Cloud Zone is brought to you in partnership with:

Michael Collier serves as a Principal Cloud Architect for Aditi, a Microsoft NSI partner that focuses on cloud computing. . He is honored to be one of the first Windows Azure MVPs awarded by Microsoft and is a 2012 Windows Azure MVP of the Year for his extraordinary community contributions. Michael has had a successful 12-year career at various consulting and technology firms where he was instrumental in leading and developing solutions for a wide range of clients. He has a vast amount of experience in helping companies determine the best strategy for adopting cloud computing, and providing the insight, and hands-on experience to ensure they’re successful. Michael is also a respected technology community leader, and can often be found sharing his Windows Azure insights and experiences at regional and national conferences. Follow Michael’s experiences with Windows Azure on his blog at and on Twitter at @MichaelCollier Michael is a DZone MVB and is not an employee of DZone and has posted 24 posts at DZone. You can read more from them at their website. View Full User Profile

Gain a Better Understanding of Windows Azure Security

  • submit to reddit

Whenever I talk with clients about Windows Azure or lead a training class on Windows Azure security is always one of the first, and most passionate, topics discussed.  People want, even need, to feel comfortable that the data and application logic is going to be safe when they give up physical control of that data or logic (the “secret sauce”).  When it comes to cloud computing, there is a lot of FUD about security.  In order to feel comfortable and knowledgeable about the security aspects of Windows Azure, it’s important to spend some time educating yourself on the security aspects of the platform.

Microsoft has recently published several great resources for learning more about Windows Azure security.  The first place I’d recommend checking out is the Windows Azure Trust Center.  The Windows Azure Trust Center provides security, compliance, trust, and FAQs related to Windows Azure.  This should provide the current answers and information on security for Windows Azure.  There is a lot of guidance and whitepapers here related to security of the Windows Azure datacenters, the platform itself, and developing secure applications on Windows Azure.

The Cloud Security Alliance (CSA) also has a Cloud Controls Matrix (CCM) that provides a framework which aligns to the CSA’s guidance for cloud security.  The CCM is part of the CSA’s Security, Trust & Assurance Registry (STAR).  Microsoft has recently provided a document which outlines how the core Windows Azure services meet the requirements outlined in the CSA’s Cloud Controls Matrix.  The document contains a lot of good information – check it out here.  You can also get the same document as it applies to Office 365 and Microsoft Dynamics CRM Online by going here.

Finally, for the developers amongst us, there is a great series on the ISV Developer Community Blog that discusses many aspects of Windows Azure security and how to incorporate secure application development into the development lifecycle.  Be sure to check out the entire seven-part “Windows Azure Security Best Practices” series:

In the end, security is a partnership.  Those producing applications for cloud platforms such as Windows Azure need to develop robust, secure applications.  Hosting an insecure application in the cloud doesn’t magically make it secure.  Likewise, cloud computing providers and platforms, such as Microsoft’s Windows Azure platform, need to provide provide robust and secure platforms.  They need to provide information about the platform so those looking to use the platform can feel comfortable with it.  It’s about trust.

Once you’re comfortable with the security aspects of Windows Azure, download the tools and sign up for a free trial account (if you don’t already have an account or Windows Azure benefits through a program like MSDN).  Happy coding!

Published at DZone with permission of Michael Collier, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)