Editors Note: Cloud Database Security--It’s Similar, but Different

You’ll use some of the same methods to protect a SQL Azure cloud database installation as you do for SQL Server, but there are important differences when you move from a physical to logical environment.

By Mitch Irsfeld

Moving a database management system to the cloud, in whole or partially, necessarily alters the way you approach security, but you’ll quickly find out that securing a SQL Azure cloud database is similar to securing access and applications for SQL Server.

Since SQL Azure is a service, administration is slightly different. Unlike administration for an on-premise instance of SQL Server, SQL Azure abstracts the logical administration from the physical administration. While Microsoft administers and configures the physical hardware, you retain administration of the databases, logins, users, and roles. If you are already familiar with SQL Server, the Compare SQL Server with SQL Azure article on the TechNet Wiki will help you understand the differences.

In this TechNet Feature package, we look at the various features and techniques available to secure your SQL Azure installation. Josh Hoffman’s Securing SQL Azure in TechNet Magazine is great place to start. He takes you through the prerequisite process of setting up a Windows Azure account which provides access to Azure services like SQL Azure.

Hoffman also discusses network access control with the SQL Azure Firewall, the authentication method in SQL Azure and the connection encryption via TDS over an SSL connection.

The SQL Azure team goes into detail on all these topics, and to make it easy to find and move among topics, they have published their SQL Azure Security content to the TechNet Wiki. Starting out, your find that SQL Azure only supports encrypted connectionsand has two types of access control. As with any implementation of SQL Server, accounts are managed with SQL Authentication. And the SQL Azure Firewall restricts access by IP address. For more on these security methods, see the Overview of Security in SQL Azureand the Security Guidelines for SQL Azure.

When managing logins and users in a SQL Azure database, there are some restrictions. In his video demonstration How Do I: Configure SQL Azure Security?, Max Adams walks through the creation of logins, databases and users and how to view logins and databases from the master database.

Finally, some common-sense best practices can make your SQL Azure database applications less vulnerable to threats:

• Always use the latest updates and the most current version of tools and libraries;
• Block inbound connections on TCP port 1433: Only outbound connections on TCP port 1433 are needed for applications to communicate with SQL Azure Database, and;
• Use parameterized queries where possible to prevent SQL injection vulnerabilities

Thanks for reading,

Mitch

Mitch Irsfeld*, Editor of TechNet, is a veteran computer industry journalist and content developer who managed editorial staffs at several leading publications, including* InformationWeek, InternetWeek and CommunicationsWeek*. He is also an editor for* TechNet Magazine and managing editor of the TechNet Flash newsletter.