• No results found

How To Get A Cloud Security System To Work For You

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "How To Get A Cloud Security System To Work For You"

Copied!
33
0
0

Loading.... (view fulltext now)

Download now ( 33 Page )

Full text

(1)

Microsoft Azure

Trust in the Cloud

Ovidiu Pismac

MCSE Security, CISSP, MCSE Private Cloud / Server & Desktop infrastructure, MCTS Forefront

Microsoft Romania

(2)

Microsoft Azure

430B+

Microsoft Azure AD authentications

280%

year-over-year database growth in Microsoft Azure

50%

of Fortune 500 use Microsoft Azure

$25,000

in the cloud would cost $100,000 on premises

Economics

Scale

30,000

to

250,000

Scale from

site visitors instantly

2 weeks

to deliver new services vs. 6-12 months with traditional solution

Speed

Technology trends: driving cloud adoption

of CIOs will embrace a

cloud-first strategy in 2016

(IDC CIO Agenda webinar)

Cloud Trend:

70%

BENEFITS

(3)

Microsoft Azure

Pre-adoption concern

60%

cited concerns around

data security as a barrier

to adoption

45%

concerned that the

cloud would result in a

lack of data control

Benefits realized

94%

experienced security

benefits they didn’t

previously have

on-premise

62%

said privacy protection

increased as a result of

moving to the cloud

Cloud innovation

OPPORTUNITY FOR SECURITY & COMPLIANCE BENEFITS

(4)

Microsoft Azure

Trustworthy foundation

BUILT ON MICROSOFT EXPERIENCE AND INNOVATION

(5)

Microsoft Azure

Trustworthy Computing Initiative Security Development Lifecycle Global Data Center Services Malware Protection Center Microsoft Security Response Center Microsoft Update Active Directory SOC 1 CSA Cloud Controls Matrix PCI DSS Level 1 FedRAMP/ FISMA UK G-Cloud Level 2 ISO/IEC 27001:2005 HITECHHIPAA/ Digital Crimes Unit SOC 2 E.U. Data Protection Directive Operations Security Assurance 1st Microsoft Data Center

Trustworthy Computing

Created the SDL which has

become the industry standard

for developing secure software

20+ Data Centers 20+ Data Centers Trustworthy Computing Initiative Security Development Lifecycle Global Data Center Services Windows Update 1st Microsoft Data Center Active Directory SOC 1 CSA Cloud Controls Matrix PCI DSS Level 1 FedRAMP/ FISMA UK G-Cloud Level 2 ISO/IEC 27001:2005 HITECHHIPAA/ Digital Crimes Unit SOC 2 E.U. Data Protection Directive Operations Security Assurance Malware Protection Center Microsoft Security Response Center

Security Centers

of Excellence:

Protecting Microsoft

customers by combatting

evolving threats

Trustworthy Computing Initiative Security Development Lifecycle Global Data Center Services Malware Protection Center Microsoft Security Response Center Microsoft Update Active Directory SOC 1 CSA Cloud Controls Matrix PCI DSS Level 1 FedRAMP/ FISMA UK G-Cloud Level 2 ISO/IEC 27001:2005 HITECHHIPAA/ Digital Crimes Unit SOC 2 E.U. Data Protection Directive Operations Security Assurance 1st Microsoft Data Center

20+ Data Centers:

Operating Microsoft Azure in

11 data centers around the

world, plus 2 in China

20+ Data Centers 20+ Data Centers Trustworthy Computing Initiative Security Development Lifecycle Global Data Center Services Malware Protection Center Microsoft Security Response Center Windows Update 1st Microsoft Data Center Active Directory Digital Crimes Unit SOC 1 CSA Cloud Controls Matrix PCI DSS Level 1 FedRAMP/ FISMA UK G-Cloud Level 2 ISO/IEC 27001:2005 HITECHHIPAA/ SOC 2 E.U. Data Protection Directive

Compliance Standards:

Investing heavily in robust

compliance processes, including

ISO 27001, FedRAMP, and HIPAA

Operations Security Assurance

Trustworthy foundation

(6)

Microsoft Azure

Microsoft Azure

Automated Managed Resources Elastic Usage Based

(7)

Microsoft Azure

Shared responsibility

REDUCE SECURITY COSTS + MAINTAIN FLEXIBILITY, ACCESS, & CONTROL

Customer Microsoft

(8)

Microsoft Azure

Market Endorsement

Gartner Magic Quadrant for Cloud

Infrastructure as a Service(IaaS)

Gartner Magic Quadrant for

Enterprise Application Platform as

a Service(PaaS)

