Presentation is loading. Please wait.

Presentation is loading. Please wait.

Nigel Gibbons Executive Chairman UniTech tm

Published byChastity Sara Newman Modified over 6 years ago

Similar presentations

Presentation on theme: "Nigel Gibbons Executive Chairman UniTech tm"— Presentation transcript:

1 Nigel Gibbons Executive Chairman UniTech tm
9/9/ :17 PM BL13 Ro Kolakowski Company Partner 6th Street Consulting MPN partner since 2006 SharePoint Selling to the Strengths of Security & Compliance with Office 365 and the Cloud Lisa Slim Microsoft Alliance Business Manager Hewlett-Packard MPN partner since 1989 HP Enterprise Business Nigel Gibbons Executive Chairman UniTech tm © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Nigel Gibbons Executive Chairman – UniTech tm
Chartered IT Professional (CITP) Microsoft Buisness Value Planning (MBVP) Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional(CISSP) Microsoft Certified Inromation Technology Professional (MCITP) Strategic Business Planning and Audit. IAMCP UK and International Board Member Microsoft Partner Advisory Council Microsoft Executive Partner Board Cloud Security Alliance – UK and Ireland Insititute of Information Security Professionals (IISP) Information Security Audit and Control Association (ISACA) International Information Systems Security Certification Consortium or (ISC)2 EuroCloud Voices for Innovation

3 NRG ‘PB’ Curve (Presentation Benefits)
WPC2010_Breakout 9/9/ :17 PM NRG ‘PB’ Curve (Presentation Benefits) Benefit Number of slide © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Cloud Security Frameworks Overview Security in Context Customers
Microsoft and Office 365 Cloud Security Engagement Framework and References Real World application Frameworks

5 Different Things to Different People
(submitted by Antii Roppola)

6 Security Risk Trust Security

7

8

9 Threat #1 Abuse and nefarious use of Cloud Computing
Criminal leverage of cloud resources Cloud providers targeted IaaS offerings have hosted Zeus botnet InfoStealer Trojan horses botnets command and control Impact equals IaaS blacklisting

10 Threat #2 Insecure interfaces and APIs
Exposed software interfaces or APIs Security and availability of services dependent upon the security of these Exposures Unknown service or API dependencies Clear-text authentication Data unencrypted to process

11 Threat #3 Malicious insiders
Level of access means impact considerable Lack of hiring standards Legislative friction Impact Brand damage Financial loss Productivity downtime

12 Threat #4 Shared technology issues
Multi-tenant architecture challenge hardware technologies and hypervisors Inappropriate levels of control or influence on the underlying platform Examples Joanna Rutkowska’s Red and Blue Pill exploits Kortchinksy’s CloudBurst presentations

13 Threat #5 Data loss or leakage
Deletion or alteration of records without a backup Loss of an encoding key Jurisdiction and political issues Impact Loss of core intellectual property Compliance violations

14 Threat #6 Account or service hijacking
Reuse of Credentials and passwords Eavesdrop on activities and transactions manipulate data return falsified information Redirect clients to illegitimate sites

15 Threat #7 Unknown risk profile
When adopting a cloud service, features and functionality may be well advertised What about details of internal security procedures configuration hardening patching, auditing, and logging Compliance?

16 References CSA (Cloud Security Alliance) – Top Threats
Gartner report – ‘Assessing the Security Risks of Cloud Computing’

17 90% internal 80% external The Mobile Effect
Cloud is a form of mobile computing But then there is Mobile as well… 24x7x365 from anywhere, anytime, anyways 90% internal 80% external

18

19

20 NIST (The National Institute of Standards and Technology)
Despite concerns about security and privacy, the NIST concludes that “Public cloud computing is a compelling computing paradigm that agencies need to incorporate as part of their information technology solution set."

21 Cloud All in!

22 The case for a Cloud Business
Microsoft The case for a Cloud Business Technology Roadmap Technical Certification

23 Security and Reliability
Financially-backed, guaranteed 99.9% uptime Service Level Agreement (SLA) Always-up-to-date antivirus and anti-spam solutions to protect Safeguarded data with geo-redundant, enterprise-grade reliability and disaster recovery with multiple datacentres and automatic failovers Best-of-breed data centres with SAS 70 and ISO certification

