The trust questions… Is cloud computing secure? Are Microsoft Online Services secure? Security Where is my data? Who has access to my data ? Transparency.

Slides:



Advertisements
Similar presentations
All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
Advertisements

CSC 101 Fall 2012 Felicia Furino December 13, 2012.
Office 365 for Enterprises ITExpo February 2, 2012.
/Calendar Collaboration Document Management Messaging Web Conferencing Best experience across devices.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Common Question Who can benefit from Cloud? Every enterprise today can benefit from Cloud.
How do I handle major objections to Office 365?
Provide a platform built on security, privacy, and trust Maintain an evergreen service Offer highly configurable and scalable services.
Social Mobility Big data Cloud Social connections, mobility, cloud delivery and pervasive information are converging in a powerful way. This convergence.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works
Information Security Policies and Standards
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Why Microsoft makes the cloud shine Nigel Watson, Platform Strategy Advisor.
Internet Protocol Security (IPSec)
Stephen S. Yau CSE , Fall Security Strategies.
Payment Card Industry (PCI) Data Security Standard
Video gallery HD video or high resolution photos of attendees H.264 SVC support Personalized collaboration experiences Intuitive controls Consistent.
Network security policy: best practices
OSP214. SECURITY PRIVACY RELIABILITY & SERVICE CONTINUITY COMPLIANCE.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
© 2010 RightNow Technologies, Inc. ASU – CABIT – Privacy Day Privacy in the Cloud Ben Nelson CISO, RightNow Technologies.
Beyond just & storage and simple document editing.
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
SEC835 Database and Web application security Information Security Architecture.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
SIM 302. Unprepared UninformedUnaware Untrained Unused.
SECURITY Is cloud computing secure? Are Microsoft Online Services secure? Is cloud computing secure? Are Microsoft Online Services secure? PRIVACY What.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Security Best-in-class security with over a decade of experience building Enterprise software & Online services Physical and data security with access.
Grid-based Future Internet with Wireless sensor network By Mohammad Mehedi Hassan Student ID:
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Introducing Microsoft Azure Government Steve Read Barbara Brucker.
2  Supervisor : MENG Sreymom  SNA 2012_Group4  Group Member  CHAN SaratYUN Sinot  PRING SithaPOV Sopheap  CHUT MattaTHAN Vibol  LON SichoeumBEN.
Copyright © 2007 Pearson Education, Inc. Slide 3-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Third Edition.
Customers Security in Context Microsoft & Office 365 / Azure Cloud Security Engagement Framework & References Real World application Frameworks.
Scott Teeters, Jr. MicroSolved, Inc. in partnership with Sogeti USA How to Fail A Penetration Test Concepts in Securing a Network.
Technology for Social Justice Enhancing community sector service delivery Stefanie Kechayas – Senior Consultant 17 November 2015 SharePoint Connect and.
© Goulston & Storrs All rights reserved. MA Export Center Export Expo: Strategic Planning for Export Compliance Operations December 9, 2014 Kerry.
James Lewis and Simon Waight Office 365 security: everywhere you need it to be PRD33 1.
MICROSOFT TESTS /291/293 Fairfax County Adult Education Courses 1477/1478/1479.
IS3220 Information Technology Infrastructure Security
Securing Access to Data Using IPsec Josh Jones Cosc352.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Windows Vista Configuration MCTS : Advanced Networking.
Trusting Office 365 Privacy Transparency Compliance Security.
Private KEEP OFF! Private KEEP OFF! Open! What is a cloud? Cloud computing is a model for enabling convenient, on-demand network access to a shared.
Clouding with Microsoft Azure
Dr. Ir. Yeffry Handoko Putra
Cybersecurity - What’s Next? June 2017
Microsoft 365 Get help with regulatory compliance
9/4/2018 6:45 PM Secure your Office 365 environment with best practices recommended for political campaigns Ethan Chumley Campaign Technology Advisor Civic.
CLM USE GUIDE FOR MICROSOFT TRUSTED CLOUD
Threat Management Gateway
How do I handle major objections to Office 365?
Microsoft Office 365 Security, Privacy, and Trust
IS4550 Security Policies and Implementation
Skyhigh Enables Enterprises to Use Productivity Tools of Microsoft Office 365 While Meeting Their Security, Compliance & Governance Requirements Partner.
SMB practice development: Security play
Securing the Internet of Things: Key Insights and Best Practices Across the Industry Theresa Bui Revon IoT Cloud Strategy.
Tap into a new market with Office 365 Government
SMB practice development: Security play
 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:
Using the Cloud App Marketplace Monitoring cloud app migrations
EDUCAUSE Security Professionals Conference 2018 Jason Pufahl, CISO
Compliance in the Cloud
AT&T Firewall Battlecard
Cloud Computing for Wireless Networks
Presentation transcript:

