SlideShare uma empresa Scribd logo

Security on Windows Azure

Transferir como PPTX, PDF
Haddy El-Haggan
Haddy El-Haggan

A brief introduction about the security on Windows Azure, Microsoft public cloud solution for the platform and the infrastructure.

Tecnologia
1 de 31
Security on Microsoft Cloud Solutions Haddy El-Haggan Microsoft Student Partner Founder of Azure Community in Egypt
Security on Microsoft Cloud Solutions • Overview on Windows Azure • Security Overview • Data Security on Windows Azure • Network Security • Identity On Azure
Windows Azure • Cloud Computing is a new Concept of the Best utilization of the Data Center • Cloud Computing is based on Virtualization • Cloud Computing is mainly composed of 3 layers • Infrastructure as a Service (IaaS) • Platform as a Service (Paas) • Software as a Service (SaaS
Windows Azure (cont.) • Windows Azure is Microsoft Cloud Solutions • Windows Azure is composed of 3 main Nodes: – Compute – Storage (Windows Azure Storage, AppFabrics Caching and SQL Azure) – Fabrics (to enable communication between different applications hosted on Azure or even on premises)
Benefits • High Availability • High Scalability • Pay as you go • Best utilization of the hardware resources available • Focus on your business rather than the IT infrastructure • Flexibility to access your data
ONE OF THE BIGGEST CONCERN IS ALWAYS ABOUT THE SECURITY AND HOW ARE MY DATA SECURE ON THE CLOUD?
Platform (as a Service) Managedbyvendor Youmanage Storage Servers Networking O/S Middleware Virtualization Applications Runtime Data
Microsoft Cloud Solution Security Overview • Developers and users must know the responsibilities the share with the Cloud Provider • These are the main layers of security for any Cloud Provider: – Human – Data – Application – Host – Network – Physical
Microsoft Cloud Solution Security Overview (Cont.) • The “human” and “Data” layers are the users’ responsibility and how they manage their data and its permissions (more information about the data n Azure to be followed) • The “Application Layer” depend on the developer and the security used on it • Authentication • Input validation …. • Recommend to develop using SDL (security development lifecycle) designed for windows Vista, Windows 7 and windows Azure
Microsoft Cloud Solution Security Overview • “Host” Layer, Windows Azure is hosted on Windows Server 2008 Hyper-V • Windows Azure doesn’t depend on Windows Server 2008 hypervisor , it has its own hypervisor where the roles and the VM are hosted and isolated • Host has 2 main jobs: – Isolation (every role runs on its own VM) – Hardening (regular Security Updates)
Microsoft Cloud Solution Security Overview • Some Firewall can be configured by the service owner and some are controlled by the fabric controller • “Network” Layer, Windows Azure traffic through several firewall • Guest VM • Host VM • SQL Azure VM
THERE IS NO ENCRYPTION ON WINDOWS AZURE
Data Security on Azure • Windows Azure Compute and Windows Azure Storage are 2 different things each of them is hosted on different hardware resources • In the Storage Architecture the top layer validates, authenticates, and authorizes requests, routing them to the partition layer and data layer where the data exists • Protect against Data Loss, there are always three replicates of your data whatever happens • Isolation: all your data are isolated from the others by 2 ways: – Logically – Physically • Each type of storage has its own way of access depending on the developer • NO DATA ARE ACCESSIBLE BY THE PUBLIC EXCEPT THE PUBLIC BLOB
Data Security on Azure • Isolation: all your data are isolated from the others by 2 ways: – Logically – Physically • Each type of storage has its own way of access depending on the developer • NO DATA ARE ACCESSIBLE BY THE PUBLIC EXCEPT THE PUBLIC BLOB
Secure Networking • Network Architecture: – In Azure there are mainly 4 types of Nodes: • Fabric Controller Node (Azure Kernel) • Storage Node • Compute Node • Other infrastructure Node – In the FC Networking there are 3 types of isolated networks: • Main VLAN (all untrusted customer nodes) • FC VLAN (trusted FC networks) • Device VLAN (contains trusted networks an other infrastructure devices)
Secure Networking • No communication is possible between the VLANs without passing through a router for preventing faking traffic and eavesdropping on other traffic • The communication is permitted from the FC VLAN or the Device VLAN to the main VLAN but not initiated from the main VLAN
Secure Networking • Azure has the largest internet connections in the industry • It is unlikely that someone can cut azure out of public by producing enough malicious traffic • If your application on azure is attacked, azure will create several compute instances to maintain your application until the attack passes • Microsoft is considering ways to identify malicious traffic and block it as it enters the Azure Fabric, but this sort of protection has not yet been deployed.
Identity On Azure • To gain access to your application on the Cloud you have to pass few steps: – Authentication – Authorization – Monitoring and logging (track users and log their operations) • Windows Azure support several identity technology – Active Directory – Open ID – SQL Server – WIF
Identity On Azure • Windows Azure supports 2 types of identity in the Cloud: – Role based – Claim Based • Role based is using Username and password • Claim based is using Token containing a collection of Claims
Identity On Azure: Role based authorization • It can be used by SQL Azure, Azure Connect andASP.NET membership provider • You only use the username and the password and the rest are kept in the identity store • Simple, easy to use and possible to implement Domain join
Identity on Azure: Azure Connect • Azure connect support domain join of windows azure roles to on premises Active Directory
Identity on Azure : Claim Based • Claim is a piece of information • Token is a collection of Claims and are signed • Security Token Service map the credentials to the token • Application is provide with all the identity information needed • The management of the identity is not the application responsibility • Integration between several identity providers • Less infrastructure code
Identity On Azure: AppFabric Access Control • Enable the developer of using claim based authorization from enterprises like active directory, SQL Server • Also enable the usage of the other identity provider like live ID, Facebook, Google and Yahoo.
Azure Community in Egypt • Twitter: Azurecomeg • E-Mail: azureeg@hotmail.com
Contacts • Twitter: @Hhaggan • Email: h.haggan@hotmail.com • Blog: http://hhaggan.wordpress.com/
Security on Windows Azure

