Editor’s Note: Get Past the Security Crossroads in Your Cloud Migration
IT managers have come to an important crossroads. The promised benefits of moving an IT infrastructure to the cloud are starting to look very real. Yet, so are the concerns--mainly the loss of control and security.
By Mitch Irsfeld
When you delve deeply into the issues of security and control, it becomes obvious how intertwined they are. The need to manage risk and respond to threats is ingrained in an IT organization. Turning those responsibilities over to third parties goes against dearly-held and time-honored principles. But that’s exactly the leap of faith IT professionals are being asked to take if they move workloads to the cloud, or is it?
The good news (or bad news if you were anticipating a silver bullet) is that IT administrators will continue to play an active role in security and risk management, even when leveraging cloud services in a utility fashion. You’ll spend less time on maintenance and have more time to polish policies and best practices for the cloud platform in Windows Azure, which already has many security controls in place to keep your data confidential and available.
This edition of TechNet ON collects key guidance and resources to help you clear that major hurdle to realizing the many benefits of a cloud migration.
Guidance for Delivering a Secure Cloud Infrastructure
For starters, Windows Azure implements an array of security controls that customers can use to achieve their unique level of security. The Windows Azure Security Overview whitepaper describes these controls. Then see how Microsoft provides a trustworthy environment for its own cloud services in the executive strategy brief Securing the Cloud Infrastructure. The document describes Microsoft’s risk-based information security and privacy controls, and the compliance framework used.
For recommended approaches to security management for applications and services hosted on the Windows Azure platform, Joshua Hoffman’s Understanding Security Account Management in Windows Azurein TechNet Magazine covers best practices for creating and managing administrative accounts, how to use certificates for authentication, and how to handle transitions when employees enter or leave an organization.
And it’s not necessary to implement new tools to securely access cloud services. In the
TechNet Magazine article Secure Access to Your Cloud Services, Yuri Diogenes explains how Forefront Threat Management Gateway 2010 can assist your business to securely access cloud service while providing high availability services to on-premises users.
Windows Azure Security Resources
Microsoft has produced a wealth of new content in recent months to help both IT decision- makers and security administrators understand how to reduce risk, meet compliance requirements and implement security controls around their cloud environments. Get started with the Windows Azure Platform Security Essentials video series, part of the Security Talk series, these videos are broken into episodes for technical decision makers and business decision makers. Make sure to catch the Security Talk video, Delivering and Implementing a Secure Cloud Infrastructure, for a look at how Microsoft delivers a secure cloud computing infrastructure by implementing a special framework of processes and technologies.
Speaking of videos, TechNet Edge is hosting a two-part series titled Data Security in Azure. Part 1 covers the methods for securing of your Azure Storage accounts and data while moving it to the cloud. Part 2focuses on making your Azure Storage container and blob items URL-addressable in secure fashion.
For porting the UI of an existing application to Windows Azure, the TechNet Wiki has an article on lessons learned when Securing Silverlight applications with Claims-based authentication in Windows Azure.
And finally, for a rollup of new Windows Azure security content, check out Security Resources for Windows Azure on in the MSDN Library for lists of papers, articles, blogs, videos, and webcasts on the topic.
Thanks for reading,