subject: Head in the Cloud: Microsoft Windows Azure Safeguards Your CRM Data [print this page] In the previous article, we have identified some risks on on-premise and web-based solutions and listed suggestions on how to prevent them. However, the question of security on on-demand solution still remains at large.
Trusting on-demand solutions which are probable targets for online security threats seem like an impractical and unrealistic idea or putting our heads in the cloud. IT administrators are cautious and anxious about not knowing where the physical data is, how it is encrypted or how many people have access to it. It may sound like a bad idea but as technology progressed, the notion of "cloud" in the business world has also evolved. This idea was strengthened upon the emergence of Windows Azure, created by Microsoft, one of the pillars of software engineering on 2010. Windows Azure is a cloud services operating system that serves as the development, service hosting and service management environment for the Windows Azure platform.1
The Azure platform includes Windows Azure, an operating system as a service; SQL Azure, a cloud-based database; and .NET services. According to Windows Security.com, one area of concern is the security challenge that is posed by a cloud service that allows third party developers to create applications and host them in the Azure cloud. Microsoft has designed the Azure platform with security in mind, building in a number of different security features. An important aspect of securing data is verifying the identities of those who request to access it. Microsoft has .NET Access Control Service, which works with web services and web applications to provide a way to integrate common identities. The service will support popular identity providers.2
Applications determine whether a user is allowed to access based on Security Assertion Markup Language (SAML) tokens that are created by the Security Token Service (STS) and contain information about the user. The STS provides a digital signature for each token. Applications have lists of digital certificates for the STSs it trusts. Trust relationships can be created between a trusted STS and an STS that issues a token to provide for identity federation. 3
Xamun KEM is an example of an on-demand solution that uses Windows Azure's security. Azure covers specific areas that needed security such as user security, application security, and data center security. Each area has a specific security process to block any unauthorized access to confidential data.
For user security, Azure secures the only two existing points of entry: the back-end which is used by the SaaS provider and the front-end which is accessed by the users. Once a user accesses and logs in to Xamun, the user data is protected. This will prevent hackers from going into the system or application. Xamun uses claim-based identity for user authentication and it will authenticate the user if the set of credentials are valid and signed by a trusted authority or Issuer. Xamun then validates the set of credentials after the issuer sends it back.
Through virtualization adapted by Xamun via Azure, the solution has identity and role-based access permissions which includes tight password encryption with 128-bit SSL. It also notes the number of attempts of logging on. The data center is also guarded by Azure through the back-end. Azure protects the physical and electronic infrastructure of the entire network. IT administrators can now be assured because Microsoft's data center is equipped with biometric devices, card readers, locks, cameras and, alarms which ensures that only authorized personnel are allowed inside the server area. The servers have mirror back up and are behind firewalls, application gateways and IDs to prevent malicious access.
Azure has achieved both SAS 70 Type I and Type II attestations and ISO/IEC 27001:2005 certification which is a standard that specifies requirements for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving a documented Information Security Management System. Going back to the question, Can I trust on-demand solutions? The answer is yes, as long as you are equipped with an airtight security application like Azure.
Head in the Cloud: Microsoft Windows Azure Safeguards Your CRM Data
