• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Seguridad en SQL Azure Windows azure
 

Seguridad en SQL Azure Windows azure

on

  • 1,408 views

This presentation includes topics about Security in SQL Azure and Windows Azure.

This presentation includes topics about Security in SQL Azure and Windows Azure.

Regards,

Eduardo Castro Martinez
Comunidad Windows

Statistics

Views

Total Views
1,408
Views on SlideShare
1,408
Embed Views
0

Actions

Likes
0
Downloads
11
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Seguridad en SQL Azure Windows azure Seguridad en SQL Azure Windows azure Presentation Transcript

    • Dr. Eduardo Castro MartínezMicrosoft MVPecastro@mswindowscr.orghttp://comunidadwindows.orghttp://tiny.cc/comwindowshttp://ecastrom.blogspot.com
    • Saugatuck Insight: Saugatuck believes that many users will find that changes required in internal organization and politics for moving from dedicated to shared resources pose significant challenges to the adoption of Cloud Computing.Source: Saugatuck Technology Inc., 2009 Cloud Infrastructure Survey (Julne09), WW N=670
    • Security Privacy Is your service secure? Are you HIPAA compliant? Are you ISO 27001 How do you ensure data certified? isolation? Questions Jurisdiction? Data retention?Have you ever had aservice outage? Do you have an incident response plan?Do you have performance Do you have SAS Type II Report?SLA? Do you provide 24*7 support? Reliability Business Practice
    • location  ownership  control
    • 10
    • SaaS Software as a Service PaaS Platform as a Service IaaS Infrastructure as a ServicePublic Hybrid Private
    • Tampering & Denial of Elevation of Spoofing Disclosure Service PrivilegeVLANs VM switch Load-balancedTop of Rack hardening InfrastructureSwitches Partial Trust Certificate Network RuntimeCustom packet Services bandwidthfiltering throttling Hypervisor Shared-Access custom Port Scanning/ Signatures CiscoGuard sandboxing Service enabled on Enumeration HTTPS Storage nodes Virtual Service Service Definition Accountsfile, Windows Sidechannel ConfigurableFirewall, VM switch protections scale-outpacket filtering
    • Physical Attacks Central Admin On ServersCustomer Admin Users Windows Azure Customer Tenant External Web Site
    • Physical Attacks On ServersCustomer Admin Users Windows Azure Customer Tenant
    • Central Admin Windows Azure Customer Tenant
    • Windows AzureCustomer Tenant External Web Site
    • Customer Admin Users Windows Azure Customer Tenant
    • UsersWindows Azure Customer Tenant
    • Customer Admin Windows Azure Customer Tenant
    • Managed Code Access Security: partial trust Windows Account: running with least privileges Windows FW (VM): rules based on service model Virtual Machine: fixed CPU, memory, disk resources Root Partition Packet Filter: defense in depth against VM “jailbreaking” Network ACLs: dedicated VLANS for tenant nodes23
    • R G G G G G G Go u u u u u u uo e e e e e e et s s s s s s s t t t t t t tVM V V V V V V V M M M M M M M Hypervisor Network/Disk
    • World-Class SecurityService security starts with the data center Data center within a data center Motion sensors 24×7 secured access Biometric controlled access systems Video camera surveillance Security breach alarms
    • World-Class Security Security Data RiskPrivacy Management
    • HIPAA MBI HBI PCIISO 27001 FISMA
    • Customer and Partner Requests and Feedback Competitive Market Position Size Recommendatio n Compliance Landscape US Govt Banking Investing Healthcare Energy Federal and StatePCI DSS frequently mentioned • ITAR • BASE II • BASE II • HIPAA • NERC 1300too. • FISMA • NASD Vertical SpecificEven without PCI DSS, it is • FIPS-140possible for customers to writePCI compliant apps, although PCI DSS Credit Card Processingthis is not viable for some Sarbanes Oxley Financial Reporting EU Privacy Directive 1995/46 General Process and SecurityISO27001 and SAS70 werePCI-DSS specification notthe most frequently“cloud aware”. New specdiscussed by customers,coming in 14 months ISO 27001 General Process and Securitypartners, and field SAS Type II General Process and Security Provides assurance Required by law when performing certain tasks
    • ISO 27001 SAS 70 Type 2 PCI DSS Level 1Datacenters GFS X X X Microsoft Rackspace X X X Although they have SAS70, AWS does Terrecloud (hoster of X X -- not share contents of VMWare vCloud) In Europe audit with publicPaaS / IaaS Windows Azure -- -- -- Microsoft AWS -- X -- GAE -- -- -- BPOS has achieved distinct certifications Force.com / X X -- on top of GFS VMForce.comSaas BPOS X X -- Microsoft Google App -- X -- Engine Salesforce.com X X --
    • 42
    • Dr. Eduardo Castro MartínezMicrosoft MVPecastro@mswindowscr.orghttp://comunidadwindows.orghttp://tiny.cc/comwindowshttp://ecastrom.blogspot.com