There are a ton of resources out there that provide information and guidance on doing so; however, because there’s a ton, it’s painful to go through it all. A fellow developer advisor, Bruce Kyle, has put together a six-part blog series that describes threats, how you can respond, what process you can put into place for the lifecycle of your application, and prescribes a way for you to implement best practices around the requirements of your application (sound familiar? Joël Hébert talked about this in his D³ talk on Building an ASP.NET Security Skeleton). He’s gone through hundreds of pages of books and white papers to come up with his how-to guide-like posts. Go through them to learn how to develop applications in a secure way on Windows Azure.
Part 1: The Challenges, Defense in Depth. This post describes the threat landscape and introduces the plan for your application to employ defense in depth in partnership with Windows Azure.
Part 2: What Azure Provides Out-of-the-Box.This is an overview that security with Windows Azure is a shared responsibility, and Windows Azure provides your application with important security features. But then again, it also exposes other vulnerabilities that you should consider. In addition, you’ll explore how Microsoft approaches compliance.
Part 3: Identifying Your Security Frame. This post explores how to examine an application and identify attack surfaces. The idea of a Security Frame is a way for you to look at your application to determine threats and your responses, before you even begin coding. He point you to checklists that you can use when you are architecting your application.
Part 4: What Else You Need to Do. In addition to protecting your application from threats, there are additional steps you should take when you deploy your application. Provided is a list of mitigations that you should employ in your application development and deployment.
Part 5: Claims-Based Identity, Single Sign On. User identification represents the keys to accessing data and business processes in your application. In this post, you’ll explore how you can separate user identity and the roles of your user out of your application and make it easier to create single sign on applications.
Part 6: How Azure Services Extends Your App Security. Finally, see how other services in Windows Azure provide secure identity mapping, messaging, and connection to on premises application. This section suggests how you can use Windows Azure Active Directory, Windows Azure Connect, and Service Bus for your cloud applications, on premises applications, and hybrid applications.
Part 7: Tips, Tools, Coding Best Practices. Here you’ll find a few more items you should consider in securing your Windows Azure application. Here are some tools, coding tips, and best practices: running on the operating system, error handling, and how to access to Azure Storage
I hope these posts have put to bed some worries you may have had about security in the public cloud – Windows Azure. More importantly, though, I hope that they provide a context for you to learn more and ultimately encourage you to write great applications for Windows Azure.
Windows Azure Developer Movement
As you go ahead and start writing applications for Windows Azure, or you need a good excuse to get going, join the Developer Movement. When you’re part of the movement, as you build for Windows Azure, you get rewards. The more Windows Azure you use, the more the movement rewards you! Simple as that. If you’re writing an application that leverages Windows Azure as well as Windows Phone, you can join the Windows Phone Developer Movement as well.
Share them with myself, the team, and the larger Canadian developer community – start a conversation in the Canadian Developer Connection group on LinkedIn.