Download presentation
Presentation is loading. Please wait.
Published byAdam Webb Modified over 9 years ago
2
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+ active users (1997) 550M users/ mth (1998) x100M users Largest non-TCP/IP cloud service (1999) 320M+ active users Windows Live Messenger (1999) 2 Billion queries/mth (2001) 20M+ active users (2003) 5 Billion conf mins/yr (2004) 2 Billion emails/day Web Applications (2010) 400M+ consumers at release Microsoft Is a LEADER In The Cloud
3
HIGHLY SECURED DATA CENTERS Enterprise class reliability and security …delivering highly secure, private, and reliable experiences based on sound business practices Key Features Geo-redundant datacenters N+1 Architecture 9 Layer Data Security… CyberTrust Certified Secure access via SSL ITIL/MOF Operational Practices 24 x 7 x 365 Support 99.9% Uptime Financially- backed SLA Filtering Routers Firewalls Intrusion Detection Systems System Level Security Application Authentication Application Level Counter- measures Virus Scanning Separate Data Networks Authentication to Data US data location guaranteed today across all enterprise services FISMA, SAS 70, ISO certification across all facilities and services ISO2700 1 (strategic) ISO2700 1 (strategic) SA S70 (audit ) SA S70 (audit ) FISM A (tactical ) FISM A (tactical )
4
Global Foundation Services 4 Physical infrastructure Logical Infrastructure Physical infrastructure Logical Infrastructure Compute runtimes Identity and directory stores Compute runtimes Identity and directory stores Cloud Platform Services And others Cloud Infrastructure Consumer and Small Business Services Enterprise Services Third-Party Hosted Services
5
5 Build software and services to better help protect Microsoft customers and the industry; ensure information and data are safe and confidential. Privacy Develop online services with the privacy of customers in mind. No matter where our customers live or work, Microsoft strives to help them protect their privacy. Reliability Make dependable software and continue to improve the reliability of technologies, products, and support processes with a continuing focus on the customer’s experience. Ensure integrity and transparency in all business practices, and maintain the highest standards in business conduct. Security
6
6 Response to Cloud Security Challenges
7
7 International Organization for Standardization / International Electrotechnical Commission 27001:2005 Certified
8
8
9
9
10
10 Security Incident ResponseGlobal Criminal Compliance Responds to suspected security incidents 24 hours a day Supports worldwide investigations by law enforcement into criminal activity involving Microsoft online services, including emergency situations when appropriate Response process: Preparation Identification Containment Mitigation Recovery Lessons Learned Response process: Begins with validated legal request Is based on country of origin Includes guidance for law enforcement
11
11 PhysicalNetworkHost Security Identity and Access Managemen t DataApplicatio n
12
12 TrainingDesignVerificationReleaseResponse ImplementationRequirements
13
13
14
ISO/IEC 27001:2005 certification Statement of Auditing Standard 70 Type I and Type II attestations ISO/IEC 27001:2005 certification Statement of Auditing Standard 70 Type I and Type II attestations Certification and Attestations 14 Payment Card Industry Data Security Standard Health Insurance Portability and Accountability Act Payment Card Industry Data Security Standard Health Insurance Portability and Accountability Act Industry Standards and Regulations Media Ratings Council Sarbanes-Oxley, etc. Identify and integrate: –Regulatory requirements –Customer requirements Assess and remediate: –Eliminate or mitigate gaps in control design Identify and integrate: –Regulatory requirements –Customer requirements Assess and remediate: –Eliminate or mitigate gaps in control design Controls Framework Test effectiveness and assess risk Attain certifications and attestations Improve and optimize: –Examine root cause of non- compliance –Track until fully remediated Test effectiveness and assess risk Attain certifications and attestations Improve and optimize: –Examine root cause of non- compliance –Track until fully remediated Predictable Audit Schedule
15
15 Strategic Information Security Program Based on industry best practices to enable rapid adaption to cloud infrastructure changes Certification Framework Streamlines certification process for product and service delivery teams Trusted Brand Established through meeting business obligations along with legal and commercial expectations Confidence Born from years of experience managing security risks in traditional development and operating environments
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.