Recomendados

Importance of Azure infrastructure?-Microsoft Azure security infrastructure
Importance of Azure infrastructure?-Microsoft Azure security infrastructure Importance of Azure infrastructure?-Microsoft Azure security infrastructure
Importance of Azure infrastructure?-Microsoft Azure security infrastructureZabeel Institute
 
Cloudbrew 2019 - Azure Security
Cloudbrew 2019 - Azure SecurityCloudbrew 2019 - Azure Security
Cloudbrew 2019 - Azure SecurityTom Janetscheck
 
What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure security What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure securityZabeel Institute
 
Microsoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure
 
How Secure is Azure?
How Secure is Azure?How Secure is Azure?
How Secure is Azure?Lai Yoong Seng
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityBruno Capuano
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security FundamentalsLorenzo Barbieri
 
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...Microsoft Private Cloud
 

Recomendados

Importance of Azure infrastructure?-Microsoft Azure security infrastructure
Importance of Azure infrastructure?-Microsoft Azure security infrastructure Importance of Azure infrastructure?-Microsoft Azure security infrastructure
Importance of Azure infrastructure?-Microsoft Azure security infrastructureZabeel Institute
 
Cloudbrew 2019 - Azure Security
Cloudbrew 2019 - Azure SecurityCloudbrew 2019 - Azure Security
Cloudbrew 2019 - Azure SecurityTom Janetscheck
 
What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure security What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure securityZabeel Institute
 
Microsoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure
 
How Secure is Azure?
How Secure is Azure?How Secure is Azure?
How Secure is Azure?Lai Yoong Seng
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityBruno Capuano
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security FundamentalsLorenzo Barbieri
 
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...
Microsoft Windows Azure - Security Best Practices for Developing Windows Azur...Microsoft Private Cloud
 
Azure for beginners series session 4
Azure for beginners series session 4Azure for beginners series session 4
Azure for beginners series session 4Lalit Rawat
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterScott Hoag
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security CenterCheah Eng Soon
 
What is Microsoft Azure security technologies?-Microsoft Azure security techn...
What is Microsoft Azure security technologies?-Microsoft Azure security techn...What is Microsoft Azure security technologies?-Microsoft Azure security techn...
What is Microsoft Azure security technologies?-Microsoft Azure security techn...Zabeel Institute
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Cloud Security Introduction
Cloud Security IntroductionCloud Security Introduction
Cloud Security IntroductionGLC Networks
 
Access Security - Privileged Identity Management
Access Security - Privileged Identity ManagementAccess Security - Privileged Identity Management
Access Security - Privileged Identity ManagementEng Teong Cheah
 
