Bruce D. Kyle has posted a great series, “Windows Azure Security Best Practices” on the ISV Developer Community Blog, providing a look into how you can secure your application in Windows Azure. This seven-part series describes the threats, how you can respond, what processes you can put into place for the lifecycle of your application, and prescribed a way for you to implement best practices around the requirements of your application.
The seven posts are:
- Windows Azure Security Best Practices -- Part 1: The Challenges, Defense in Depth.
- Windows Azure Security Best Practices -- Part 2: What Azure Provides Out-of-the-Box.
- Windows Azure Security Best Practices – Part 3: Identifying Your Security Frame.
- Windows Azure Security Best Practices – Part 4: What Else You Need to Do.
- Windows Azure Security Best Practices – Part 5: Claims-Based Identity, Single Sign On.
- Windows Azure Security Best Practices – Part 6: How Azure Services Extends Your App Security.
- Windows Azure Security Best Practices – Part 7: Tips, Tools, Coding Best Practices.
In this series, Bruce also shows ways to incorporate user identity and some of services Windows Azure provides that will enable users to access cloud applications in new ways.
To help you understand the array of security controls implemented within Windows Azure from both the customer's and Microsoft operations' perspectives, please refer to the paper, “Windows Azure Security Overview” from the Global Foundation Services Online Security team. This paper provides a comprehensive look at the security available with Windows Azure, including a technical examination of the security functionality available, the people and processes that help make Windows Azure more secure, as well as a brief discussion about compliance.