24 Monetising the Cloud Little margin in subscription annuity
Money is in the service tail, but how?

25 Trust is King Honesty Confidence Trust

26 Ignorance

27 Temptation/Ignorance

28 Services (Office 365 and FOPE)
MGX FY11 9/9/2018 Certifications ISO 27001 Services (Office 365 and FOPE) SAS 70 Type II Data Centers Safe Harbor Microsoft More to come… © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 Multi-Layered Defense
Strategy: employ a risk-based, multi-dimensional approach to safeguarding services and data Security Management Threat and Vulnerability Management, Monitoring and Response Edge Routers, Firewalls, Intrusion Detection, Vulnerability Scanning Network perimeter Dual-factor Auth, Intrusion Detection, Vulnerability Scanning Internal Network Access Control and Monitoring, Anti-Malware, Patch and Configuration Management Host Secure Engineering (SDL), Access Control and Monitoring, Anti-Malware Application Access Control and Monitoring, File/Data Integrity Data User Account Management, Training and Awareness, Screening Facility Physical Controls, Video Surveillance, Access Control

30 Data Encryption at Rest
Encryption impacts service functionality (e.g. search) Technical solutions are challenging, e.g. identity and key management issues Data stored non-encrypted For “sensitive” data, customers implement Rights Management For “sensitive” externally sent/received , customers employ PGP or similar Solution

31 Enhanced E-mail Security Features
Require TLS for all mail between customer and partner domain (in and outbound) Centralized mail control (all mail for domain sent/received from customer servers) – Enables custom filtering and archiving Outbound mail delivery to a smarthost – Enables additional processing, e.g. DLP Future: Expanded DLP capabilities in Forefront Online Protection for Exchange (FOPE)

32 Subpoenas Will Microsoft turn over my data to law enforcement or government?

33 Microsoft believes customers should control their own information
MGX FY11 9/9/2018 Subpoenas Will Microsoft turn over my data to law enforcement or government? Microsoft believes customers should control their own information When compelled by U.S. law enforcement to produce customer records, Microsoft will first attempt to redirect these demands to the customer Microsoft will notify the customer unless it cannot, either because Microsoft is unable to reach the customer or is legally prohibited from doing so! Microsoft will only produce the specific records ordered by law enforcement and nothing else © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34 MGX FY11 9/9/2018 Continuity Concerns Yes, a robust service continuity program is in place based on industry best practices and provides the ability to recover subscribed services in a timely manner Does Microsoft have a formalized continuity program in place? Yes, all offerings have redundancy and resiliency to ensure that any major outage is minimized Does each service have the ability to recover from a disastrous event? The plan and solution are validated at least on an annual basis Is the plan exercised (tested) on a regular basis? © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35 Global Privacy Regulations
MGX FY11 9/9/2018 Global Privacy Regulations Microsoft Online Services has been built focusing on transparency, allowing customers control over their data, and enabling them to adhere to recognized privacy principles Example: Many locales require a privacy notice and a recording notice. It's ultimately the responsibility of the customer to comply, but we built one in as a default so customers are assisted Microsoft complies with global privacy norms. It abides by the Safe Harbor privacy framework regarding the collection, use, transfer, and retention of data from the European Union, the European Economic Area, and Switzerland Each of Microsoft Online Services has a privacy statement that details how customers’ data will be treated Longer term  Working with governments and partners to adapt regulations to our type of services © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36 Why Is Privacy Compliance Important?
It’s the law Helps ensure to Customers that they’ve made the right choice by entrusting their data to Microsoft It’s the right thing to do

37

38 Cloud Stack (SPI Model)

39

40 Risk Management Measure Assess Evaluate Manage

41 Compliance Landscape

42 Risk Mitigation

43 Compromise Customer Data
Attack Tree Compromise Customer Data Value to Business £50,000 £1m+ Obtain Backup Media Intercept Hack Web Server Hack Firewall £ 5,000 Burglarise Office £ 5,000 Bribe Staff or Service Provider £ 10,000 Hack teleworker Home System £ 1,000 Hack SMTP service £ 2,000 £5,000 £10,000 £1,000 £2,000 £7,000 International Association of Microsoft Channel Partners (IAMCP)

44

45 Security On Ramp Microsoft Security Assessment Tool
Gain visibility of service revenue potential Identify in competency areas Out of competency equals Engage a Pro!