Msft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksMsft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksAkram Qureshi
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityHari Kumar
 
CSF18 - Securing the Cloud - Karim El-Melhaoui
CSF18 - Securing the Cloud - Karim El-MelhaouiCSF18 - Securing the Cloud - Karim El-Melhaoui
CSF18 - Securing the Cloud - Karim El-MelhaouiNCCOMMS
 
Compute Security - Host Security
Compute Security - Host SecurityCompute Security - Host Security
Compute Security - Host SecurityEng Teong Cheah
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Microsoft Österreich
 
Assessing security of your Active Directory
Assessing security of your Active DirectoryAssessing security of your Active Directory
Assessing security of your Active DirectoryAldo Elam Majiah
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewAlert Logic
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security IssuesHTS Hosting
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich
 
The Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCThe Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCPatrick Sklodowski
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Community
 
Azure security infographic 2014 sec
Azure security infographic 2014 secAzure security infographic 2014 sec
Azure security infographic 2014 secKesavan Munuswamy
 
Cloud Computing Security Issues
Cloud Computing Security Issues Cloud Computing Security Issues
Cloud Computing Security Issues Discover Cloud Computing
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security pptVenkatesh Chary
 

Mais conteúdo relacionado

Mais procurados

Azure for beginners series session 4
Azure for beginners series session 4Azure for beginners series session 4
Azure for beginners series session 4Lalit Rawat
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterScott Hoag
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security CenterCheah Eng Soon
 
What is Microsoft Azure security technologies?-Microsoft Azure security techn...
What is Microsoft Azure security technologies?-Microsoft Azure security techn...What is Microsoft Azure security technologies?-Microsoft Azure security techn...
What is Microsoft Azure security technologies?-Microsoft Azure security techn...Zabeel Institute
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Cloud Security Introduction
Cloud Security IntroductionCloud Security Introduction
Cloud Security IntroductionGLC Networks
 
Access Security - Privileged Identity Management
Access Security - Privileged Identity ManagementAccess Security - Privileged Identity Management
Access Security - Privileged Identity ManagementEng Teong Cheah
 
Msft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksMsft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksAkram Qureshi
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityHari Kumar
 
CSF18 - Securing the Cloud - Karim El-Melhaoui
CSF18 - Securing the Cloud - Karim El-MelhaouiCSF18 - Securing the Cloud - Karim El-Melhaoui
CSF18 - Securing the Cloud - Karim El-MelhaouiNCCOMMS
 
Compute Security - Host Security
Compute Security - Host SecurityCompute Security - Host Security
Compute Security - Host SecurityEng Teong Cheah
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Microsoft Österreich
 
Assessing security of your Active Directory
Assessing security of your Active DirectoryAssessing security of your Active Directory
Assessing security of your Active DirectoryAldo Elam Majiah
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewAlert Logic
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security IssuesHTS Hosting
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich
 
The Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCThe Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCPatrick Sklodowski
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Community
 
Azure security infographic 2014 sec
Azure security infographic 2014 secAzure security infographic 2014 sec
Azure security infographic 2014 secKesavan Munuswamy
 

Mais procurados (20)

Azure for beginners series session 4
Azure for beginners series session 4Azure for beginners series session 4
Azure for beginners series session 4
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security Center
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
 
What is Microsoft Azure security technologies?-Microsoft Azure security techn...
What is Microsoft Azure security technologies?-Microsoft Azure security techn...What is Microsoft Azure security technologies?-Microsoft Azure security techn...
What is Microsoft Azure security technologies?-Microsoft Azure security techn...
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
Cloud Security Introduction
Cloud Security IntroductionCloud Security Introduction
Cloud Security Introduction
 
Access Security - Privileged Identity Management
Access Security - Privileged Identity ManagementAccess Security - Privileged Identity Management
Access Security - Privileged Identity Management
 
Msft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksMsft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacks
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls Security
 
CSF18 - Securing the Cloud - Karim El-Melhaoui
CSF18 - Securing the Cloud - Karim El-MelhaouiCSF18 - Securing the Cloud - Karim El-Melhaoui
CSF18 - Securing the Cloud - Karim El-Melhaoui
 
Compute Security - Host Security
Compute Security - Host SecurityCompute Security - Host Security
Compute Security - Host Security
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...
 
