Presentation is loading. Please wait.

Presentation is loading. Please wait.

Leverage Azure for most stringent security & compliance requirements

Published byValentine Hart Modified over 6 years ago

Similar presentations

Presentation on theme: "Leverage Azure for most stringent security & compliance requirements"— Presentation transcript:

1 Leverage Azure for most stringent security & compliance requirements
CLD327 Jay Swaminathan

2 Leverage Azure for most stringent security & compliance requirements
Jay Swaminathan

3 Agenda Is Azure secure? Azure’s compliance standards
Data control & privacy on Azure Azure’s security processes and policies Azure Security Center

4 Microsoft protecting you
4/23/2018 5:17 PM Microsoft protecting you INTELLIGENT SECURITY GRAPH Industry Partners Antivirus Network CERTs Cyber Defense Operations Center Malware Protection Center Cyber Hunting Teams Security Response Center Digital Crimes Unit Security Center Active Protection Service Windows Update Conditional Access Cloud App Security Event Management Rights Management Key Vault Office 365 Advanced Threat Protection SmartScreen PaaS IaaS Identity Active Directory Azure Active Directory Apps and Data SaaS Infrastructure Device Advanced Threat Analytics © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Hyper scale Infrastructure is the enabler
100+ Datacenters across 37 Regions (30 Generally Available) Worldwide North Central US Illinois United Kingdom Regions United Kingdom Regions West Europe Netherlands Canada Central Toronto Central US Iowa Canada East Quebec City Germany North East ** Magdeburg China North * Beijing US Gov Iowa US DoD West TBD North Europe Ireland Germany Central ** Frankfurt Japan East Tokyo, Saitama China South * Shanghai East US Virginia West US California Japan West Osaka India Central Pune East US 2 Virginia US Gov Virginia India West Mumbai India South Chennai South Central US Texas US DoD East TBD East Asia Hong Kong SE Asia Singapore Australia East New South Wales Brazil South Sao Paulo State Australia South East Victoria Top 3 networks in the world 2.5x AWS, 7x Google DC Regions G Series – Largest VM in World, 32 cores, 448GB Ram, SSD… Operational Announced/Not Operational * Operated by 21Vianet ** Data Stewardship by Deutsche Telekom

6 Azure Compliance

7 Microsoft and compliance
Sarah Fender 100-level Azure Security deck 4/23/2018 Microsoft and compliance Microsoft invests heavily in the development of innovative compliance technology, processes and integration in Azure. The Microsoft compliance framework for online services maps controls to multiple regulatory standards, which helps drive the design and building of services that meet today’s high level of security and privacy needs.

8 Compliance framework 4/23/2018
Microsoft maintains a team of experts focused on ensuring that Azure meets its own compliance obligations, which helps customers meet their own compliance requirements. Compliance certifications Compliance strategy helps customers address business objectives and industry standards & regulations, including ongoing evaluation and adoption of emerging standards and practices. Continual evaluation, benchmarking, adoption, test & audit Ongoing verification by third-party audit firms. Independent verification Microsoft shares audit report findings and compliance packages with customers. Access to audit reports Prescriptive guidance on securing data, apps, and infrastructure in Azure makes it easier for customers to achieve compliance. Best practices © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 TechReady 18 4/23/2018 5:17 PM Azure Compliance Azure has the largest compliance portfolio in the industry Industry ISO 27001 PCI DSS Level 1 SOC 1 Type 2 SOC 2 Type 2 ISO 27018 Cloud Controls Matrix Content Delivery and Security Association Shared Assessments United States HIPAA / HITECH FedRAMP JAB P-ATO FIPS 140-2 FERPA DISA Level 2 ITAR-ready CJIS 21 CFR Part 11 IRS 1075 Section 508 VPAT Regional European Union Model Clauses United Kingdom G-Cloud Singapore MTCS Level 3 Australian Signals Directorate Japan Financial Services China Multi Layer Protection Scheme China CCCPPF New Zealand GCIO GB 18030 EU Safe Harbor ENISA IAF © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Data Control & Privacy

11 Sarah Fender 100-level Azure Security deck
4/23/2018 Customer data When a customer utilizes Azure, they own their data. Control over data location Customers choose data location and replication options. Control over access to data Strong authentication, carefully logged “just in time” support access, and regular audits. Encryption key management Customers have the flexibility to generate and manage their own encryption keys. Control over data deletion When customers delete data or leave Azure, Microsoft follows procedures to render the previous customer’s data inaccessible.

