Hi Michael here.
Over the last few months, a small cross-group team within Microsoft, including the SDL team, has written a paper that explains how to use the security defenses in Windows Azure as well as how to apply practices from the SDL to build more secure Windows Azure solutions.
We wrote this paper because no matter how many defenses we add to Windows Azure, it is important that people building software or hosting services in “The Cloud” understand that they must also build software with security in mind from the start.
The paper also discusses some common threat scenarios, and provides mitigation guidance.
Below is a short video introducing the paper and a link to the paper.
The paper is here.
Read the paper if you’re building solutions for Windows Azure so you know the threats your application might face and you know the practices you should use to defend against those threats. Let us know what you think.
On a similar note, Warwick Ashford, a UK reporter, interviewed Steve Lipner for a podcast about the paper and Microsoft’s cloud security practices. In the podcast, Steve touches on the roles of assurance and the SDL, operational security, and certifications in providing a secure environment for hosting applications in the cloud.