugs in, they won’t know which data is on which server. They will have very limited choices to do malicious activities.
- Reduced OS Attack Surface
The operating system of the servers hosting applications in Windows Azure is a stripped version of Windows Server 2008 R2, with only the services needed for hosting applications. This drastically reduces the attack surface for malicious users.
If someone actually gets access to a virtual machine that is hosting your application, they will not be able to interact with other virtual machines — even on the same hosting server – because of the implementation of the hypervisor that is running the virtual machines and its capability of completely isolating the virtual machines from each other.
- Virtual Machine Firewalls
Each virtual machine hosting your application has a built-in firewall that is completely closed by default, and you configure it to allow certain traffic to and from your application.
All of the Microsoft data centers are connected to the Internet over very big pipes that make it very hard for an intruder to attack the application using (Distributed) Denial of Service attacks.
The data your application is using is stored in three different physical locations by default, to avoid a single point of failure. Furthermore, you have the ability to replicate the data to your on-premise storage server, or even to a different datacenter.
Windows Azure allows you to implement SSL certificates in different places. There are Management certificates for the developers that are creating the application, and there are Application certificates that can be used between the clients and the application, or, between the application and the storage.
The Connect feature of Windows Azure allows you to connect your application to your on-premise Active Directory domain and use AD credentials for authentication in your application.
Stay tuned to Monitis blog posts for future articles on Windows Azure. We will show you how you can use Monitis to monitor the performance of your cloud applications as part of your overall IT infrastructure.
This blog post is part of the blog post series on Windows Azure. You can read the rest of this series here (Part 1 ; Part 2 ; Part 3).
Hovhannes Avoyan is the CEO of Monitis, Inc., a provider of on-demand systems management and monitoring software to 50,000 users spanning small businesses and Fortune 500 companies.
Prior to Monitis, he served as General Manager and Director of Development at prominent web portal Lycos Europe, where he grew the Lycos Armenia group from 30 people to over 200, making it the company's largest development center. Prior to Lycos, Avoyan was VP of Technology at Brience, Inc. (based in San Francisco and acquired by Syniverse), which delivered mobile internet content solutions to companies like Cisco, Ingram Micro, Washington Mutual, Wyndham Hotels , T-Mobile , and CNN. Prior to that, he served as the founder and CEO of CEDIT ltd., which was acquired by Brience. A 24 year veteran of the software industry, he also runs Sourcio cjsc, an IT consulting company and startup incubator specializing in web 2.0 products and open-source technologies.
Hovhannes is a senior lecturer at the American Univeristy of Armenia and has been a visiting lecturer at San Francisco State University. He is a graduate of Bertelsmann University.
Subscribe to Virtualization Journal Email News Alerts
Subscribe via RSS
