There are very few organizations that apply as many security measures as Microsoft does for its Windows Azure service.
Listed below are some of the precautions Microsoft has implemented for Windows Azure to secure your applications and data:
For almost every organization, the datacenter is somewhere inside it. It’s not that hard for an intruder to find out the exact location. Microsoft keeps the information on the wherabouts of their datacenters strictly confidential.
In case someone finds out the location of a datacenter and tries to get in, they’ll face an extremely secured perimeter with fences, video surveillance, guards, and motion detectors. All these precautions make it extremely difficult, if not impossible, for someone to get in unauthorized.
Even though the external perimeter is secured, there has to be implemented measures to limit the access each individual working in the datacenter is granted. Biometric scanners make sure everyone goes only where they’re authorized to go.
In the unlikely event that someone actually gets unauthorized access to a server and plugs in, they won’t know which data is on which server. They will have very limited choices to do malicious activities.
The operating system of the servers hosting applications in Windows Azure is a stripped version of Windows Server 2008 R2, with only the services needed for hosting applications. This drastically reduces the attack surface for malicious users.
If someone actually gets access to a virtual machine that is hosting your application, they will not be able to interact with other virtual machines — even on the same hosting server – because of the implementation of the hypervisor that is running the virtual machines and its capability of completely isolating the virtual machines from each other.
Each virtual machine hosting your application has a built-in firewall that is completely closed by default, and you configure it to allow certain traffic to and from your application.
All of the Microsoft data centers are connected to the Internet over very big pipes that make it very hard for an intruder to attack the application using (Distributed) Denial of Service attacks.
The data your application is using is stored in three different physical locations by default, to avoid a single point of failure. Furthermore, you have the ability to replicate the data to your on-premise storage server, or even to a different datacenter.
Windows Azure allows you to implement SSL certificates in different places. There are Management certificates for the developers that are creating the application, and there are Application certificates that can be used between the clients and the application, or, between the application and the storage.
The Connect feature of Windows Azure allows you to connect your application to your on-premise Active Directory domain and use AD credentials for authentication in your application.
Stay tuned to Monitis blog posts for future articles on Windows Azure. We will show you how you can use Monitis to monitor the performance of your cloud applications as part of your overall IT infrastructure.