Presentation is loading. Please wait.

Presentation is loading. Please wait.

5/29/2018 6:22 AM THR2267 ABN AMRO use case to secure and manage their Azure infrastructure and applications Joël Blaauw – ABN AMRO Security Architect.

Published byMoses Barker Modified over 6 years ago

Similar presentations

Presentation on theme: "5/29/2018 6:22 AM THR2267 ABN AMRO use case to secure and manage their Azure infrastructure and applications Joël Blaauw – ABN AMRO Security Architect."— Presentation transcript:

1 5/29/2018 6:22 AM THR2267 ABN AMRO use case to secure and manage their Azure infrastructure and applications Joël Blaauw – ABN AMRO Security Architect Nico Brandt – Microsoft ATS © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 5/29/2018 6:22 AM The scenery © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 ABN AMRO Group NV. Is the third largest bank in the Netherlands
Counting all major and smaller banks that over the years have been our current banks predecessors, roots go back some 300 years (1762) Strongly regulated by Dutch National Bank and European Central Bank Principal bank for over 21% of the Dutch population Present in 11 countries with more then 50 branches. Employees Operating Income Billion Euros* Net Profit 2076 Million Euros* Products: Asset Management, Commercial Banking, Investment Banking, Private Banking, Retail Banking *2016 Financial disclosure report © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 5/29/2018 6:22 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Standards for Cloud Risk Control
Cloud security is a partnership between ABN AMRO and Cloud Service Providers (CSP) Secure use of the cloud service platform is the responsibility of ABN AMRO Security of the cloud service platform itself is the responsibility of the CSP ABN AMRO owns the data and identities and the responsibility for protecting them. ABN AMRO owns the security of on-premises resources and cloud components ABN AMRO controls (varies by service type) ABN AMRO CSP cloud services are built on a foundation of trust and security. CSP provides security controls and capabilities to help ABN AMRO to protect data and applications. CSP

6 Standards for Cloud Risk Control
Strategy Employ risk-based, multi-dimensional integrated approach to safeguarding services and data Minimum controls are applied on all layers (does not apply to NETWORK PERIMETER and FACILITY layers) Leverage controls top down (layers dependent on service model). Use complementary lower layer controls only when controls on higher layers are not possible Data Protection - Access control, encryption, key management DATA & KEYS SaaS PaaS Admin Access - Identity management, Dual-factor authentication, training and awareness, screening, Least and Temporary Privilege USER APPLICATION IaaS Application Security - Access control, monitoring, anti-malware, vulnerability scanning, patch and configuration management ABN AMRO Security Monitoring and Response Host Protection - Access control, monitoring, anti-malware, vulnerability scanning, patch and configuration management ABN AMRO Well-Formed Risk Statement HOST SYSTEM INTERNAL NETWORK Network Security - Segmentation, intrusion detection, vulnerability scanning NETWORK PERIMETER Network Security - Edge ACLs, DDoS protection, intrusion detection, vulnerability scanning FACILITY Physical Security - Physical controls, video surveillance, access control

7 Our challenges How to maintain agility, and innovative services available for development teams, while not lowering the security How to avoid losing business, due to lengthy risk assessments and formal procedures How to enable agile teams to perform changes, while maintaining compliant (Dutch regulator needs to be informed about projects concerning critical data, and the results of risk assessments performed on those projects)

8 Security Blueprint approach
WHAT HOW IMPLEMENT Workload Specific Workload Specific DATA & KEYS Accountability Application Owner Application Control Solution Design Implement on application level SaaS USER PaaS CSP Agnostic APPLICATION IaaS Standards for Cloud Risk Control control integration HOST SYSTEM CSP Specific CSP Specific Generic Controls Solution Design Implement on platform level Responsibility CBSP INTERNAL NETWORK NETWORK PERIMETER FACILITY Identify and map applicable controls, leverage controls top down Design Solution Implement Solution

