Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control.

Slides:

Advertisements

Similar presentations

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Advertisements

System Center 2012 R2 Overview

Common Question Who can benefit from Cloud? Every enterprise today can benefit from Cloud.

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Provide a platform built on security, privacy, and trust Maintain an evergreen service Offer highly configurable and scalable services.

Cloud OS Microsoft’s Vision of the Unified Platform for Modern Business.

Dell Compellent and SafeNet KeySecure

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

BRK3490 Cybersecurity concerns persist Global attacks are increasing and costs are rising Cybercrime extracts between 15% and 20% of the value created.

Unified Logs and Reporting for Hybrid Centralized Management

Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.

Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers Vendors.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/19/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control Security Privacy.

Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Why consider the cloud? Cloud innovation presents challenges for IT.

Windows Azure Windows Azure: Security, Privacy, ComplianceTitle: Country Mgrs., Account Mgrs., BG leads, BG execs & speakers Speaker: BDM, ITDMs Audience:

Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.

Global Foundation Services (GFS) Malware Protection Center Microsoft Security Response Center (MSRC)

Netwrix product briefing n4.0 Unified Auditing for Critical IT Systems.

Protect Your Business-Critical Data in the Cloud with SoftNAS, a Full-Featured, Highly Available Solution for the Agile Microsoft Azure Platform MICROSOFT.

Communicate with All Workers Involved in the Process of Delivering High-Quality Health Care by Choosing Dossier365 on the Azure Platform MICROSOFT AZURE.

Microsoft Azure Storage. Networking Compute Storage Virtual Machine Operating System Applications Data & Access Runtime Provision.

PCIT313. Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers.

Introducing Microsoft Azure Government Steve Read Barbara Brucker.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Alessandro Cardoso Microsoft MVP | Readify National Manager |

DC-B312 BitLocker Improvements in Windows 8 MBAM 2.0 Investment Areas and Key New Features Deploying MBAM 2.0MBAM 2.0 End User Experience.

Securely Synchronize and Share Enterprise Files across Desktops, Web, and Mobile with EasiShare on the Powerful Microsoft Azure Cloud Platform MICROSOFT.

Microsoft Azure Active Directory. AD Microsoft Azure Active Directory.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

Managing Applications, Services, Folders, and Libraries Lesson 4.

Access resources in a federation partner organization.

Compliance Lessons from Operating SQL Server in Azure SQL DB.

James Lewis and Simon Waight Office 365 security: everywhere you need it to be PRD33 1.

Alliance Key Manager for Windows Azure Puts Encryption Key Management and Data Breach Security at Your Fingertips COMPANY PROFILE: TOWNSEND SECURITY Townsend.

Easy-to-Use RedFlag System Delivers Notifications via Phone, , Text, Social Media, and More to Improve Effectiveness of Your Communications COMPANY.

Flight is a SaaS Solution that Accelerates the Secure Transfer of Large Files and Data Sets Into and Out of Microsoft Azure Blob Storage MICROSOFT AZURE.

Picturex Secures and Scales Event-Photo Sharing for Enterprise and Private Customers by Relying on the Powerful, Scalable Microsoft Azure Platform MICROSOFT.

Built on the Powerful Microsoft Azure Platform, Forensic Advantage Helps Public Safety and National Security Agencies Collect, Analyze, Report, and Distribute.

Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.

Azure SQL Database Lori Clark SQL Saturday 10/17/2015.

 Cloud Computing technology basics Platform Evolution Advantages  Microsoft Windows Azure technology basics Windows Azure – A Lap around the platform.

KeepItSafe Solution Suite Securely control and manage all of your data backups with ease, from a single location. KeepItSafe Online Backup KeepItSafe.

Enterprise Alert on Microsoft Azure Fully Automates Critical Incident Communication and Transforms It into an Intelligent, Reliable, and Mobile Experience.

WINDOWS AZURE AND THE HYBRID CLOUD. Hybrid Concepts and Cloud Services.

Call-Center Agents, Customers Communicate More Conveniently with SMS Chat App COMPANY PROFILE: EARLY CONNECT Early Connect is a regional SaaS ISV founded.

Discover How You Can Increase Collaboration with External Partners While Reducing Your Cost in Managing an Extranet from the Azure Cloud MICROSOFT AZURE.

DreamFactory for Microsoft Azure Is an Open Source REST API Platform That Enables Mobilization of Data in Minutes across Frameworks and Storage Methods.

Azure in Education Improve your services and reduce your overhead at the same time.

Example First: Cost savings conversation Cloud-First Dynamics AX Architecture Microsoft Dynamics AX Data Management Services AX MorphX Dev Tools.

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

 December 2010 US Chief Information Officer Vivek Kundra released the Federal Cloud Computing Strategy. This became to be what is known as “Cloud First”

Clouding with Microsoft Azure

Use relational database as a service

Microsoft Azure Virtual Machines

Dell Compellent and SafeNet KeySecure

SMS+ on Microsoft Azure Provides Enhanced and Secure Text Messaging, with Audit Trail, Scalability, End-to-End Encryption, and Special Certifications MICROSOFT.