Gartner Magic Quadrant for Public

(9)

Microsoft Azure

Transparency & independent verification

Best practices

and guidance

Third-party

verification

Cloud Security

Alliance

Security

intelligence

report

Compliance

packages

Trust

Center

Access to

audit reports

Security Response

Center progress

report

(10)

Microsoft Azure

Microsoft approach in action

(11)

Microsoft Azure

Security embedded

in

planning, design, devel

opment, & deployment

Rigorous controls to

prevent, detect, contai

n, & respond to threats

Hardening cloud

services through

simulated real-world

attacks

Global, 24x7 incident

response to mitigate

effects of attacks

Design & operations

Operational

security

controls

Assume

breach

Incident

response

Software

(12)

Microsoft Azure

Security

12

We chose Azure because all things

being equal, it is the easiest cloud

platform to work with. Security and

patching is already taken care of, so

(13)

Microsoft Azure

24 hour monitored physical security

Secure multi-tenant environment

Firewalls

Patch management

System monitoring and logging

Antivirus/antimalware protection

Threat detection

Forensics

(14)

Microsoft Azure

Service security starts with physical data center

Cameras

24X7 security staff Barriers

Fencing Alarms

Two-factor access control: Biometric readers & card readers

Security operations center Days of backup power Seismic bracing

Building

(15)

Microsoft Azure

Architected for secure multi-tenancy

AZURE:

Centrally manages the platform and helps

isolate customer environments using the

Fabric Controller

Runs a configuration-hardened version of

Windows Server as the Host OS

Uses Hyper-V, a battle tested and enterprise

proven hypervisor

Runs Windows Server and Linux on Guest

VMs for platform services

CUSTOMER:

• Manages their environment through service

management interfaces and subscriptions

• Chooses from the gallery or brings their own

OS for their Virtual Machines

(16)
(17)

Microsoft Azure

Microsoft and Interoperability

“DHMC runs both Windows Server as guest operating systems under Hyper-V, as well as Linux. To date, DHMC has virtualized Web servers,

sites on Microsoft Office SharePoint® Server, reporting servers, medical applications, domain controllers, file and print servers, Citrix

servers, and more.”

Dartmouth Hitchcock Medical Center Case Study

Microsoft commitment to support Linux – Red

Hat, SUSE, CentOS, OpenSuse, Ubuntu, Oracle

Linux, new FreeBSD 10 on Hyper-V

System Center Configuration Manager 2012 SP1

supports administering non-Windows platforms:

Linux, Unix (monitored by SCOM) and Mac OS X

systems

System Center Operations Manager 2012 SP1

supports monitoring of non-Windows, including

Linux – Red Hat, SUSE, CentOS; Unix – HP UX, Sun

Solaris and IBM AIX; from January 2013 – new Linux

distributions supported: Debian Linux, Oracle

Linux, Ubuntu Linux Server

System Center Virtual

Machine Manager 2012 manages VMware ESX

servers and Citrix XEN Servers

(18)

Product

Linux

UNIX

Red Hat SUSE CentOS Ubuntu Debian Oracle

AIX

HP-UX Solaris

Operations

Manager

Configuration

Manager

Endpoint

Protection

No Plans

Virtual Machine

Manager

Hyper-V

Azure IaaS

Future

(19)

Microsoft Azure

19

Network protection

Segregates network

access between

customers,

management systems

& the internet

Connects cloud

services using private

IP addresses, subnets

Site to site, point to

site, and ExpressRoute

help enable secure

connect to Azure

Virtual

Networks

Cloud to

on-premises

connections

Network

(20)

Microsoft Azure

Microsoft employee access management

Monitor & protect access to cloud apps

Enterprise cloud identity –Azure AD

Multi-Factor Authentication

(21)

Microsoft Azure

Data encryption options: Bitlocker, Azure RMS,

AES 256 /512

Data segregation

Data location and redundancy

Data destruction

(22)

Microsoft Azure

Data location and redundancy

Note: Microsoft Azure data centers, Australia – Q2 FY15

AZURE:

Creates three copies of data in

each datacenter

Offers geo-replication in a

datacenter 400+ miles away

Does not transfer Customer Data

outside of a geo (ex: from US to

Europe or from Asia to US)

CUSTOMER:

Chooses where data resides

Configures data replication

(23)

Microsoft Azure

Data Deletion

Data destruction

• Wiping is NIST 800-88 compliant

• Defective disks are destroyed at the datacenter

• Index immediately removed from primary location

• Geo-replicated copy of the data (index) removed

asynchronously

• Customers can only read from disk space they have written to

(24)

