Senior Technical

Specialist, Microsoft

Abstraction: Hardware Abstraction: Everything

Abstraction: OS

On-Premise

Storage

Servers

Networking

O/S

HA/DR

Virtualization

Data

Applications

Runtime

IaaS

Storage

Servers

Networking

O/S

HA/DR

Virtualization

Data

Applications

Runtime

PaaS

Storage

Servers

Networking

O/S

HA/DR

Virtualization

Applications

Runtime

Data

SaaS

Storage

Servers

Networking

O/S

HA/DR

Virtualization

Applications

Runtime

Data

More Less

Surface Area

Physical Plant

Network/Firewalls

Computing Elements (OS, Runtimes, etc.)

Storage

RDBMS

Bus or Other Access Components

Example

Jane Doe

<Role = Comptroller>

<Role = User>

<Locale = UK>

• Physical/Identity

• Certificates/Encryption

• Protocols/Ports

• Viri/spyware/Keyloggers • Encryption Support

• Protocols/Ports

• Firewalls

• Certificate Support

• Encryption Support – Data at rest

• Protocols/Ports

• Firewalls

• Segregation

• Certifications (components)

• Certificates/Encryption

• Protocols/Ports

• Endpoints

• Firewalls

• Certificates/Encryption

• Protocols/Ports

• Viri/spyware/Sniffers

Secure Development Lifecycle

Windows and SQL Azure Mitigations

Create Periodic and Automated Reviews

Independent Verifications and Tools

Document Path/Risks, Write tests

Microsoft Data Center Physical Plant and Safeguards

Windows Azure Trust Center (Web Search Term)

http://tinyurl.com/27t2bqu (Security References for Azure)

References