CLM USE GUIDE FOR MICROSOFT TRUSTED CLOUD

Hosted on Azure, LoginRadius’ Customer Identity

Migrating Your BI Platform To Azure

Scalable SoftNAS Cloud Protects Customers’ Mission-Critical Data in the Cloud with a Highly Available, Flexible Solution for Microsoft Azure MICROSOFT.

Partner Logo Reblaze Utilizes Microsoft Azure Cloud Technology to Provide Web Assets with a Comprehensive, Robust, Protective Shield Against Internet Threats.

Data Security for Microsoft Azure

Unitrends Enterprise Backup Solution Offers Backup and Recovery of Data in the Microsoft Azure Cloud for Better Protection of Virtual and Physical Systems.

Windows Azure Hybrid Architectures and Patterns

SCCM in hybrid world Predrag Jelesijević Microsoft 7/6/ :17 AM

Presentation transcript:

Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control SECURITY Design/Operation Infrastructure Network Identity/access Data PRIVACY COMPLIANCE

Reduce cost High assurance that your data is safe Meet compliance requirements Central control over all assets Move incrementally to Azure Let your apps reason over data Deploy quickly Scale infinitely Make your data highly available

If we receive a government demand for data held by a business customer, we take steps to redirect the government to the customer directly, and we notify the customer unless we are legally prohibited from doing so. In the first half of 2014, Microsoft only received five requests from law enforcement for five users associated with an enterprise customer. In all five cases, the requests were rejected or law enforcement was successfully redirected to the customer.

Reduce cost High assurance that your data is safe Meet compliance requirements Central control over all assets Move incrementally to Azure Let your apps reason over data Deploy quickly Scale infinitely Make your data highly available

Economies of scale Pay-for-use pricing Azure platform certifications EU Model Clauses, UK G- Cloud, FedRAMP, SOC, ISO27001, PCI DSS, HIPAA Unified identity management Ease to deploy, and to scale Great HYBRID options Huge investment in security Strong built-in security controls Optional security controls for customers Virtually infinite storage

Economies of scale Pay-for-use pricing Unified identity management Ease to deploy, and to scale Great HYBRID options Optional security controls for customers Virtually infinite storage Part 1 of this presentation: Built-in controls in Azure Azure platform certifications EU Model Clauses, UK G- Cloud, FedRAMP, SOC, ISO27001, PCI DSS, HIPAA Huge investment in security Strong built-in security controls

Economies of scale Pay-for-use pricing Azure platform certifications EU Model Clauses, UK G- Cloud, FedRAMP, SOC, ISO27001, PCI DSS, HIPAA Ease to deploy, and to scale Huge investment in security Strong built-in security controls Virtually infinite storage Part 2 of this presentation: Controls available for Azure customers Unified identity management Great HYBRID options Optional security controls for customers

100+ Data Centers Trustworthy Computing Initiative Security Development Lifecycle Global Data Center Services Malware Protection Center Microsoft Security Response Center Windows Update 1 st Microsoft Data Center Active Directory SOC 1 CSA Cloud Controls Matrix PCI DSS Level 1 FedRAMP/ FISMA UK G-Cloud Level 2 ISO/IEC 27001:2005 HIPAA/ HITECH Digital Crimes Unit SOC 2 E.U. Data Protection Directive Operations Security Assurance

100+ Data Centers Trustworthy Computing Initiative Security Development Lifecycle Global Data Center Services Windows Update 1 st Microsoft Data Center Active Directory SOC 1 CSA Cloud Controls Matrix PCI DSS Level 1 FedRAMP/ FISMA UK G-Cloud Level 2 ISO/IEC 27001:2005 HIPAA/ HITECH Digital Crimes Unit SOC 2 E.U. Data Protection Directive Operations Security Assurance Malware Protection Center Microsoft Security Response Center

100+ Data Centers Trustworthy Computing Initiative Security Development Lifecycle Global Data Center Services Malware Protection Center Microsoft Security Response Center Windows Update 1 st Microsoft Data Center Active Directory SOC 1 CSA Cloud Controls Matrix PCI DSS Level 1 FedRAMP/ FISMA UK G-Cloud Level 2 ISO/IEC 27001:2005 HIPAA/ HITECH SOC 2 E.U. Data Protection Directive Operations Security Assurance Digital Crimes Unit

100+ Data Centers Trustworthy Computing Initiative Security Development Lifecycle Global Data Center Services Malware Protection Center Microsoft Security Response Center Windows Update 1 st Microsoft Data Center Active Directory Digital Crimes Unit SOC 1 CSA Cloud Controls Matrix PCI DSS Level 1 FedRAMP/ FISMA UK G-Cloud Level 2 ISO/IEC 27001:2005 HIPAA/ HITECH SOC 2 E.U. Data Protection Directive Operations Security Assurance

DataApplicationNetworkHost Security Identity & Access ManagementPhysical 24x7x365 Incident Response