Microsoft Azure

Privacy controls

are built into Azure

design and

operations

(25)

Microsoft Azure

Contractual commitments

EU Data Privacy

Approval

• Microsoft makes strong contractual commitments to safeguard customer data

covered by HIPAA BAA, Data Processing Agreement, & E.U. Model Clauses

• Enterprise cloud-service specific privacy protections benefit every industry &

region

• Microsoft meets high bar for protecting privacy of EU customer data

• Microsoft offers customers EU Model Clauses for transfer of personal data

across international borders

• Microsoft’s approach was approved by the Article 29 committee of EU data

protection authorities – the first company & cloud vendor to obtain this

Broad

(26)

Microsoft Azure

Privacy

Our vision is to be the national leader

in patient-centered e-healthcare.…

Using Windows Azure as our delivery

system provides us with a level of trust

and reliability that makes this

(27)

Microsoft Azure

ISO 27001

SOC 1 Type 2

SOC 2 Type 2

FedRAMP/FISMA

PCI DSS Level 1

UK G-Cloud

Information

security

standards

Effective

controls

Government

& industry

certifications

(28)

Microsoft Azure

Program Description

ISO/IEC 27001

The ISO/IEC 27001:2005 certificate validates that Azure has implemented the internationally recognized information security controls defined in this standard.

SOC 1

SSAE 16/ISAE 3402

Azure has also been audited against the Service Organization Control (SOC) reporting framework for SOC 1 Type 2 (formerly SAS 70), attesting to the design and operating effectiveness of its controls.

SOC 2

Azure has been audited for SOC 2 Type 2, which includes a further examination of Azure controls related to security, availability, and confidentiality

FedRAMP/FISMA

Azure has received Provisional Authorization to Operate from the Federal Risk and Authorization Management Program (FedRAMP) Joint Authorization Board (JAB), having undergone the assessments necessary to verify that it meets FedRAMP security standards.

PCI DSS Level 1

Azure has been validated for PCI-DSS Level 1 compliance by an independent Qualified Security Assessor (QSA).

UK G-Cloud IL2

In the United Kingdom, Azure has been awarded Impact Level 2 (IL2) accreditation, further enhancing Microsoft and its partner offerings on the current G-Cloud procurement Framework and CloudStore.

HIPAA BAA

To help customers comply with HIPAA and HITECH Act security and privacy provisions, Microsoft offers a HIPAA Business Associate Agreement (BAA) to healthcare entities with access to Protected Health Information (PHI).

(29)

Microsoft Azure

Compliance

Windows Azure was attractive because

it has built-in capabilities for

compliance with a wide range of

(30)

Microsoft Azure

Unified platform for modern business

(31)

Microsoft Azure

(32)

Microsoft Azure

Talk to a Microsoft security expert

Explore additional resources:

Trustworthy Computing Cloud Services:

www.microsoft.com/trustedcloud

Microsoft Trust Center for Microsoft Azure:

http://www.windowsazure.com/en-us/support/trust-center

Microsoft Security Intelligence Report

(33)

References

Download now ( PDF - 33 Page - 2.93 MB )

Related documents

Pengelolaan Limbah Cair Pada Industri Pulp Dan Kertas Industri Kelapa Sawit

[r]

srs for attendance management system

Attendance Percentage of each student in every subject would be displayed in this list Also, the system allows the professor to view pertinent statistics on student’s

IP-Based Infrastructure Solutions for Critical Spaces. Presented by: Andrew Flint, RCDD/NTS Regional Technical Manager

Physical Protection Guidelines & Strategies Technologies for Data Center Security.. Physical Protection Guidelines

Secure Video Collaboration:

• Data Center Security – An important security consideration for cloud service customers is to find out about the hosting centers used by the provider.. Lifesize Cloud customers

The Breathing gym trombon.pdf

My thanks to My thanks to Peter Ellefson, Joe Alessi, Patrick Peter Ellefson, Joe Alessi, Patrick Sheridan, Charlie Vernon, Tom Ashworth and Ray Conklin for their Sheridan,

Performance and Sizing Considerations

Microsoft Intelligent Application Gateway (IAG) Microsoft System Center Operations Manager Microsoft Forefront Security for Exchange (FSE) Microsoft System Center Virtual

Composición, propiedades, estabilidad y comportamiento térmico del aceite de semilla de tamarindo (Tamarindus indica)

Some wild plant seeds have been reported with high content of long-and very-long-chain saturated fatty acids, in which lignoceric acid is present in high percentages

Home Land Security 1

Individual written assignments may be assigned to ensure students can articulate what they have learned about employment and career development opportunities, and are well-prepared