Presentation is loading. Please wait.

Presentation is loading. Please wait.

12,000 anonymized surveyed results Worldwide user base Cloud Security Readiness Tool Security trends report:

Published byDiana Ray Modified over 8 years ago

Similar presentations

Presentation on theme: "12,000 anonymized surveyed results Worldwide user base Cloud Security Readiness Tool Security trends report:"— Presentation transcript:

1

2

3

4

5 12,000 anonymized surveyed results Worldwide user base Cloud Security Readiness Tool Security trends report:

6 38% of surveyed financial organizations do not have budgeted disaster recovery plans 37% of surveyed financial organizations do not use standardized data classification 23% of surveyed financial organizations have adequate policies and practices for secure data disposal Security trends for Banking:

7 51% of surveyed healthcare organizations conduct system-wide data backups that are tested regularly 31% of surveyed healthcare organizations have a disaster recovery program 23% of surveyed healthcare organizations cannot prevent a power outage from affecting their organization Security trends for Healthcare:

8 45% of surveyed public sector organizations do not use standardized data classification 40% of surveyed public sector organizations still use paper nondisclosure agreements (NDAs) and use them inconsistently 33% of surveyed public sector organizations do not have uniformly enforced security policies Security trends for Government:

9 72% of surveyed retail organizations do not have budgeted disaster recovery plans 51% of surveyed retail organizations do not have a plan for responding to security breaches 31% of surveyed retail organizations do not use role-based access control Security trends for Retail:

10 Security Privacy Reliability 94% experienced security benefits in the cloud that they didn’t previously have on premise 62% said that their levels of privacy protection increased as a result of moving to the cloud 75% said they experienced improved service availability since moving to the cloud Key Findings: Benefits for SMBs that use the cloud

11 70% Reinvested money saved with cloud in other areas of their business 50% Have pursued new opportunities because of the time they saved managing security USA Summary Key Findings: Reinvesting savings from the cloud

12

13 Problems you face Can you improve your people, processes, and technologies? What are your current IT capabilities? Can cloud reduce your risks while reducing cost?

14 Risks and rewards the cloud BENEFITS privacy security reliability scalability increased agility flexibility Reduced costs CONCERNS

15 Provider is your partner Risks a CSP can help reduce Risks a customers must manage Data ClassificationEnd point devices PhysicalNetworking Shared risks Identity and Access Management

16 SDL and ISO/IEC 27034-1 1. Core Security Training 2. Establish Security and Privacy Requirements 3. Create Quality Gates/ Bug Bars 5. Establish Design Requirements 6. Perform Attack Surface Analysis/ Reduction 8. Use Approved Tools 9. Deprecate Unsafe Functions 11. Perform Dynamic Analysis 12. Perform Fuzz Testing 14. Create an Incident Response Plan 15. Certify Release and Archive 17. Execute Incident Response Plan 4. Perform Security and Privacy Risk Assessments 7. Use Threat Modeling 10. Perform Static Analysis 13. Conduct Attack Surface Review 16. Certify Release and Archive TrainingRequirementsDesignImplementationVerificationReleaseResponse ISO/IEC 27034-1 : 2011 “Annex A” provides example alignment of an existing process based on Microsoft Simplified SDL to the framework and structures of ISO 27034. PreparationDevelopment Transition Utilization

17 Allows organizations to categorize their stored data by sensitivity and business impact Helps optimize data management for cloud adoption Why Data Classification Sensitivity Terminology model 1 Terminology model 2 HighConfidentialRestricted MediumFor internal use onlySensitive LowPublicUnrestricted

18 Solution for sensitive data

19 Global not-for-profit organization Provider, and User Certification Accepted global authority for trust in the cloud Cloud Security Alliance (CSA)

20 Control Areas security policies and procedures? security policies review process? security program is updated? personnel background checks? (NDA) requirements? physical access by role? security policies and procedures? employee change/termination process? physical security access method? equipment support contracts? data classification efforts? Who grants access to data? data retention and recovery program? destroys data? security policies and procedures? staging to production requirements? application testing using customer data? asset inventory program? conducts risk assessments? responds to an incident ? disaster recovery plan? capacity planning efforts? selects its data center location(s)? redundancy if utility service outages should occur? patch management processes? antivirus efforts? firewalls to protect data? time setting policies?