REDUCE SECURITY COSTS + MAINTAIN FLEXIBILITY, ACCESS, & CONTROL CustomerMicrosoft On-PremisesIaaS PaaSSaaS Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime

Data location Customer Choice Chooses region where data resides Configures data replication options Microsoft Creates multiple copies of data in the datacenter Geo-replication in a datacenter 400+ miles away Does not transfer Customer Data outside of a geo

Data Deletion Data retention and destruction Disk Handling Data Retention

Protect data in transit Secured by TLS best practices Perfect forward secrecy 2048-bit keys Strong ciphers are used / FIPS support Import / Export Service (Physical Media Shipment) Only accepts BitLocker encrypted data disks Datacenter to Datacenter Encrypts customer data transfer between Azure datacenters by EOY Data in transit between a user and the service Protects user from interception of their communication and helps ensure transaction integrity Data in transit between data centers Protects from bulk interception of data

Microsoft operator access & logging Operator requests access Grants temporary privilege on specific asset No standing access to Customer Data Grants least privilege required to complete a task Multi-factor authentication required for all administration Locked down admin console used for operator access Access is audited, logged, and analyzed Just in Time & Role Based Access Microsoft Network Azure

Economies of scale Pay-for-use pricing Azure platform certifications EU Model Clauses, UK G- Cloud, FedRAMP, SOC, ISO27001, PCI DSS, HIPAA Ease to deploy, and to scale Huge investment in security Strong built-in security controls Virtually infinite storage Part 2 of this presentation: Controls available for Azure customers Unified identity management Great HYBRID options Optional security controls for customers

Virtual Machine with custom app Storage …

Virtual Machine with custom app StorSimple … Protection elements Access control: No change. StorSimple appliance appears like a NAS (via iSCSI) Encryption: Automatic. StorSimple protects all data that it writes to Azure with AES SHA-256. Keys stay on-premises. Logs: StorSimple emits audit logs. Availability: Azure takes care of this automatically. Protection elements Access control: No change. StorSimple appliance appears like a NAS (via iSCSI) Encryption: Automatic. StorSimple protects all data that it writes to Azure with AES SHA-256. Keys stay on-premises. Logs: StorSimple emits audit logs. Availability: Azure takes care of this automatically.

Protection elements Access control: Stays on-premises, no change. Encryption: Use TDE. You have choice of crypto algorithm. Keys stay on-premises, and can be offloaded to HSM of your choice. Logs: SQL Server audit log, no change. Availability: Azure takes care of this automatically. Protection elements Access control: Stays on-premises, no change. Encryption: Use TDE. You have choice of crypto algorithm. Keys stay on-premises, and can be offloaded to HSM of your choice. Logs: SQL Server audit log, no change. Availability: Azure takes care of this automatically.

Virtual Machine with custom app Storage …

Protection elements Access control: No change, same as on-premises SQL server. Encryption: Use TDE. Keep key in Azure or install optional EKM provider to offload to an on-premises HSM. Logs: No change. SQL Server audit log. Availability: Azure takes care of this automatically. Protection elements Access control: No change, same as on-premises SQL server. Encryption: Use TDE. Keep key in Azure or install optional EKM provider to offload to an on-premises HSM. Logs: No change. SQL Server audit log. Availability: Azure takes care of this automatically.

Azure SQL DB Virtual Machine with custom app Storage … Protection elements Access control: Username/password per server, controlled by Azure subscriber who created server. Encryption: N.A. Logs: Azure SQL DB audit feature, now in preview. Availability: Azure takes care of local redundancy automatically. You can optionally make it geo- redundant. Protection elements Access control: Username/password per server, controlled by Azure subscriber who created server. Encryption: N.A. Logs: Azure SQL DB audit feature, now in preview. Availability: Azure takes care of local redundancy automatically. You can optionally make it geo- redundant.

Virtual Machine Virtual Machine with custom app Storage … Active Directory Users, machines Key Manager e.g. HSM Protection elements Access control: BitLocker key protector. Encryption: Bitlocker. Multiple “protectors” available to protect key – password, certificate, AD group, … Logs: Windows event log. Availability: VHD is stored in Azure storage, which automatically replicates it. Protection elements Access control: BitLocker key protector. Encryption: Bitlocker. Multiple “protectors” available to protect key – password, certificate, AD group, … Logs: Windows event log. Availability: VHD is stored in Azure storage, which automatically replicates it. Azure storage

Virtual Machine boot volume encryption and pre-boot authorization Virtual Machines

Virtual Machine with custom app Storage … Protection elements Access control: Storage access key + custom Encryption: Custom Logs: Azure Storage logs Availability: Azure takes care of this automatically. Protection elements Access control: Storage access key + custom Encryption: Custom Logs: Azure Storage logs Availability: Azure takes care of this automatically. Virtual Machine in Azure

Virtual Machine with custom app Storage … App/device outside your organization

Virtual Machine with custom app Storage … Active Directory Users, machines Key Manager e.g. HSM App/device outside your organization

Virtual Machine with custom app Storage … Active Directory Users, machines Key Manager e.g. HSM App/device outside your organization