Last Monday I presented on Windows Azure UK User Group a session about “Windows Azure Security & Compliance”. During that session I spoke about the base security elements that Windows Azure provides from an infrastructure standpoint and how important is to implement security also in our applications.
In order to pass this information to a broader audience I decided to create a series of 3 posts about this topic. Those 3 posts will be:
Introduction to Windows Azure Security
When we talk to someone about Cloud, generally the following Security concerns are shown:
- Where is my Data Located?
- Is my Cloud Provider secure?
- Who can see my Data?
- How can I make sure my data on the Cloud continue to follow “my company policies”?
- Can I have my Data back?
- Can I have compliant applications in the Cloud?
- Can I encrypt my data? Where do I store the keys?
Those are extremely important questions that need to be answered before moving forward. The best way to answer them is generally to work with the Cloud provider and also with a partner that can provide real work insights about those topics for the application that is being built. For a reference, please check also this Windows Azure Standard Response to Request for Information: Security and Privacy from Cloud Security Alliance – http://bit.ly/WASecurityPrivacy.
Security is Multi-Dimensional
Also important is to understand that Security is Multi-Dimensional, since we shouldn’t only look at how secure the Cloud provider infrastructure is. For example, the Cloud infrastructure can be secure but if our solution isn’t it will allow unsecure access to the data, thus making the complete solution insecure.
In order to have a solution completely secure, we need to think about the following perspectives:
- Human: How does people treat sensitive data?
- You can have a very secure infrastructure, encryption strategy, but if your users share your sensitive data by exporting it to excel and place them in unsecure locations, or even use unsecure passwords, the system is still at risk.
- Windows Azure can’t help here
- Data: DB Hardening, Cryptography, Permissions
- By hardening the DB and encrypting data, using least privileges accounts, and for example changing the default database ports, the security will be increased.
- Windows Azure can’t help here
- Application: Design and Implement Security Best Practices
- The application design and implementation is very important to make sure the application is secure. Making sure you use for example “Partial trust” in .NET development will definitely make the security a lot better. Also I recommend checking the Microsoft Security Development Lifecycle.
- Windows Azure can’t help a lot here, but it allows the ability to run the Cloud Services in Partial Trust which will improve security.
- Host: OS Hardening, Regular Patching
- Making sure the OS that is being used is correctly configured and is patched regularly is extremely important. I recommend whenever creating Windows environments to leverage the Microsoft Best Practices Analyzer.
- Handled by Windows Azure in Cloud Services (PaaS) but handled by the user in Virtual Machines (IaaS)
- Networking: Firewall, VLANS, Secure Channels, ...
- From an infrastructure best practices it is very important to make sure that Firewalls and VLANs are correctly configured, and also making sure that all communications are always correctly configured.
- Handled by Windows Azure internally. All communications inside Windows Azure are secure, from communications from the Host to the Guest machine in the infrastructure level.
- Physical: Who can access my servers?
- Who can handle our servers is always important. In Windows Azure, like in most Cloud providers, servers are very secure and access to then is highly restricted. More information can be found here.
Windows Azure Security Layers
In order to improve security Windows Azure provides the following security defenses for each layer:
|Layer ||Defenses |
|Data || |
- Strong storage keys for access control
- SSL support for data transfers between all parties
|Application || |
- Front-end .NET framework code running under partial trust
- Windows account with least privileges
|Host || |
- Stripped down version of Windows Server 2008 OS
- Host boundaries enforced by external hypervisor
|Network || |
- Host firewall limiting traffic to VMs
- VLANs and packet filters in routers
|Physical || |
- World-class physical security
- ISO 27001 and SAS 70 Type II certifications for datacenter processes
If we analyze the security layers in more detail we’ll see the following:
This means that Windows Azure provides several different layers which will improve the security of your application, and by using all the elements in the “onion” like graph, we’ll have a very secure system.
Defenses Inherited by Windows Azure Platform Applications
In addition, when thinking about security one very important analysis to do is how the application handles the STRIDE Model.
This is a quick overview of what is done/enabled by Windows Azure in each area of the STRIDE model.
Penetration Testing in Windows Azure
Microsoft conducts regular penetration testing to improve Windows Azure security controls and processes. Also, customers can execute Penetration Testing in Windows Azure, and will required to get previous authorization from Microsoft through filling out a Penetration Testing Approval Form (http://bit.ly/WAPenTesting) and contacting Support.
Windows Azure is secure, and if we think about most data centers used by companies today, we’ll see that Windows Azure and even other Cloud providers are a lot more secure. Having said that, the infrastructure can be secure but our application is only as secure as the combination of Infrastructure and Application, and so only if the application is built in a very secure way we will be able to say “Our application is Secure”.
I would recommend to look at the following resources in order to understand more about Windows Azure Security: