Securing a public cloud infrastructure : Windows Azure
Saugatuck Insight: Saugatuck believes that many users will find that changes required in internal organization and politics for moving from dedicated to shared resources pose significant challenges to the adoption of Cloud Computing.Source: Saugatuck Technology Inc., 2009 Cloud Infrastructure Survey (Julne09), WW N=670
Security Privacy Is your service secure? Are you HIPAA compliant? Are you ISO 27001 How do you ensure data certified? isolation? Questions Jurisdiction? Data retention?Have you ever had aservice outage? Do you have an incident response plan?Do you have performance Do you have SAS Type II Report?SLA? Do you provide 24*7 support? Reliability Business Practice
SaaS Software as a Service PaaS Platform as a Service IaaS Infrastructure as a ServicePublic Hybrid Private
Tampering & Denial of Elevation of Spoofing Disclosure Service PrivilegeVLANs VM switchTop of Rack hardening Load-balancedSwitches Partial Trust Infrastructure Certificate RuntimeCustom packet Services Networkfiltering Hypervisor bandwidth Shared-Access custom Port Scanning/ throttling Signatures sandboxing Service Enumeration HTTPS Virtual Service Configurable Service Definition Accounts scale-outfile, Windows SidechannelFirewall, VM switch protectionspacket filtering
Physical Attacks Central Admin On ServersCustomer Admin Users Windows Azure Customer Tenant External Web Site
Physical Attacks On ServersCustomer Admin Users Windows Azure Customer Tenant
Managed Code Access Security: partial trust Windows Account: running with least privileges Windows FW (VM): rules based on service model Virtual Machine: fixed CPU, memory, disk resources Root Partition Packet Filter: defense in depth against VM “jailbreaking” Network ACLs: dedicated VLANS for tenant nodes22
R G G G G G G Go u u u u u u uo e e e e e e et s s s s s s s t t t t t t tVM V V V V V V V M M M M M M M Hypervisor Network/Disk
World-Class SecurityService security starts with the data center Data center within a data center Motion sensors 24×7 secured access Biometric controlled access systems Video camera surveillance Security breach alarms
1 .Windows Azure Security Overview2. TechNet Webcast - Windows Azure Security - APeek Under the Hood (Level 100)3. MSDN Webcast - Security Talk - Using WindowsAzure Storage Securely (Level 200)4. Securing Microsofts Cloud Infrastructure
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.