Assessing security of your Active Directory
Assessing security of your Active DirectoryAssessing security of your Active Directory
Assessing security of your Active Directory
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security Issues
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
 
The Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYCThe Share Responsibility Model of Cloud Computing - ILTA NYC
The Share Responsibility Model of Cloud Computing - ILTA NYC
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
 
Azure security infographic 2014 sec
Azure security infographic 2014 secAzure security infographic 2014 sec
Azure security infographic 2014 sec
 

Destaque

UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...Vincent Giersch
 
Sgx alumni event 31 may 2013
Sgx alumni event 31 may 2013Sgx alumni event 31 may 2013
Sgx alumni event 31 may 2013Sim Shawn
 
Sgx @ centre & vista
Sgx @ centre & vistaSgx @ centre & vista
Sgx @ centre & vistaSim Shawn
 
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Jan Ketil Skanke
 
Intel Trusted eXecution Technology
Intel Trusted eXecution TechnologyIntel Trusted eXecution Technology
Intel Trusted eXecution TechnologyBibhu Biswal
 
Eamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E CommerceEamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E CommerceEamonnORagh
 
Window Security Solutions Presentation
Window Security Solutions PresentationWindow Security Solutions Presentation
Window Security Solutions Presentationvickylysons
 
Cloud Security with LibVMI
Cloud Security with LibVMICloud Security with LibVMI
Cloud Security with LibVMITamas K Lengyel
 
Cloud security design considerations
Cloud security design considerationsCloud security design considerations
Cloud security design considerationsMike Kavis
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source SecuritySander Temme
 
#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the CloudAlert Logic
 
Report of Advance car security system major project
Report of Advance car security system major projectReport of Advance car security system major project
Report of Advance car security system major projectAmi Goswami
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Pushpa
 
Secure Cloud - Secure Big Data Processing in Untrusted Clouds
Secure Cloud - Secure Big Data Processing in Untrusted CloudsSecure Cloud - Secure Big Data Processing in Untrusted Clouds
Secure Cloud - Secure Big Data Processing in Untrusted CloudsEUBrasilCloudFORUM .
 
Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Titas Ahmed
 

Destaque (20)

Cloud Computing Security Issues
Cloud Computing Security Issues Cloud Computing Security Issues
Cloud Computing Security Issues
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
 
Sgx alumni event 31 may 2013
Sgx alumni event 31 may 2013Sgx alumni event 31 may 2013
Sgx alumni event 31 may 2013
 
Integrated mca cloud technology & information security
Integrated mca cloud technology & information securityIntegrated mca cloud technology & information security
Integrated mca cloud technology & information security
 
Sgx @ centre & vista
Sgx @ centre & vistaSgx @ centre & vista
Sgx @ centre & vista
 
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015
 
Intel Trusted eXecution Technology
Intel Trusted eXecution TechnologyIntel Trusted eXecution Technology
Intel Trusted eXecution Technology
 
Eamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E CommerceEamonn O Raghallaigh The Major Security Issues In E Commerce
Eamonn O Raghallaigh The Major Security Issues In E Commerce
 
Window Security Solutions Presentation
Window Security Solutions PresentationWindow Security Solutions Presentation
Window Security Solutions Presentation
 
Cloud Security with LibVMI
Cloud Security with LibVMICloud Security with LibVMI
Cloud Security with LibVMI
 
Cloud security design considerations
Cloud security design considerationsCloud security design considerations
Cloud security design considerations
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Security
 
#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud
 
Privacy and E-Commerce
Privacy and E-CommercePrivacy and E-Commerce
Privacy and E-Commerce
 
Report of Advance car security system major project
Report of Advance car security system major projectReport of Advance car security system major project
Report of Advance car security system major project
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
 
Secure Cloud - Secure Big Data Processing in Untrusted Clouds
Secure Cloud - Secure Big Data Processing in Untrusted CloudsSecure Cloud - Secure Big Data Processing in Untrusted Clouds
Secure Cloud - Secure Big Data Processing in Untrusted Clouds
 
SecureCloud Project
SecureCloud ProjectSecureCloud Project
SecureCloud Project
 
Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce Privacy and Security Issues in E-Commerce
Privacy and Security Issues in E-Commerce
 

Semelhante a Security on Windows Azure

Cloud computing & windows azure intro
Cloud computing & windows azure introCloud computing & windows azure intro
Cloud computing & windows azure introHaddy El-Haggan
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-securityober64
 
