New Paper: Security Best Practices For Developing Windows Azure Applications

Hi Michael here.

Over the last few months, a small cross-group team within Microsoft, including the SDL team, has written a paper that explains how to use the security defenses in Windows Azure as well as how to apply practices from the SDL to build more secure Windows Azure solutions.

We wrote this paper because no matter how many defenses we add to Windows Azure, it is important that people building software or hosting services in “The Cloud” understand that they must also build software with security in mind from the start.

The paper also discusses some common threat scenarios, and provides mitigation guidance.

Below is a short video introducing the paper and a link to the paper.

 (Please visit the site to view this video)

The paper is here.

Read the paper if you’re building solutions for Windows Azure so you know the threats your application might face and you know the practices you should use to defend against those threats. Let us know what you think.

On a similar note, Warwick Ashford, a UK reporter, interviewed Steve Lipner for a podcast about the paper and Microsoft’s cloud security practices. In the podcast, Steve touches on the roles of assurance and the SDL, operational security, and certifications in providing a secure environment for hosting applications in the cloud.

About the Author
Michael Howard

Principal Security Program Manager

Michael Howard is a principal security program manager on the Trustworthy Computing (TwC) Security team at Microsoft, where he is responsible for managing secure design, programming, and testing techniques across the company. Michael is an architect of the Security Development Read more »

Join the conversation

  1. Anonymous

    Anyone else getting an error when trying to download and open the paper?

Comments are closed.