TeamStation AI System Report LATAM IT Salaries 2024
Securing a public cloud infrastructure : Windows Azure
1.
2.
3.
4.
5.
6. Saugatuck Insight:
Saugatuck believes
that many users will
find that changes
required in internal
organization and
politics for moving
from dedicated to
shared resources
pose significant
challenges to the
adoption of Cloud
Computing.
Source: Saugatuck Technology Inc., 2009 Cloud Infrastructure Survey (Julne09), WW N=670
7. Security Privacy
Is your service secure? Are you HIPAA compliant?
Are you ISO 27001 How do you ensure data
certified? isolation?
Questions
Jurisdiction? Data retention?
Have you ever had a
service outage?
Do you have an incident response plan?
Do you have performance
Do you have SAS Type II Report?
SLA?
Do you provide 24*7 support?
Reliability Business Practice
11. SaaS
Software as a Service
PaaS
Platform as a Service
IaaS
Infrastructure as a Service
Public Hybrid Private
12. Tampering & Denial of Elevation of
Spoofing Disclosure Service Privilege
VLANs
VM switch
Top of Rack hardening
Load-balanced
Switches Partial Trust
Infrastructure
Certificate Runtime
Custom packet Services
Network
filtering Hypervisor
bandwidth
Shared-Access custom
Port Scanning/ throttling
Signatures sandboxing
Service
Enumeration HTTPS Virtual Service
Configurable
Service Definition Accounts
scale-out
file, Windows Sidechannel
Firewall, VM switch protections
packet filtering
13.
14.
15.
16. Physical Attacks
Central Admin On Servers
Customer Admin Users
Windows Azure
Customer Tenant
External Web Site
17. Physical Attacks
On Servers
Customer Admin Users
Windows Azure
Customer Tenant
22. Managed Code
Access Security:
partial trust
Windows Account:
running with least
privileges
Windows FW (VM):
rules based on service
model
Virtual Machine: fixed
CPU, memory, disk
resources
Root Partition Packet
Filter: defense in
depth against VM
“jailbreaking”
Network ACLs:
dedicated VLANS for
tenant nodes
22
23.
24.
25. R G G G G G G G
o u u u u u u u
o e e e e e e e
t s s s s s s s
t t t t t t t
V
M V V V V V V V
M M M M M M M
Hypervisor
Network/Disk
26.
27.
28.
29.
30.
31.
32.
33.
34.
35. World-Class
Security
Service security starts with the data center
Data center within a data center
Motion sensors
24×7 secured access
Biometric controlled access systems
Video camera surveillance
Security breach alarms
36.
37. 1 .Windows Azure Security Overview
2. TechNet Webcast - Windows Azure Security - A
Peek Under the Hood (Level 100)
3. MSDN Webcast - Security Talk - Using Windows
Azure Storage Securely (Level 200)
4. Securing Microsoft's Cloud Infrastructure