Watch AzureLearn AzureCreate with AzureDiscuss AzureMSDN SpotlightTechNet Spotlight

Securing Microsoft's Cloud Infrastructure

Check out how Microsoft's strategic application of people, processes, technologies, and experience with consumer and enterprise security has resulted in continuous improvements to the security practices and policies of the Microsoft cloud infrastructure and our online services.  
This paper introduces the reader to the Online Services Security and Compliance team, a part of the Global Foundation Services division who manages security for the Microsoft cloud infrastructure. Readers will gain an understanding of what cloud computing at Microsoft means today and how the company delivers a trustworthy cloud computing infrastructure.

Published: May 2009

Executive Summary
Recent research on the emerging definitions of “Cloud,” “cloud computing,” and “cloud environment” has attempted to identify what customers expect from cloud providers and to find ways to categorize what such providers say they will offer. The idea that purchasing services from a cloud environment may allow technology business decision makers (BDMs) to save money and allow companies to focus on their core business is an enticing proposition in the current economic climate. Many analysts view the emerging possibilities for pricing and for delivering services online as disruptive to market conditions. These market studies and the ensuing dialogue among prospective customers and service providers show certain themes have emerged as potential barriers to rapid adoption of cloud services. Concerns about security, privacy, reliability, and operational control top the list of potential barriers. Microsoft recognizes that BDMs have many questions about these issues including a need to know how they are addressed in the cloud computing environment at Microsoft and the implications to their own risk and operations decisions.

This paper shows how the coordinated and strategic application of people, processes, technologies, and experience results in continuous improvements to the security of the Microsoft cloud environment. The Online Services Security and Compliance (OSSC) team within the Global Foundation Services (GFS) division builds on the same security principles and processes Microsoft has developed through years of experience managing security risks in traditional development and operating environments.

Cloud Computing Security Challenges
The information technology industry faces the challenges that accompany the opportunities of cloud computing. For over 15 years, Microsoft has been addressing the following online service delivery challenges:

  • Emerging cloud business models create a growing interdependence amongst public and private sector entities and the people they serve – Such organizations and their customers will become more interdependent on each other through use of the cloud. With these new dependencies come mutual expectations that platform services and hosted applications be secure and available. Microsoft provides a trustworthy infrastructure, a base upon which public and private sector entities and their partners can build a trustworthy experience for their users. Microsoft actively works with these groups and the development community at large to encourage adoption of security-centric risk management processes.
  • Acceleration of adoption of cloud services, including the continuing evolution of technologies and business models, creates a dynamic hosting environment, which is of itself a security challenge – Keeping pace with growth and anticipating future needs is essential to running an effective security program. The latest wave of change has already begun with the rapid move to virtualization and a growing adoption of Microsoft’s Software-plus-Services strategy, which combines the power and capabilities of computers, mobile devices, online services, and enterprise software. The advent of cloud platforms enables custom applications to be developed by third parties and hosted in the Microsoft cloud. Through the online services Information Security Program described in more detail later in this paper, Microsoft maintains strong internal partnerships among security, product, and service delivery teams to provide a trustworthy Microsoft cloud environment while these changes occur.
  • Attempts to infiltrate or disrupt online service offerings grow more sophisticated as more commerce and business occurs in this venue – While pranksters still seek attention through a variety of techniques including domain squatting and man-in-the-middle attacks, more sophisticated malicious attempts aimed at obtaining identities or blocking access to sensitive business data have emerged, along with a more organized underground market for stolen information. Microsoft works closely with law enforcement, industry partners and peers, and research groups to understand and respond to this evolving threat landscape. Additionally, the Microsoft Security Development Lifecycle, described later in this paper, introduces security and privacy early and throughout the development process.
  • Complex compliance requirements must be addressed as new and existing services are delivered globally – Regulatory, statutory, and industry (referred to simply as “regulatory” for the remainder of this paper) compliance is a highly complex area because worldwide each country can and does pass their own laws that can govern the provision and use of online environments. Microsoft must be able to comply with a myriad of regulatory obligations because it has data centers in a number of countries and offers online services to a global customer base. In addition, many industries impose requirements. Microsoft has implemented a compliance framework (described later in this paper) whereby it efficiently manages its various compliance obligations without creating undue burden on the business.

   
Twitter Feeds
Azure Blogs

internet.commediabistro.comJusttechjobs.comGraphics.com

Search:

WebMediaBrands Corporate Info

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers

Solutions

Whitepapers and eBooks

Microsoft Article: New Date Data Types with SQL Server 2008
IBM CXO Whitepaper: The 2008 Global CEO Study - The Enterprise of the Future.
Internet.com eBook: Becoming a Better Project Manager
Nokia Whitepaper: Improving Performance Across Platforms with Qt and Multithreading
 Microsoft Partner Portal: Helping Customers in a Down Economy
Internet.com eBook: Web Development Frameworks for Java
Internet.com eBook: Developing a Content Management System Strategy
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Microsoft Video: Quick Start Your Windows Azure Development
Microsoft Partner Portal Video: Microsoft Gold Certified Partners Build Successful Practices
 HP On Demand Webcast: Grid Computing Meets Business
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Microsoft Download: Silverlight 2 SDK
30-Day Trial: SPAMfighter Exchange Module
Iron Speed Designer Application Generator
 Microsoft Download: Silverlight 2 Developer Runtime (Windows)
Amyuni Download: PDF and XPS Engine for Your .NET and ActiveX Applications
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Microsoft Article: RIA Apps For Python and Ruby Developers--Made Possible With Silverlight 2
Access Silverlight Hosting Resources
Microsoft Article: Getting Started with Silverlight for Eclipse
 Internet.com Hot List: Get the Inside Scoop on the Hottest IT and Developer Products
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES