Seguridad en SQL Azure Windows azure

1,060
-1

Published on

This presentation includes topics about Security in SQL Azure and Windows Azure.

Regards,

Eduardo Castro Martinez
Comunidad Windows

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,060
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Seguridad en SQL Azure Windows azure

  1. 1. Dr. Eduardo Castro MartínezMicrosoft MVPecastro@mswindowscr.orghttp://comunidadwindows.orghttp://tiny.cc/comwindowshttp://ecastrom.blogspot.com
  2. 2. Saugatuck Insight: Saugatuck believes that many users will find that changes required in internal organization and politics for moving from dedicated to shared resources pose significant challenges to the adoption of Cloud Computing.Source: Saugatuck Technology Inc., 2009 Cloud Infrastructure Survey (Julne09), WW N=670
  3. 3. Security Privacy Is your service secure? Are you HIPAA compliant? Are you ISO 27001 How do you ensure data certified? isolation? Questions Jurisdiction? Data retention?Have you ever had aservice outage? Do you have an incident response plan?Do you have performance Do you have SAS Type II Report?SLA? Do you provide 24*7 support? Reliability Business Practice
  4. 4. location  ownership  control
  5. 5. 10
  6. 6. SaaS Software as a Service PaaS Platform as a Service IaaS Infrastructure as a ServicePublic Hybrid Private
  7. 7. Tampering & Denial of Elevation of Spoofing Disclosure Service PrivilegeVLANs VM switch Load-balancedTop of Rack hardening InfrastructureSwitches Partial Trust Certificate Network RuntimeCustom packet Services bandwidthfiltering throttling Hypervisor Shared-Access custom Port Scanning/ Signatures CiscoGuard sandboxing Service enabled on Enumeration HTTPS Storage nodes Virtual Service Service Definition Accountsfile, Windows Sidechannel ConfigurableFirewall, VM switch protections scale-outpacket filtering
  8. 8. Physical Attacks Central Admin On ServersCustomer Admin Users Windows Azure Customer Tenant External Web Site
  9. 9. Physical Attacks On ServersCustomer Admin Users Windows Azure Customer Tenant
  10. 10. Central Admin Windows Azure Customer Tenant
  11. 11. Windows AzureCustomer Tenant External Web Site
  12. 12. Customer Admin Users Windows Azure Customer Tenant
  13. 13. UsersWindows Azure Customer Tenant
  14. 14. Customer Admin Windows Azure Customer Tenant
  15. 15. Managed Code Access Security: partial trust Windows Account: running with least privileges Windows FW (VM): rules based on service model Virtual Machine: fixed CPU, memory, disk resources Root Partition Packet Filter: defense in depth against VM “jailbreaking” Network ACLs: dedicated VLANS for tenant nodes23
  16. 16. R G G G G G G Go u u u u u u uo e e e e e e et s s s s s s s t t t t t t tVM V V V V V V V M M M M M M M Hypervisor Network/Disk
  17. 17. World-Class SecurityService security starts with the data center Data center within a data center Motion sensors 24×7 secured access Biometric controlled access systems Video camera surveillance Security breach alarms
  18. 18. World-Class Security Security Data RiskPrivacy Management
  19. 19. HIPAA MBI HBI PCIISO 27001 FISMA
  20. 20. Customer and Partner Requests and Feedback Competitive Market Position Size Recommendatio n Compliance Landscape US Govt Banking Investing Healthcare Energy Federal and StatePCI DSS frequently mentioned • ITAR • BASE II • BASE II • HIPAA • NERC 1300too. • FISMA • NASD Vertical SpecificEven without PCI DSS, it is • FIPS-140possible for customers to writePCI compliant apps, although PCI DSS Credit Card Processingthis is not viable for some Sarbanes Oxley Financial Reporting EU Privacy Directive 1995/46 General Process and SecurityISO27001 and SAS70 werePCI-DSS specification notthe most frequently“cloud aware”. New specdiscussed by customers,coming in 14 months ISO 27001 General Process and Securitypartners, and field SAS Type II General Process and Security Provides assurance Required by law when performing certain tasks
  21. 21. ISO 27001 SAS 70 Type 2 PCI DSS Level 1Datacenters GFS X X X Microsoft Rackspace X X X Although they have SAS70, AWS does Terrecloud (hoster of X X -- not share contents of VMWare vCloud) In Europe audit with publicPaaS / IaaS Windows Azure -- -- -- Microsoft AWS -- X -- GAE -- -- -- BPOS has achieved distinct certifications Force.com / X X -- on top of GFS VMForce.comSaas BPOS X X -- Microsoft Google App -- X -- Engine Salesforce.com X X --
  22. 22. 42
  23. 23. Dr. Eduardo Castro MartínezMicrosoft MVPecastro@mswindowscr.orghttp://comunidadwindows.orghttp://tiny.cc/comwindowshttp://ecastrom.blogspot.com

×