A recent survey by the conducted by Ponemon Institute among enterprise security professionals revealed that a majority of participant regarded the state of their cloud server security management as either fair or poor. 42 percent of the respondents said they probably would not know if their applications or data had been exposed or tampered with. Other key findings of the survey revealed:
- System administrators found the task of configuring firewalls for their cloud servers difficult and sometimes frustrating
- On some occasions administrators’ efforts to maintain security would inadvertently lock out users
- In a number of cases business units rather than IT departments were tasked with the responsibility for cloud security
- Major issues of concern included lapses in assess control, ports left open and insecure firewalls
These findings reveal a need for more awareness of the risks associated with moving data and applications to the cloud along with greater accountability and the need for better and more cost effective solution for cloud security.
Fortunately the answer for these concerns has already been provided with Microsoft’s Windows Azure platform. Windows Azure has been designed from the ground up with security in mind. It is built to insure the confidentiality, integrity and availability of data with features such as:
- .NET Access Control Service for verifying the identities of those who request to access to data and applications
- The use of Security Assertion Markup Language (SAML) tokens to control user access to applications and provide digital signatures
- The requirement that applications must maintain a list of digital certificates of Security Token Services it trusts
- The adherence to security and regulatory compliance standards
- The practice of classifying assets according to the level of security they require and providing more stringent security mechanisms for highly sensitive assets
- A cloud infrastructure which is managed by the Online Services Security and Compliance team
- Transparent accountability which allows customers to track the administration of services
- And annual audits to ensure PCI DSS, SOX and HIPAA compliance
Plus, there are additional mechanisms applied to separate layers of the cloud infrastructure including:
- Physical security of the data centers
- Network protection through the use of firewalls and application gateways
- The hardening of operating system instances and servers
- Use of Access Control Lists of persons and/or processes used by virtual local area networks and applications to manage authentication and authorization
- Securing of storage containers and virtual machine objects
- Configuring of internal and external DNS for restricting write access
Azure applications themselves are developed using the Security Development Lifecycle (SDL) principles of
- security by design
- security by default
- security in deployment
It is the practice of Azure application developers to ensure that application data is kept secured within the application layer, even encrypting data when they find it necessary.
Thus, users of Microsoft’s Windows Azure platform can have confidence that their data and applications in the cloud are secure while still remaining available and scalable.