Asif Jinnah Microsoft IT – United Kingdom

Security Challenges in an ever changing landscape Evolution of Security Controls: Microsoft’s Secure Anywhere Access Concepts & Solutions Infrastructure Solutions to safeguard Microsoft's flexible workforce The Microsoft Environment

129,000 accounts 9.5 million remote connections/month 5+ million internal s daily 3,000 internal applications 6 billion IMs per month 435 million unique users 29 billion s sent per day 280 billion page views per day

Others may manage your network and data centers Software plus Services [SaaS] augmenting traditional IT – data and applications hosted remotely Increasingly complex granular partner access controls Traditional Perimeter security is not sufficient alone Emergence of new technology enablers Always remote employees Flexible definition of the “office” Corpnet access from customer sites Data is walking out the front door Laptops, USB drives, cellular network cards, Smart Phones/PDAs Malware and spyware for everyone Mobile Workforce Mobile Technology Globalization & Outsourcing Reperimeterization of the network

...the visible and the invisible

Control Evolution Transport Enable deep inspected transport as needed Transport Enable deep inspected transport as needed Network Provide connectivity and WAN optimization Network Provide connectivity and WAN optimization Application Ensure application integrity Application Ensure application integrity Host Protect hosts from malware and attacks Host Protect hosts from malware and attacks Data Protect data in storage, transit, and use Data Protect data in storage, transit, and use Many are protecting their hosts and data here We should be protecting our hosts here And protecting our data here

ApplicationsandData X X X Trusted, compliant machine; with malware Trusted, compliant, healthy machine Untrusted machine Trusted, non-compliant machine Compliant but Untrusted machine SSL VPN – Granular Access Access to data and applications is restored once NAP remediates the client

Corporate Network Business Partner Behind customer firewall Layer 7 VPN Gateway Compliant Client IPsec/IPv6 Down-level Client SSL-VPN All Corpnet Resources Dual Protocol (IPv6/IPv4) Non-Compliant Clients Office PC VPN with Mobile Device User with mobile device Internet Security for a flexible workforce

IPsec boundary Creates Secure Net environment Remote access clients/dial-up Workgroups Labs All Devices ~330,000 Unique management challenges Secure Net Devices ~270,000 Devices managed through SMS/SCCM ~265,000 ~16,000 servers IPsec 9

Network Security Monitor, Detect, Respond Attack & Penetration Technical Investigations IDS and A/V Assessment & Governance InfoSec Risk Assessment InfoSec Policy Management Security Architecture InfoSec Governance App Consulting & Engineering End-to-End App Assessment & Mitigation Application Threat Modelling External & Internal Training Engineering & Engagement Engineering Lifecycle Process & Methods Secure Design Review Awareness & Communication Identity & Access Management IdM Security Architecture IdM Gov & Compliance IdM Eng Ops & Services IdM Accounts & Lifecycle Compliance Regulatory Compliance Vulnerability Scanning & Remediation Scorecarding RespondRespondDefineDefine AssessAssess DesignDesignOperateOperate MonitorMonitor

“Security is the fundamental challenge that will determine whether we can successfully create a new generation of connected experiences that enable people to have anywhere access to communications, content and information” - Bill Gates

© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

James Burns – No Slides

Paul MacKinnon - Slides to be ed post event