Microsoft releases a technical paper aimed at helping developers build more secure applications for the Microsoft Windows Azure cloud platform.
Microsoft has released a technical paper aimed at helping developers build
more secure applications for the Microsoft Windows Azure cloud platform.
In the new paper, titled "Security Best Practices for Developing
Windows Azure Applications," Microsoft explains how to use the security
defenses in Windows Azure as well as how to build more secure Windows Azure
applications.
Microsoft's Windows Azure security paper is available as of June 14 and
is targeted at application designers, architects, developers and testers. The
paper is based on the proven practices of Microsoft's Security Development
Lifecycle (SDL). Moreover, with the release of this paper, Microsoft is
working to share what it has learned and build on its commitment to create a
more trusted computing experience for everyone.
In a blog post on the issue, Michael Howard, principal security program
manager for Security Engineering at Microsoft, said: "Over the last few
months, a small cross-group team within Microsoft, including the SDL team, has
written a paper that explains how to use the security defenses in Windows Azure
as well as how to apply practices from the SDL to build more secure Windows
Azure solutions."
It is no surprise that issues related to the security of the cloud are
becoming increasingly important for businesses and consumers. As a result, it
is important that people delivering products to the cloud understand that they
must build applications with security in mind from the start, Howard said.
Specifically, the paper details proven practices for secure design,
development and deployment, including service-layer/application security
considerations; protections provided by the Azure platform and underlying
network infrastructure; and sample design patterns for
hardened/reduced-privilege services.
A summary of the Microsoft paper reads:
"This paper focuses on the security challenges and recommended
approaches to design and develop more secure applications for Microsoft's
Windows Azure platform. Microsoft Security Engineering Center (MSEC) and
Microsoft's Online Services Security & Compliance (OSSC) team have
partnered with the Windows Azure team to build on the same security principles
and processes that Microsoft has developed through years of experience managing
security risks in traditional development and operating environments."
A video about the paper is available here,
and the paper is available for download here.
Darryl K. Taft covers the development tools and developer-related issues beat from his office in Baltimore. He has more than 10 years of experience in the business and is always looking for the next scoop. Taft is a member of the Association for Computing Machinery (ACM) and was named 'one of the most active middleware reporters in the world' by The Middleware Co. He also has his own card in the 'Who's Who in Enterprise Java' deck.
Email
Print
