Blog

Cloud storage security: comparative study (part 2)

Last time we started comparing Cloud storage security and touched Amazon AWS advantages and shortcomings. Today I am going to provide you with Windows Azure description.
2 September 2014
Cloud-based testing
Cybersecurity testing
The article by a1qa
a1qa

Last time we started comparing Cloud storage security and touched Amazon AWS advantages and shortcomings. Today software testing engineer Anna Andreeva is going to provide you with Windows Azure description.

Windows Azure

Although recently Windows Azure provided only cloud “platform as a service» (PaaS), introducing series of updates made Azure to be a full-fledged cloud infrastructure to run applications on Windows Server and Linux.  Independent performance testing showed that Windows Azure is far ahead of its competitors, thereby strengthening the leading position. So, what is included in the security package?

  • Mutual SSL-authentication. All internal traffic is sent in encrypted form, which prevents information outflow, even if it is intercepted.
  • Management of certificates and private keys. Mentioned certificates and keys are generated by a separate mechanism, which is not available from the application code. They are encrypted and stored in a secret repository. There is a possibility of an additional password protection.
  • Principle of Minimal Privilege. Custom applications running on virtual machines with minimal rights, which complicates any kind of attack, since their implementation requires escalation of privileges.
  • Data access control. Windows Azure has a simple model for managing data access. For each client’s account secret key is generated that is used to gain access to the vault, tied to this account.
  • Isolation of Hypervisor, host OS and the guest virtual machines. Client virtual machines Isolation is critical for safe sharing of disk space. Hypervisor and the root OS are responsible for isolation of guest virtual machines In Windows Azure.
  • Packet filtering. Hypervisor and the root OS filtering unsafe packet traffic.
  • VLAN Isolation. Internal data transfer is organized so that all traffic when moving from one network to another is verified by router. That protects data from listening and getting external traffic into the internal network infrastructure.
  • Removal of outdated data. To ensure a high level of security after the removal the platform checks and removes all references to the purified resource. All copies are also erased by means of scavengers.

It can be seen from the description that the security mechanisms offered by the providers, aimed at protecting domestic architecture – hardware and client VMs.

And this is natural, since for provider it is important to prevent further attacks in case of illegal capture virtual machine. i.e. access to root operating system, unauthorized listening of other client machines traffic or getting information stored on disk. The process of developing cloud web application does not differ much from the development of applications written in a regular PC. So all web application threats remain relevant in the cloud, and that is why customer is responsible for protection and secure configuration.

Summing up, the use of cloud infrastructure has a huge advantage. Stability, availability, flexibility – are the most important criteria for successful implementation of the project. However, the issue of safety here is also worth acute me as “old fashion” ones.

The artilce Cloud Storage Security: AWS Vs.Azure by Anna Andreeva was published in Network Computing online edition, you can read the full version here.

More Posts

6-march-2023-1
21 March 2023,
by a1qa
4 min read
The ultimate QA guide for smoothly migrating to Web 3.0
Find out how businesses can seamlessly migrate to Web 3.0 by relying on quality assurance.
Cybersecurity testing
General
Performance testing
Usability testing
27 February 2023,
by a1qa
5 min read
Reaching HIPAA compliance for eHealth solutions through QA
We reveal HIPAA’s data safety benchmarks and shed light on how software testing may help in its conformity.
Cybersecurity testing
Software lifecycle QA
Mobile app testing
15 February 2023,
by a1qa
4 min read
Mobile app testing guide: win the race with five-star software
Which aspects of mobile apps to test first to produce a really high-quality product? Find the answer to this and other questions related to mobile app testing in the article.
Cybersecurity testing
Functional testing
Mobile app testing
Performance testing
Test automation
Usability testing
qa-trends-in-telecom
30 September 2022,
by a1qa
5 min read
4 telecom trends for 2023 and how to painlessly implement them with QA
It’s time to explore the telecom trends for the upcoming year. Let’s look at them together and also see the value that QA brings for their smooth deployment.
Cybersecurity testing
Migration testing
QA trends
Quality assurance
Test automation
black-friday
29 July 2022,
by a1qa
4 min read
Get ready for Black-Friday-to-Cyber-Monday shopping: 5 testing types to include in your QA strategy
What’s your nightmare during Black Friday and Cyber Monday shopping? If it’s a loss of sales, read about the ways to prevent this in the article.
Cybersecurity testing
Functional testing
Localization testing
Performance testing
Usability testing
30 June 2022,
by a1qa
4 min read
App software testing for telecom: What are the common issues telco providers face?
Facing problems with the quality of your telecom software products? Read more in the article and find out the ways to address them.
Cybersecurity testing
Performance testing
Test automation
20 June 2022,
by Alina Karachun
5 min read
Top-quality IoT solutions: 3 problems and ways to solve them
What quality aspects of IoT solutions are predominant to care about and why? Find the answers in the article.
Cybersecurity testing
IoT testing
Performance testing
19 April 2022,
by a1qa
5 min read
What prevents companies from boosting eCommerce customer experience: 4 common mistakes
Dreaming of a flawless online shopping journey for your users? Explore 4 widespread situations that hamper achieving this goal.
Cybersecurity testing
Performance testing
Test automation
Usability testing
Clutch awards
23 March 2022,
by a1qa
2 min read
a1qa recognized for cybersecurity expertise by Clutch!
The global online review platform Clutch added a1qa to the Top 15 Penetration Testing Companies for 2022.
Cybersecurity testing

Get in touch

Please fill in the required field.
Email address seems invalid.
Please fill in the required field.
We use cookies on our website to improve its functionality and to enhance your user experience. We also use cookies for analytics. If you continue to browse this website, we will assume you agree that we can place cookies on your device. For more details, please read our Privacy and Cookies Policy.