Evaluating security mechanisms implemented on public Platform-as-a-Service cloud environments case study: Windows Azure

Abstract

The security risks of cloud computing and ambiguity of security mechanisms implemented on an on-demand cloud service like Platform-as-a-Service (PaaS), continues to raise concerns in cloud consumers. These risks clearly affect the adoption of the potentials offered by provisioning of computer resources of this scale. Examining an on-demand Platform-as-a-Service public cloud environment, this paper focuses on the security controls and mechanisms implemented on each component of Windows Azure. Using a security framework which consists of industry standard controls to evaluate its security offerings, this study attempts to understand how its security controls and implementations meet the needs of consumers in identity management, access management and virtualization security in the development of web based applications hosted on the cloud.