Upload
vivekbhat
View
1.016
Download
1
Embed Size (px)
DESCRIPTION
Securing a public cloud infrastructure: Windows Azure
Citation preview
Source: Saugatuck Technology Inc., 2009 Cloud Infrastructure Survey (Julne09), WW N=670
Saugatuck Insight:
Saugatuck believes
that many users will
find that changes
required in internal
organization and
politics for moving
from dedicated to
shared resources
pose significant
challenges to the
adoption of Cloud
Computing.
Security Privacy
Reliability Business Practice
Questions
Is your service secure?
Are you ISO 27001
certified?
Jurisdiction?
Have you ever had a
service outage?
Do you have performance
SLA?
Do you have an incident response plan?
Do you have SAS Type II Report?
Do you provide 24*7 support?
Are you HIPAA compliant?
How do you ensure data
isolation?
Data retention?
location ownership control
10
Hybrid Public Private
SaaS Software as a Service
PaaS Platform as a Service
IaaS Infrastructure as a Service
Spoofing Tampering &
Disclosure
Port Scanning/
Service
Enumeration
Elevation of
Privilege
Load-balanced
Infrastructure
Network
bandwidth
throttling
Configurable
scale-out
Denial of
Service
Service Definition
file, Windows
Firewall, VM switch
packet filtering
VM switch
hardening
Certificate
Services
Shared-Access
Signatures
HTTPS
Sidechannel
protections
VLANs
Top of Rack
Switches
Custom packet
filtering
Partial Trust
Runtime
Hypervisor
custom
sandboxing
Virtual Service
Accounts
Windows Azure
Customer Tenant
Customer Admin Users
External Web Site
Physical Attacks
On Servers Central Admin
Windows Azure
Customer Tenant
Customer Admin Users
Physical Attacks On Servers
Windows Azure
Customer Tenant
Central Admin
Windows Azure
Customer Tenant
Customer Admin Users
Windows Azure
Customer Tenant
Users
Windows Azure
Customer Tenant
Customer Admin
Managed Code
Access Security:
partial trust
Windows Account:
running with least
privileges
Windows FW (VM):
rules based on service
model
Virtual Machine: fixed
CPU, memory, disk
resources Root Partition Packet
Filter: defense in
depth against VM
“jailbreaking”
Network ACLs: dedicated VLANS for tenant nodes
22
Hypervisor
Network/Disk
R
o
o
t
V
M
G
u
e
s
t
V
M
G
u
e
s
t
V
M
G
u
e
s
t
V
M
G
u
e
s
t
V
M
G
u
e
s
t
V
M
G
u
e
s
t
V
M
G
u
e
s
t
V
M
Service security starts with the data center
Data center within a data center
Motion sensors
24×7 secured access
Biometric controlled access systems
Video camera surveillance
Security breach alarms
World-Class Security
1 .Windows Azure Security Overview
2. TechNet Webcast - Windows Azure Security - A
Peek Under the Hood (Level 100)
3. MSDN Webcast - Security Talk - Using Windows
Azure Storage Securely (Level 200)
4. Securing Microsoft's Cloud Infrastructure