9 5/29/2018 6:22 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 5/29/2018 6:22 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 5/29/2018 6:22 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12

13 5/29/2018 6:22 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14

15 5/29/2018 6:22 AM Our verdict Better security becomes feasible Several very costly solutions are now ‘plug, play and pay’ Fully automated Fully monitored Centralized monitoring and security incident reporting © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Goals reached The Azure team is now working on HOW the services will be delivered to the teams needing them, following the ‘requirements’ (security built-in) The CISO team easily reviews the ‘features’, and provides an ‘approved by CISO’ status Development teams using ‘standard features’ only need to worry about how the features are used, not how they are configured or deployed CISO only needs to review how the features are used, which is much easier and faster (gained agility) The blueprint enables to deliver new features fast while incorporating security by design – Pascal Platteel, Product Development Manager Cloud at ABN AMRO

17 Lessons learned Awareness and understanding of ‘cloud’ is an ongoing issue Involve CISO from the start Translate ‘old’ policies towards new terminology Leverage CSP capabilities to mitigate possible incompliances Get the teams to adopt PaaS, which means less work for the engineers but also CISO The collaboration and finding each other is ‘impressive’ – Jaap Crum, Head of IT Technology Development & Portfolio Management at ABN AMRO

18 Please evaluate this session
Tech Ready 15 5/29/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 5/29/2018 6:22 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "5/29/2018 6:22 AM THR2267 ABN AMRO use case to secure and manage their Azure infrastructure and applications Joël Blaauw – ABN AMRO Security Architect."

Similar presentations

Secure Hyperconnectivity with TeamViewer and Windows technologies

Secure Hyperconnectivity with TeamViewer and Windows technologies
Azure on Steroids: Full Automation with PowerShell

Azure on Steroids: Full Automation with PowerShell
Azure File Sync Setup, configuration and management

Azure File Sync Setup, configuration and management
How To Deliver Apps Faster And Secure Them The Microsoft Way

How To Deliver Apps Faster And Secure Them The Microsoft Way
Cloud Security IS Application-Centric Security

Cloud Security IS Application-Centric Security
Use any Amazon S3 application with Azure Blob Storage

Use any Amazon S3 application with Azure Blob Storage
6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee Welly.Lee@microsoft.com.

6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee
Azure Cloud Shell Magic of Modern Command-line Management

Azure Cloud Shell Magic of Modern Command-line Management
Windows 10 and the cloud: Why the future needs hybrid solutions

Windows 10 and the cloud: Why the future needs hybrid solutions
6/25/2018 11:13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.

6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,

6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,
6/26/2018 2:09 PM THR4002 Achieving Upward Mobility Top 3 Strategies for Migrating Data and Workloads to the Cloud niclas.blaback@veritas.com shamalee.deshpande@veritas.com.

6/26/2018 2:09 PM THR4002 Achieving Upward Mobility Top 3 Strategies for Migrating Data and Workloads to the Cloud
Optimizing Microsoft OneDrive for the enterprise

Optimizing Microsoft OneDrive for the enterprise
What a Real, Functioning DevOps Team Looks Like

What a Real, Functioning DevOps Team Looks Like
The power of common identity across any cloud

The power of common identity across any cloud
“Enable, Invent & Adopt, Transform”

“Enable, Invent & Adopt, Transform”
Protect sensitive information with Office 365 DLP

Protect sensitive information with Office 365 DLP
SQL Server on Linux on All-Flash Arrays

SQL Server on Linux on All-Flash Arrays
Microsoft Ignite /31/ :08 AM

Microsoft Ignite /31/ :08 AM
8/6/2018 10:17 AM THR2214 Hybrid Cloud Activated A customer case study optimizing on-premises & Azure performance and cost Mor Cohen-Tal Senior Product.

8/6/ :17 AM THR2214 Hybrid Cloud Activated A customer case study optimizing on-premises & Azure performance and cost Mor Cohen-Tal Senior Product.

Similar presentations

Ads by Google