21 Cloud Security Readiness Tool Where are we? Where will we be?

22

23 Cyber - Security Building a Trustworthy cloud Transparency Operation Security Assurance Privacy Compliance Secure Development Lifecycle Privacy by Design

24 Microsoft Security Intelligence Report (SIR) www.microsoft.com/sir Promoting Understanding of Today’s Threats

25 The Microsoft Security Development Lifecycle Verification Secure Design Secure Impleme ntation Final Security Review Incident Response (MSRC) Release Start Goals Protect Microsoft customers by Reducing the number of vulnerabilities Reducing the severity of vulnerabilities Key Principles Secure by design Eliminate security problems early Prescriptive yet practical approach Proactive – not just “looking for bugs”

26 Operational Security Assurance (OSA) Complements industry standards Builds upon Microsoft experience with operating cloud services at scale Proven, scalable methodology Internet-based threatsContinuously updated http://aka.ms/OSA

27 Complementary Model

28 OSA Methodology

29 International Organization for Standardization (ISO) 27001 Cloud Security Alliance Cloud Control Matrix (CCM) European Union Data Privacy Family Educational Rights and Privacy Act (FERPA)The Gramm-Leach-Bliley Act (GLBA) UK Government accreditation for Impact Level (IL) 2 data Health Insurance Portability and Accountability Act (HIPAA) Business Associate Agreement (BAA)Federal Risk and Authorization Management Program (FedRAMP)Service Organization Control SOC 2European Union (EU) Model Clauses Federal Information Security Management Act (FISMA) Authorization to Operate (ATO) Microsoft Certifications & Attestations

30 CSA Security, Trust & Assurance Registry Cloud Security Alliance (CSA) The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider. Microsoft’s Standard Responses for STAR Specific details about Office 365, Windows Azure and Dynamics CRM controls are mapped to the CCM. Available on Microsoft trust centers.

31 Worldwide Public Sector Digital Crimes Unit Microsoft’s Commitment Microsoft IT Microsoft Services Criminal Law Enforcement, Government, Industry Solutions, Initiatives, Innovations Policy, Innovation, Consulting Response, Support, Risk Assessment, Cyber Security Services Trustworthy Computing Security, Reliability, Privacy Secure Development & Secure Operations TwC Network Security Microsoft Security Response Center Global Security Strategy & Diplomacy Product Life Cycle Release Conception Ecosystem & Policy Innovation InternalExternal Fundamentals Innovation Partnerships Security Development Lifecycle (SDL) Operational Security Assurance (OSA) Investigate and respond to all security concerns that affect Microsoft products and services. Identity & Access Management solutions Protect against the latest malware threats Business and IT Risk Management Remote Security Incident Reporting Policy & Advocacy Fight IP Crimes, Fraud, and Child Exploitation Provide early access to intel for security partners Advisory Services and Risk Assessments

32

33 www.microsoft.com/learning http://microsoft.com/msdn http://microsoft.com/technet http://channel9.msdn.com/Events/TechEd

34

35

36

Download ppt "12,000 anonymized surveyed results Worldwide user base Cloud Security Readiness Tool Security trends report:"

Similar presentations

Common Question Who can benefit from Cloud? Every enterprise today can benefit from Cloud.

Common Question Who can benefit from Cloud? Every enterprise today can benefit from Cloud.
Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.

Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
DCIM-B221

DCIM-B221
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Information Security Governance

Information Security Governance
Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.
Security Controls – What Works

Security Controls – What Works
© BT PLC 2005 ‘Risk-based’ Approach to Managing Infrastructure a ‘Commercial Prospective’ Malcolm Page BT UK AFCEA Lisbon 2005.

© BT PLC 2005 ‘Risk-based’ Approach to Managing Infrastructure a ‘Commercial Prospective’ Malcolm Page BT UK AFCEA Lisbon 2005.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control.

Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Software Asset Management

Software Asset Management
60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control Security Privacy.

60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control Security Privacy.
Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.

Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.
Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.

Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.
Microsoft Internet Safety Enforcement: A worldwide team of lawyers, investigators, technical analysts and other specialists whose mission it is to make.

Microsoft Internet Safety Enforcement: A worldwide team of lawyers, investigators, technical analysts and other specialists whose mission it is to make.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Similar presentations

Ads by Google