Now Available: Windows Azure Security Notes PDF

Windows Azure Security Notes (PDF) is a collection of our notes and learnings from exploring the cloud security space and working through Windows Azure security scenarios.   Note that this is not a guide and it’s not a Microsoft patterns & practices deliverable.  It’s simply a way to package up, hand-off, and share what we learned during the exploration stage of our patterns & practices Windows Azure Security Guidance project.

The key things you’ll want to explore in the notes are the various application scenarios, the cloud security threats and countermeasures, and the checklist.

Download

Contents at a Glance
Here is a quick look at the Windows Azure Security Notes:

  • Ch 1 - Our Cloud Security Approach
  • Ch 2 - Cloud Security Threats and Countermeasures
  • Ch 3 - Design Guidelines for Improving Cloud Security
  • Ch 4 - Choosing Web Application Security Architectures
  • Ch 5 - Web App Security Scenarios
  • Ch 6 - Choosing Web Services Security Architectures
  • Ch 7 - Web Services Security Scenarios
  • Ch 8 - Choosing Data Security Architectures
  • Ch 9 - Data Security Scenarios

Reference

  • Security Checklist for Cloud Applications
  • Visual Threats for Web Applications
  • Visual Threats for Web Services
  • Cheat Sheet - Web Application Security Threats and Countermeasures
  • Cheat Sheet - Web Services (SOAP) Security Threats and Countermeasures
  • Cheat Sheet - Web Services (REST) Security Threats and Countermeasures
  • Cheat Sheet - Data Security Threats and Countermeasures
  • How To - Use Forms Authentication with Azure Table Storage
  • How To - Use Forms Authentication with SQL Azure
  • How To - Enable SSL with a Self-Signed Certificate on Windows Azure

Acknowledgements
Many thanks to the following folks for sharing their time and expertise along the way:

  • External contributors and reviewers: Adam Grocholski; Andy Eunson; Bill Collette; Christopher Seary; Jason Taylor; John Daniels; Juval Lowy; Kevin Lam; Long Le; Michael Smith; Michael Stiefel; Michele Leroux Bustamante; Norman Headlam; Rockford Lhotka; Rudolph Araujo; Sarang Kulkarni; Steven Nagy; Terrance Snyder; Will Clevenger
  • Microsoft contributors and reviewers:  Akshay Aggarwal; Alik Levin; Andreas Fuchsberger; Babur Butter; Bharat Shyam; Dave Brankin; Danny Cohen; Diego Dagum; Don Willits; Eugenio Pace; Gabriel Morgan; Jeff Mueller; John Steer; Julian Gonzalez; Mark Curphey; Mohit Srivastava; Pat Filoteo; Rahul Verma; Raul Rojas; Scott Densmore; Sesha Mani; Serena Yeoh; Sriram Krishnan; Stefan Schackow; Steve Marx; Stuart Kwan; Terri Schmidt; Tobin Titus; Varun Sharma; Vidya Vrat Agarwal; Vikram Bhambri; Yale Li

Comments

  • Anonymous
    August 16, 2010
    A really useful introduction to security on Azure. I've been trying to pull together this info this past few months and this seems to have it all in one place. Fantastic document. T hanks.