12 Law enforcement requests
4/23/2018 Law enforcement requests The Law Enforcement Request Report discloses details of requests every 6 months. Microsoft doesn’t provide any government with direct or unfettered access to customer data. Microsoft only releases specific data mandated by the relevant legal demand. If a government wants customer data it needs to follow the applicable legal process. Microsoft only responds to requests for specific accounts and identifiers. Microsoft does not disclose customer data to law enforcement unless as directed by customer or required by law, and will notify customers when compelled to disclose, unless prohibited by law. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Azure Security

14 Cloud services – shared responsibility
Tech Ready 15 4/23/2018 Cloud services – shared responsibility Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime On-Premises Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime Infrastructure (as a Service) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime Platform (as a Service) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime Software (as a Service) Each customer environment is isolated on top of Azure’s Infrastructure Shared Physical Environment Managed by: customer Vendor Microsoft Azure © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Azure Security Design and Operations
Sarah Fender 100-level Azure Security deck 4/23/2018 Azure Security Design and Operations Company-wide, mandatory development and operations processes that embeds security into every phase of development and ops process. We make security a priority at every step, from code development to incident response. Security Development Lifecycle (SDL) and Operations Security Assurance (OSA) Assume breach simulation Dedicated security expert “Red Team” that simulate real-world attacks at network, platform, and application layers, testing the ability of Azure to detect, protect against, and recover from breaches. Global, 24x7 incident response service that works to mitigate the effects of attacks and malicious activity. Incident response

16 Prevent and assume breach
Security monitoring and response Prevent breach Secure Development Lifecycle Operational Security Assume breach Bug Bounty Program War game exercises Live site penetration testing Threat intelligence Prevent breach – A methodical Secure Development Lifecycle and Operational Security minimizes probability of exposure Assume breach – Identifies & addresses potential gaps: Ongoing live site testing of security response plans improves mean time to detection and recovery Bug bounty program encourages security researchers in the industry to discover and report vulnerabilities Reduce exposure to internal attack (once inside, attackers do not have broad access) Latest Threat Intelligence to prevent breaches and to test security response plans State of the art Security Monitoring and Response

17 Infrastructure protection
4/23/2018 Infrastructure protection Azure infrastructure includes hardware, software, networks, administrative and operations staff, policies and procedures, and the physical datacenters that house it all 24-hour monitored PHYSICAL SECURITY Antivirus/Antimalware PROTECTION Centralized MONITORING AND ALERTS Red Teaming PENETRATION TESTING Update MANAGEMENT FIREWALLS © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Visualizing the network security layers
4/23/2018 5:17 PM Visualizing the network security layers © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Visualizing the Azure Network
4/23/2018 5:17 PM Visualizing the Azure Network © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 DDoS system overview 4/23/2018 SUPPORTED DDOS ATTACK PROFILES
MSFT Routing Layer Detection Pipeline Profile DB Scrubbing Array SLB Application Attack Traffic Scrubbed Traffic Flow Data Routing Updates Internet TCP SYN UDP/ICMP/TCP Flood SUPPORTED DDOS ATTACK PROFILES Traffic to a given /32 VIP Inbound or Outbound is tracked, recorded, and analyzed in real time to determine attack behavior DETECTION PROCESS Traffic is re-routed to scrubbers via dynamic routing updates Traffic is SYN auth. and rate limited MITIGATION PROCESS © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Virtual networks Azure Customer
Allows customers to create isolated virtual private networks Customer Creates Virtual Networks with Subnets and Private IP addresses Enables communications between their Virtual Networks Can bring their own DNS Can domain join their Virtual Machines Customer 1 Customer 2 Isolated Virtual Networks Deployment X Deployment Y VNET to VNET Cloud Access RDP Endpoint (password access) VPN Corp 1 Subnet 1 Subnet 2 Subnet 3 DNS Server Isolated Virtual Network INTERNET Microsoft Azure Client

