Microsoft Rolls Out Test Security Service for SQL Azure
Microsoft this month described a test service designed to help SQL Azure users monitor the security of their databases housed in Microsoft's cloud.
Code-named "SQL Azure Security Services," it's offered as a free trial app through the SQL Azure Labs portal here. Users need to have a SQL Azure account to test it, but Microsoft offers a no-cost trial of Windows Azure (including SQL Azure) for 90 days. It's not clear when the service became available publicly.
SQL Azure Security Services runs as a Web application and lets users check for vulnerabilities in their databases. The service can test one database or all in an account. A Microsoft blog post describes the service as "an early prototype for solving the problem of securing your data in the cloud: no matter where it is, whatever the capacity and scale."
SQL Azure Labs releases are not fully tested by Microsoft and are more at the "cutting edge" level, according to Microsoft's description.
Microsoft plans to expand this service if it gets enough feedback on its use, according to a TechNet wiki post by Ramkumar Krishnan, who says he works at Microsoft. Krishnan outlined steps on how to use the service.
The scan will detect malware, security vulnerabilities and other potential issues in SQL Azure databases right now, but other capabilities may be added later.
"Depending on your enthusiasm for such a service and your valuable feedback, more advanced features like sensitive data discovery, data masking, configuration drift, SQL injection detection, and other functionality layered on core SQL Azure platform will be added to the service," Krishnan stated. "So your feedback is absolutely important!"
The service uses a two-tab directory, with one side listing any "security issues," while the other side catalogs potential "attack surface" problems. When a database has been attacked, the type of attack is identified, such as "SQL injection." The service may also question potential design problems, such as overly restricted access rights.
The service may offer a "recommended mitigation" from Microsoft if a problem is detected. The mitigation appears in text form as advice.
Kurt Mackie is online news editor for the 1105 Enterprise Computing Group.