Security could be a casualty of the new Azure portal

Microsoft has lowered the bar for development and made it easier to create custom apps in Azure, but that simplicity may come at the expense of security.

Windows Azure

Microsoft announced big changes for the Azure portal at its Build Developer Conference in San Francisco last week. The new portal makes it easier for developers to produce great apps, but the tools also lower the barrier for entry and make it easier for developers who don't understand or haven't considered security to push out apps.

Azure gets Agile

The Azure Preview portal is now available while Microsoft polishes things up for the final, official launch. According to a post on the Windows Azure blog, "The new portal significantly simplifies resource management, so you can create, manage, and analyze your entire application as a single resource group rather than through standalone resources like Azure Web Sites, Visual Studio Projects, or databases."

What Microsoft has done is combine various standalone resources like Azure Web Sites, Visual Studio Projects, databases, and more into a single development and management environment. The new Azure portal also expands the inventory of tools available to include third-party services to give developers more flexibility and enable them to easily build and manage apps by simply plugging in various pre-made elements.

"Developing for a mobile-first, cloud-first world is complicated, and Microsoft is working to simplify this world without sacrificing speed, choice, cost or quality," said Scott Guthrie, executive vice president at Microsoft in a press release.

That's great, but...

So, developers can crank out awesome apps in record time with the new Azure portal. But are they secure? That's the main concern for Andrew Storms, senior director of DevOps for CloudPassage.

When I spoke to Storms, he had plenty of praise for Microsoft and for the new and improved Azure portal. He explained that it's a fantastic tool and a great way to let developers do quick, agile development. He also cautioned, however, that when you disconnect developers from the lower-level components of programming, it's much easier to forget about security.

Storms fears that when developers use drag-and-drop elements to crank out apps, it's easy for them to think they're done without considering security. In the rush to share the awesome new app with the world, many will not go back and look under the hood to consider the potential threats and implement the necessary security controls.

"With great power comes great responsibility," Storms said -- quoting Voltaire (or Spiderman, depending on which literary reference clicks for you). When you're using a platform like the Azure portal, Microsoft bears some responsibility for security, but it's a shared responsibility model. It's incumbent upon developers to uphold their end of the bargain and ensure adequate security in the apps they create.

What are your thoughts about the new Azure portal? Share your thoughts in the discussion thread below.