Presentation on theme: "The trust questions… Is cloud computing secure? Are Microsoft Online Services secure? Security Where is my data? Who has access to my data ? Transparency."— Presentation transcript:
The trust questions… Is cloud computing secure? Are Microsoft Online Services secure? Security Where is my data? Who has access to my data ? Transparency What does privacy at Microsoft mean? Are you using my data to build advertising products? Privacy What certifications and capabilities does Microsoft hold? How does Microsoft support customer compliance needs? Do I have the right to audit Microsoft? Compliance
Choices to keep Office 365 Customer Data separate from consumer services. Office 365 Customer Data belongs to the customer. Customers can export their data at any time. At Microsoft, our strategy is to consistently set a high bar around privacy practices that support global standards for data handling and transfer Privacy at Office 365 No Mingling Data Portability No advertising products out of Customer Data. No scanning of email or documents to build analytics or mine data. No Advertising
Transparency Microsoft notifies you of changes in data center locations. Core Customer Data accessed only for troubleshooting and malware prevention purposes Core Customer Data access limited to key personnel on an exception basis. How to get notified? Who accesses and What is accessed? Clear Data Maps and Geographic boundary information provided Ship To address determines Data Center Location Where is Data Stored? At Microsoft, our strategy is to consistently set a high bar around privacy practices that support global standards for data handling and transfer
Service Security – Defense in Depth A risk-based, multi-dimensional approach to safeguarding services and data Network perimeter Internal network Host Application Data User Facility Threat and vulnerability management, monitoring, and response Edge routers, intrusion detection, vulnerability scanning Dual-factor authentication, intrusion detection, vulnerability scanning Access control and monitoring, anti-malware, patch and configuration management Secure engineering (SDL), access control and monitoring, anti- malware Access control and monitoring, file/data integrity Account management, training and awareness, screening Physical controls, video surveillance, access control
Compliance update ISO 27001All customersAvailable EU Safe HarborEU customersAvailable SSAE 16 (Statement on standards for Attestation Engagement) SOC 1 (Type I & Type II) compliance Primarily US customersAvailable FISMAUS GovernmentAvailable HIPAA/BAAAll CustomersAvailable EU Model ClausesEU CustomersAvailable Data Processing AgreementAll CustomersAvailable FERPAEDU CustomersAvailable Compliance with key standards
Why a US Government community cloud? Given the strong sense of affinity and community within many government agencies, there has been a strong demand for a cloud made specifically for the government
In response to this demand, Microsoft has added Office 365 for Government to the portfolio of our Cloud offerings Why a US Government community cloud?
Office 365 For Government will be built to the same Enterprise security standards that the Office 365 For Enterprise offering has today Why a US Government community cloud?
Microsoft offering for all world wide customers US Government data stored in US data centers FISMA ATO with 1 agency & submitted for ATO with several agencies Microsoft background investigations Microsoft offering for qualifying US Govt. customers US Govt. tenants segregated from Enterprise cloud tenants Based on NIST definition of community cloud FISMA package to be submitted for ATO with first customer Public Trust Moderate Background Investigations Dedicated infrastructure for each customer Microsoft background investigations Dedicated infrastructure for each qualifying customer Isolated & separate from Dedicated Public Cloud in caged env. FISMA-Moderate ATO from USDA Support for customers complying with ITAR regulatory controls Public Trust High Background Investigations GCC: Integral part of Microsoft cloud vision
Availability Tenant Community Customer Data Location At Rest ITAR Regulatory Support Position Of Public Trust FISMA Package FISMA ATO Multi-Tenant Public Cloud AnyonePublic communityRegionally LocatedNo Microsoft Background Check FISMA ModerateYes GCC US Govt. entities with *.GOV or *.MIL domain extensions US Govt. Community US Located & Community Segregated NoModerateFISMA Moderate Security package ready for customer review ITAR US Govt. entities & qualifying commercial entities Individual customer US Located & Customer Segregated YesHighFISMA ModerateYes 1 Details of FISMA Moderate package will vary by environment. 2 The FISMA package includes a list of control implementations, operational procedures and testing that shows how the service complies with NIST requirements. The FISMA ATO (Authority To Operate) indicates that a Federal entity has reviewed and approved the FISMA Package. 12 What you will find in each cloud?
Core Customer data is segregated Exchange – Separate Forest SharePoint – Separate Farm Core Customer Data refers to data generated by the customer in the course of their business and provided to O365 teams to hold in the course of providing services, defined as Core Customer Data in the O365 Asset Classification* policy. Core Customer Data is located in US Soil Other data classes are handled according to existing O365 MT standards as described in the Trust Center. (E.G. existing regional controls for PII.) Core Customer Data Email body SharePoint files body SharePoint site content Blob or structured storage data Data segregation
1.What is IPv6 (Internet Protocol version 6) is a version of the Internet Protocol intended to succeed IPV4, which is the protocol currently used to direct almost all Internet traffic Data Transfer in Internet happens via packets that are routed across networks by routing protocols. Packets require an addressing scheme (IPv4/IPv6), to specify source & destination addresses. Each host, computer or other device on the Internet requires an IP address in order to communicate. 2.Depletion of IPV4 Addresses: Last block of ipv4 addresses was assigned in February 2011. Perception: Office 365 needs to be seen as supporting ipv6. This perception decides RFP wins. Below objections to ipv6 may dont matter. There may be unused ipv4 blocks that can be re-released. Current ipv4 addresses should be enough. No one really uses ipv6. 3.Industry Trend: Industry Trend IPv6 solves the problem of IPv4 address depletion by offering a virtually limitless pool of IP addresses that can be used by computers, smartphones, home appliances, gaming devices and all sorts of sensors and actuators that have yet to be invented. 4.Primary reason to use ipv6: IPv4 uses 32-bit addresses and can support 4.3 billion devices connected directly to the Internet. IPv6, on the other hand, uses 128-bit addresses and supports 2 to the 128th power devices (greater than billion devices per human being on planet). What is the next big Government initiative? IPv6
Office 365 Trust Center Clear messaging with plain English Details for security experts Links videos, whitepapers http://trust.office365.com