Every time I talk to developers about migrating applications to the cloud, there are two major issues around.
first is business. What economies of scale can be brought about by migrating applications to the cloud? Then there is the security issue. "How secure is the cloud, especially Windows Azure?" What advantages can Windows Azure offer? What do I need to do to keep the application secure? ”
There is also a tacit question: "How do I make the user experience of the cloud as smooth as using an internal deployment application?" ”
As ISVs, we want to provide authorized users, customers, and systems with the ability to use any technology to access the data they need anytime, anywhere, while meeting the basic security requirements for confidentiality, availability, and integrity.
And just as important, we want to keep the bad guys away from the data.
This article is the first in a number of articles on software design challenges, and is designed to show how people with access can access the software smoothly while preventing unauthorized access.
This series of articles is designed to provide you with more background information that enables you to write an ideal application for the public cloud.
Threat
First I will briefly summarize these challenges. Your application faces a variety of threats, similar to the threats that you can expect from your internal deployment applications. But for internal deployment applications, some of the key threats are mitigated because they run behind a firewall.
When migrating to the Windows Azure cloud, some threats are raised and others are reduced. Mitigating these threats becomes a deeper collaboration than when you deploy your own applications. When you deploy your application on your own server, you control the physical access to the server, the operating system, patches, and how users access them, and so on. However, the responsibility for maintaining the infrastructure, ensuring that backups are performed, and configuring the load balancer is compounded.
But when working with Microsoft, the Global infrastructure services team can respond to a variety of customer requirements and assume some of the responsibilities associated with your application's security.
This is similar to the distinction between the infrastructure that you are responsible for infrastructure, the service (IaaS), and the platform for the Microsoft shared infrastructure, the services (PaaS).
In both environments, you need to consider seven attack vectors.
The account administrator who manages the application. How do I deploy, update, and data access applications? Who has access rights and how to authenticate access? Management Center for Managed services. How, when, where, and what tools do you use to monitor custodian administrators and who has access to managed services? How do I physically access the server? Is it under the desk? Is there armed protection measures? Who can touch the server and who has physical access to these devices? What data can the user access and how do you provide the data to these users? What data does the user have permission to view? How can customers attack Windows Azure from within an application? How does the customer jailbreak the system and damage the system? What happens when customers use Azure to attack other sites?
Even if you migrate applications to the cloud, traditional threats still exist. For example, you still need to guard against Cross-site scripting attacks (XSS) and code injection attacks. The provider needs to guard against DNS attacks and network congestion issues.
Some threats extend further, such as data privacy that you need to consider. You need to know where data is stored and data isolated, especially in a multi-tenant environment. You also need to process access permissions.
The nature of cloud service providers poses new threats. For example:
New Privilege escalation attacks (VM to host or VM to VM) VM boundary hijacking (Rootkit attack on host or VM)
However, some old threats have been mitigated by patching automation and instance migration to security systems. In addition, cloud recovery capabilities improve failover.
In the next few articles in this series, I'll describe how you can protect your data, describe the features that Windows Azure provides, and provide basic reference materials for you to see more detailed information.
Deep defense
The online service security and Compliance (OSSC) team is responsible for managing the security of the Microsoft cloud infrastructure, which is subordinate to the global infrastructure services sector. Ensure that Microsoft Cloud security demonstrates how to continuously improve the security of the Microsoft Cloud environment by strategically coordinating the application of people, processes, technology, and experience.
Using a defense-in-depth approach is a fundamental element of Microsoft's trusted cloud infrastructure. Applying controls across multiple tiers involves the adoption of protection mechanisms, the development of risk mitigation strategies, and the ability to respond to attacks as they occur.
Physical security
The use of technical systems to automate access and authentication for certain safeguards is one manifestation of the change in physical security as security technology progresses.
OSSC is responsible for managing the physical security of all Microsoft data centers, which is critical to maintaining facility operations and protecting customer data. Each facility uses established and precise procedures for security design and operation. Microsoft ensures that perimeter and internal security mechanisms are in place by continually increasing access control at each perimeter.
Data security
Microsoft applies multiple layers of security to data center devices and network connections as needed. For example, security controls are used in the control plane and the management plane. Specialized hardware, such as load balancers, firewalls, and intrusion prevention devices, is equipped to manage traffic-based denial of service (DoS) attacks. The network management team sets up a hierarchical access control list (ACL) for virtual local area networks (VLANs) and applications that are divided into several parts as needed. With network hardware, Microsoft uses the Application Gateway feature to perform deep packet checks and take appropriate measures such as sending suspicious network traffic alerts or intercepting suspicious network traffic.
The Microsoft cloud environment is equipped with a global redundancy internal and external DNS infrastructure. Redundancy provides fault tolerance and is implemented through a cluster of DNS servers.
Identity authentication and access management
Microsoft uses the "need to know" and "least privilege" model to manage access to assets. If feasible, role-based access control is used to assign logical access to specific job functions or areas of responsibility (rather than individuals). These policies stipulate that access is denied by default if the asset owner does not explicitly grant access in accordance with the established business requirements.
Application Security
The rigorous security practices employed by the Microsoft development team formally formed a process called the Security Development Lifecycle (SDL) in 2004.
Reference
For more information, visit the Global basic services online security. The Global Infrastructure Services team provides trusted online services that provide you with a competitive advantage over Microsoft Windows Azure.