SDL in Windows Azure
The following section shows how the SDL can be applied to Windows Azure projects in particular. The approach does not change, but there are some caveats and differences between them.
Requirements
As we know, Microsoft is in charge of the physical hardware infrastructure of Windows Azure, so you don't need to look after this. This will give you time to focus on the application layer in particular and apply common SDL practices in our Windows Azure project(s). Using SDL will make you feel comfortable, because it is a proven approach that is also used during the actual realization of Windows Azure itself. Some common attack surfaces disappeared due to abstractions of infrastructure and operating system. Although designing and building for the cloud might be slightly different it does not change the security and privacy requirements much. You can make use of Windows Identity Framework for authentication and authorization. Use Active Directory Federation Services to make...