Tokyo azure meetup #8 azure update, august
Tokyo azure meetup #8 azure update, augustTokyo azure meetup #8 azure update, august
Tokyo azure meetup #8 azure update, augustTokyo Azure Meetup
 
Tokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, AugustTokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, AugustKanio Dimitrov
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataAidan Finn
 
Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...EC-Council
 
Az 104 session 8 azure monitoring
Az 104 session 8 azure monitoringAz 104 session 8 azure monitoring
Az 104 session 8 azure monitoringAzureEzy1
 
Azure Stack - Azure Nights User Group
Azure Stack - Azure Nights User GroupAzure Stack - Azure Nights User Group
Azure Stack - Azure Nights User GroupMichael Frank
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersTobias Koprowski
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - OverviewSai Kesavamatham
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudAlert Logic
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsBizTalk360
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Akash Mahajan
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24
 
Introduction to Windows Azure
Introduction to Windows AzureIntroduction to Windows Azure
Introduction to Windows AzureRavi Ranjan Karn
 
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)Codit
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultTom Kerkhove
 
Azure Fundamentals Part 2
Azure Fundamentals Part 2Azure Fundamentals Part 2
Azure Fundamentals Part 2CCG
 

Semelhante a Security on Windows Azure (20)

Cloud computing & windows azure intro
Cloud computing & windows azure introCloud computing & windows azure intro
Cloud computing & windows azure intro
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-security
 
Tokyo azure meetup #8 azure update, august
Tokyo azure meetup #8 azure update, augustTokyo azure meetup #8 azure update, august
Tokyo azure meetup #8 azure update, august
 
Tokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, AugustTokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, August
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And Data
 
Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...
 
Az 104 session 8 azure monitoring
Az 104 session 8 azure monitoringAz 104 session 8 azure monitoring
Az 104 session 8 azure monitoring
 
Azure Stack - Azure Nights User Group
Azure Stack - Azure Nights User GroupAzure Stack - Azure Nights User Group
Azure Stack - Azure Nights User Group
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginners
 
AWS Security Architecture - Overview
AWS Security Architecture - OverviewAWS Security Architecture - Overview
AWS Security Architecture - Overview
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s Assets
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
 
Introduction to Windows Azure
Introduction to Windows AzureIntroduction to Windows Azure
Introduction to Windows Azure
 
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
 
Azure Fundamentals Part 2
Azure Fundamentals Part 2Azure Fundamentals Part 2
Azure Fundamentals Part 2
 