46 Microsoft Security Assessment Toolkit

47 The Alternative!

48 Partner Is the Key Equals IAMCP (International Association of Microsoft Channel Partners)

49 IAMCP Vision and mission – PACE
IAMCP the global business community for the Microsoft Channel Mission To maximize the business potential of its members through: Peer to Peer Networking Rhythm of events occurring globally Advocacy To legislatures, the media, to Microsoft and Microsoft Partners (liaison with VFI) Community Outreach On the lines of Social Entrepreneurship Education and Growth Provide Programs and experiences to grow Partner business capability and capacity

50 Microsoft (Your R&D and soon to become your customers IT dept.!)
Office 365 Security and Service Continuity Service Description

51 ENISA (European Network and Information Security Agency)
Cloud Computing Security Risk Assessment

52 CSA (Cloud Security Alliance)
Security Guidance in Cloud Computing

53 NIST (The National Institute of Standards and Technology)
DRAFT Guidelines on Security and Privacy in Public Cloud Computing DRAFT Cloud Computing Synopsis and Recommendations

54

55 Thank You! #NRG_fx

56 9/9/ :17 PM Partner Calls to Action Key actions, resources and WPC-related sessions/activities Do Attend Learn Evaluate this session complete the evaluation form <here> Placeholder most partners grant you 1 action, focus your ask Placeholder invite partners to your other breakout sessions, panels and interactive sessions Placeholder invite partners to your other activities: Expo, executive meetings, group meetings, parties and other Placeholder share your latest content: links, documents, other digital Placeholder ask partners to participate online: forums, social (Facebook, Twitter) © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

57 Thank You! #NRG_fx

58 Competency Exam Pack Offer
Go to the MPN Booth or Purchase Online by July 29, 2011 Exam Packs can be purchased in the following denominations 3 Pack – 30% discount + Second Shot 5 Pack – 35% discount + Second Shot 8 Pack – 40% discount + Second Shot 20 Pack – 40% discount + Second Shot To purchase, simply stop by the WPC MPN Booth or log on to Note: After July 29th, the Competency Exam Packs will not include a Second Shot (free exam retake). Order today!

59 Your Feedback is Very Important to Us
9/9/ :17 PM Your Feedback is Very Important to Us Submit your Session Evaluation for a chance to Win! Complete a WPC evaluation and you’re automatically entered to win the daily drawing for a luxury vacation AND a chance to win instant prizes! Learn more in the Microsoft Partner Network Booth Luxury Vacation for 2 Windows 7 Phone Online Gift Cards © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

60 9/9/ :17 PM © 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

61 9/9/ :17 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Nigel Gibbons Executive Chairman UniTech tm"

Similar presentations

Name | Title | Microsoft Corporation

Name | Title | Microsoft Corporation
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
Security Controls – What Works

Security Controls – What Works
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
Customers Security in Context Microsoft & Office 365 / Azure Cloud Security Engagement Framework & References Real World application Frameworks.

Customers Security in Context Microsoft & Office 365 / Azure Cloud Security Engagement Framework & References Real World application Frameworks.
Data Center Management Microsoft System Center. Objective: Drive Cost of Data Center Management 78% Maintenance 22% New Issue:Issue: 78% of IT budgets.

Data Center Management Microsoft System Center. Objective: Drive Cost of Data Center Management 78% Maintenance 22% New Issue:Issue: 78% of IT budgets.
Delivering Assured Services John Weigelt National Technology Officer Microsoft Canada.

Delivering Assured Services John Weigelt National Technology Officer Microsoft Canada.
Patrick Ortiz Global SQL Solution Architect Dell Inc. BIN209.

Patrick Ortiz Global SQL Solution Architect Dell Inc. BIN209.
Devices 10 billion Internet- connected devices by 2016 People 1 billion+ people use social media services today Cloud 30 % of data will live in or pass.

Devices 10 billion Internet- connected devices by 2016 People 1 billion+ people use social media services today Cloud 30 % of data will live in or pass.
The time to address enterprise mobility is now

The time to address enterprise mobility is now
Deployment Planning Services

Deployment Planning Services
Opportunities in the Cloud with SharePoint Online

Opportunities in the Cloud with SharePoint Online
Office 365 is cloud-based productivity, hosted by Microsoft.

Office 365 is cloud-based productivity, hosted by Microsoft.
Office 365 FastTrack Planning Engagement Kickoff

Office 365 FastTrack Planning Engagement Kickoff
Secure Hyperconnectivity with TeamViewer and Windows technologies

Secure Hyperconnectivity with TeamViewer and Windows technologies
Enterprise Security in Practice

Enterprise Security in Practice
Deployment Planning Services

Deployment Planning Services
5/29/2018 6:22 AM THR2267 ABN AMRO use case to secure and manage their Azure infrastructure and applications Joël Blaauw – ABN AMRO Security Architect.

5/29/2018 6:22 AM THR2267 ABN AMRO use case to secure and manage their Azure infrastructure and applications Joël Blaauw – ABN AMRO Security Architect.
Understanding EU GDPR from an Office 365 perspective

Understanding EU GDPR from an Office 365 perspective

Similar presentations

Ads by Google