22 Demo Speaker name Microsoft Ignite 2016 4/23/2018 5:17 PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Azure Security Center

24 Azure Security Center Gain visibility and control
4/23/2018 5:17 PM Azure Security Center Gain visibility and control Ascertain your cloud security posture Enable security at cloud speed Extend governance to the cloud with polices Integrate partner solutions Streamline provisioning and monitoring of security solutions Detect cyber threats Microsoft’s global threat intelligence with an eye on your cloud deployments © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Demo Speaker name Microsoft Ignite 2016 4/23/2018 5:17 PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Continue your Ignite learning path
4/23/2018 5:17 PM Continue your Ignite learning path Visit Channel 9 to access a wide range of Microsoft training and event recordings Head to the TechNet Eval Centre to download trials of the latest Microsoft products Visit Microsoft Virtual Academy for free online training visit © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Win a Spark After Dark drone pilot pass by completing your session evaluation ASAP  #MSAUIGNITE

28 Thank you Chat with me in the Speaker Lounge
4/23/2018 5:17 PM Thank you Chat with me in the Speaker Lounge © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Leverage Azure for most stringent security & compliance requirements"

Similar presentations

Identity and Access Management Business Ready Security Solutions.

Identity and Access Management Business Ready Security Solutions.
Introduction to Azure App Service Ali Siddiqui Principal Software Engineer Azure, Microsoft 1.

Introduction to Azure App Service Ali Siddiqui Principal Software Engineer Azure, Microsoft 1.
AZURE ACTIVE DIRECTORY Abdullah Zaib Software Engineer Azure AD, Microsoft.

AZURE ACTIVE DIRECTORY Abdullah Zaib Software Engineer Azure AD, Microsoft.
Azure in Education Improve your services and reduce your overhead at the same time.

Azure in Education Improve your services and reduce your overhead at the same time.
PowerShell 5 & Windows 10. What are we covering today? What is PowerShell? Why is PowerShell important? Some simple demos on Windows 10.

PowerShell 5 & Windows 10. What are we covering today? What is PowerShell? Why is PowerShell important? Some simple demos on Windows 10.
Trusted apps and developer stacks kept up to date with regular updates; developers get to focus on their application Proven apps and stacks deployed.

Trusted apps and developer stacks kept up to date with regular updates; developers get to focus on their application Proven apps and stacks deployed.
Mastering Azure Connectivity to the Microsoft Cloud

Mastering Azure Connectivity to the Microsoft Cloud
Deployment Planning Services

Deployment Planning Services
BRK1017 Taking your hybrid management and security strategy to the cloud with Operations Management Suite Jeremy Winter and Srini Chandrasekar.

BRK1017 Taking your hybrid management and security strategy to the cloud with Operations Management Suite Jeremy Winter and Srini Chandrasekar.
What's New in System Center Configuration Manager, Current Branch and Intune INF324a Steven Hosking.

What's New in System Center Configuration Manager, Current Branch and Intune INF324a Steven Hosking.
Hybrid Management and Security

Hybrid Management and Security
Mastering Azure Connectivity to the Microsoft Cloud Session 3.

Mastering Azure Connectivity to the Microsoft Cloud Session 3.
The Zen of Package Management

The Zen of Package Management
Now, let’s implement/trial Windows Defender Advanced Threat Protection

Now, let’s implement/trial Windows Defender Advanced Threat Protection
Secure Hyperconnectivity with TeamViewer and Windows technologies

Secure Hyperconnectivity with TeamViewer and Windows technologies
Dev & Test (IaaS) Solution pitch deck

Dev & Test (IaaS) Solution pitch deck
Enterprise Security in Practice

Enterprise Security in Practice
Deploying Linux on Microsoft Public and Private cloud

Deploying Linux on Microsoft Public and Private cloud
Implementacija SharePoint 2016 farme pomoću Azure IaaS

Implementacija SharePoint 2016 farme pomoću Azure IaaS
Hybrid Management and Security

Hybrid Management and Security

Similar presentations

Ads by Google