W982 05092004
W982 05092004W982 05092004
W982 05092004
 

Último

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 

Último (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 

Security on Windows Azure

  • 1.
  • 2. Security on Microsoft Cloud Solutions Haddy El-Haggan Microsoft Student Partner Founder of Azure Community in Egypt
  • 3. Security on Microsoft Cloud Solutions • Overview on Windows Azure • Security Overview • Data Security on Windows Azure • Network Security • Identity On Azure
  • 4. Windows Azure • Cloud Computing is a new Concept of the Best utilization of the Data Center • Cloud Computing is based on Virtualization • Cloud Computing is mainly composed of 3 layers • Infrastructure as a Service (IaaS) • Platform as a Service (Paas) • Software as a Service (SaaS
  • 5. Windows Azure (cont.) • Windows Azure is Microsoft Cloud Solutions • Windows Azure is composed of 3 main Nodes: – Compute – Storage (Windows Azure Storage, AppFabrics Caching and SQL Azure) – Fabrics (to enable communication between different applications hosted on Azure or even on premises)
  • 6. Benefits • High Availability • High Scalability • Pay as you go • Best utilization of the hardware resources available • Focus on your business rather than the IT infrastructure • Flexibility to access your data
  • 7. ONE OF THE BIGGEST CONCERN IS ALWAYS ABOUT THE SECURITY AND HOW ARE MY DATA SECURE ON THE CLOUD?
  • 9. Microsoft Cloud Solution Security Overview • Developers and users must know the responsibilities the share with the Cloud Provider • These are the main layers of security for any Cloud Provider: – Human – Data – Application – Host – Network – Physical
  • 10. Microsoft Cloud Solution Security Overview (Cont.) • The “human” and “Data” layers are the users’ responsibility and how they manage their data and its permissions (more information about the data n Azure to be followed) • The “Application Layer” depend on the developer and the security used on it • Authentication • Input validation …. • Recommend to develop using SDL (security development lifecycle) designed for windows Vista, Windows 7 and windows Azure
  • 11.
  • 12.
  • 13. Microsoft Cloud Solution Security Overview • “Host” Layer, Windows Azure is hosted on Windows Server 2008 Hyper-V • Windows Azure doesn’t depend on Windows Server 2008 hypervisor , it has its own hypervisor where the roles and the VM are hosted and isolated • Host has 2 main jobs: – Isolation (every role runs on its own VM) – Hardening (regular Security Updates)
  • 14. Microsoft Cloud Solution Security Overview • Some Firewall can be configured by the service owner and some are controlled by the fabric controller • “Network” Layer, Windows Azure traffic through several firewall • Guest VM • Host VM • SQL Azure VM
  • 15.
  • 16. THERE IS NO ENCRYPTION ON WINDOWS AZURE
  • 17. Data Security on Azure • Windows Azure Compute and Windows Azure Storage are 2 different things each of them is hosted on different hardware resources • In the Storage Architecture the top layer validates, authenticates, and authorizes requests, routing them to the partition layer and data layer where the data exists • Protect against Data Loss, there are always three replicates of your data whatever happens • Isolation: all your data are isolated from the others by 2 ways: – Logically – Physically • Each type of storage has its own way of access depending on the developer • NO DATA ARE ACCESSIBLE BY THE PUBLIC EXCEPT THE PUBLIC BLOB
  • 18. Data Security on Azure • Isolation: all your data are isolated from the others by 2 ways: – Logically – Physically • Each type of storage has its own way of access depending on the developer • NO DATA ARE ACCESSIBLE BY THE PUBLIC EXCEPT THE PUBLIC BLOB
  • 19. Secure Networking • Network Architecture: – In Azure there are mainly 4 types of Nodes: • Fabric Controller Node (Azure Kernel) • Storage Node • Compute Node • Other infrastructure Node – In the FC Networking there are 3 types of isolated networks: • Main VLAN (all untrusted customer nodes) • FC VLAN (trusted FC networks) • Device VLAN (contains trusted networks an other infrastructure devices)
  • 20. Secure Networking • No communication is possible between the VLANs without passing through a router for preventing faking traffic and eavesdropping on other traffic • The communication is permitted from the FC VLAN or the Device VLAN to the main VLAN but not initiated from the main VLAN
  • 21. Secure Networking • Azure has the largest internet connections in the industry • It is unlikely that someone can cut azure out of public by producing enough malicious traffic • If your application on azure is attacked, azure will create several compute instances to maintain your application until the attack passes • Microsoft is considering ways to identify malicious traffic and block it as it enters the Azure Fabric, but this sort of protection has not yet been deployed.
  • 22. Identity On Azure • To gain access to your application on the Cloud you have to pass few steps: – Authentication – Authorization – Monitoring and logging (track users and log their operations) • Windows Azure support several identity technology – Active Directory – Open ID – SQL Server – WIF
  • 23. Identity On Azure • Windows Azure supports 2 types of identity in the Cloud: – Role based – Claim Based • Role based is using Username and password • Claim based is using Token containing a collection of Claims
  • 24. Identity On Azure: Role based authorization • It can be used by SQL Azure, Azure Connect andASP.NET membership provider • You only use the username and the password and the rest are kept in the identity store • Simple, easy to use and possible to implement Domain join
  • 25. Identity on Azure: Azure Connect • Azure connect support domain join of windows azure roles to on premises Active Directory
  • 26. Identity on Azure : Claim Based • Claim is a piece of information • Token is a collection of Claims and are signed • Security Token Service map the credentials to the token • Application is provide with all the identity information needed • The management of the identity is not the application responsibility • Integration between several identity providers • Less infrastructure code
  • 27.
  • 28. Identity On Azure: AppFabric Access Control • Enable the developer of using claim based authorization from enterprises like active directory, SQL Server • Also enable the usage of the other identity provider like live ID, Facebook, Google and Yahoo.
  • 29. Azure Community in Egypt • Twitter: Azurecomeg • E-Mail: azureeg@hotmail.com
  • 30. Contacts • Twitter: @Hhaggan • Email: h.haggan@hotmail.com • Blog: http://hhaggan.wordpress.com/