Understanding that Microsoft Azure PaaS and IaaS defenses are often different

I received many comments from people asking me to clarify the following line from my previous blog post: The threat model makes the delineation explicit, and this is more pronounced when considering IaaS defenses and PaaS defenses, which can often be quite different. So, I want to spend a little time explaining what I mean…

0

Cloud-based Solutions, Threat Modeling and Shared Security Responsibility

Almost 100% of my security work these days involves helping customers deploy their solutions on Microsoft Azure with confidence. It’s an interesting, subtle twist on the use of the Microsoft Security Development Lifecycle (SDL). My SDL work has gone from being “it’s the right thing to do” (which it still is, but humor me) to…

2