The trust questions… Is cloud computing secure? Are Microsoft Online Services secure? Security Where is my data? Who has access to my data ? Transparency What does privacy at Microsoft mean? Are you using my data to build advertising products? Privacy What certifications and capabilities does Microsoft hold? How does Microsoft support customer compliance needs? Do I have the right to audit Microsoft? Compliance

Choices to keep Office 365 Customer Data separate from consumer services. Office 365 Customer Data belongs to the customer. Customers can export their data at any time. At Microsoft, our strategy is to consistently set a high bar around privacy practices that support global standards for data handling and transfer Privacy at Office 365 No Mingling Data Portability No advertising products out of Customer Data. No scanning of or documents to build analytics or mine data. No Advertising

Transparency Microsoft notifies you of changes in data center locations. Core Customer Data accessed only for troubleshooting and malware prevention purposes Core Customer Data access limited to key personnel on an exception basis. How to get notified? Who accesses and What is accessed? Clear Data Maps and Geographic boundary information provided Ship To address determines Data Center Location Where is Data Stored? At Microsoft, our strategy is to consistently set a high bar around privacy practices that support global standards for data handling and transfer

Service Security – Defense in Depth A risk-based, multi-dimensional approach to safeguarding services and data Network perimeter Internal network Host Application Data User Facility Threat and vulnerability management, monitoring, and response Edge routers, intrusion detection, vulnerability scanning Dual-factor authentication, intrusion detection, vulnerability scanning Access control and monitoring, anti-malware, patch and configuration management Secure engineering (SDL), access control and monitoring, anti- malware Access control and monitoring, file/data integrity Account management, training and awareness, screening Physical controls, video surveillance, access control

Compliance update ISO 27001All customersAvailable EU Safe HarborEU customersAvailable SSAE 16 (Statement on standards for Attestation Engagement) SOC 1 (Type I & Type II) compliance Primarily US customersAvailable FISMAUS GovernmentAvailable HIPAA/BAAAll CustomersAvailable EU Model ClausesEU CustomersAvailable Data Processing AgreementAll CustomersAvailable FERPAEDU CustomersAvailable Compliance with key standards

Office 365 for Government

Why a US Government community cloud? Given the strong sense of affinity and community within many government agencies, there has been a strong demand for a cloud made specifically for the government

In response to this demand, Microsoft has added Office 365 for Government to the portfolio of our Cloud offerings Why a US Government community cloud?

Office 365 For Government will be built to the same Enterprise security standards that the Office 365 For Enterprise offering has today Why a US Government community cloud?

Microsoft offering for all world wide customers US Government data stored in US data centers FISMA ATO with 1 agency & submitted for ATO with several agencies Microsoft background investigations Microsoft offering for qualifying US Govt. customers US Govt. tenants segregated from Enterprise cloud tenants Based on NIST definition of community cloud FISMA package to be submitted for ATO with first customer Public Trust Moderate Background Investigations Dedicated infrastructure for each customer Microsoft background investigations Dedicated infrastructure for each qualifying customer Isolated & separate from Dedicated Public Cloud in caged env. FISMA-Moderate ATO from USDA Support for customers complying with ITAR regulatory controls Public Trust High Background Investigations GCC: Integral part of Microsoft cloud vision

Availability Tenant Community Customer Data Location At Rest ITAR Regulatory Support Position Of Public Trust FISMA Package FISMA ATO Multi-Tenant Public Cloud AnyonePublic communityRegionally LocatedNo Microsoft Background Check FISMA ModerateYes GCC US Govt. entities with *.GOV or *.MIL domain extensions US Govt. Community US Located & Community Segregated NoModerateFISMA Moderate Security package ready for customer review ITAR US Govt. entities & qualifying commercial entities Individual customer US Located & Customer Segregated YesHighFISMA ModerateYes 1 Details of FISMA Moderate package will vary by environment. 2 The FISMA package includes a list of control implementations, operational procedures and testing that shows how the service complies with NIST requirements. The FISMA ATO (Authority To Operate) indicates that a Federal entity has reviewed and approved the FISMA Package. 12 What you will find in each cloud?

Core Customer data is segregated Exchange – Separate Forest SharePoint – Separate Farm Core Customer Data refers to data generated by the customer in the course of their business and provided to O365 teams to hold in the course of providing services, defined as Core Customer Data in the O365 Asset Classification* policy. Core Customer Data is located in US Soil Other data classes are handled according to existing O365 MT standards as described in the Trust Center. (E.G. existing regional controls for PII.) Core Customer Data body SharePoint files body SharePoint site content Blob or structured storage data Data segregation

1.What is IPv6 (Internet Protocol version 6) is a version of the Internet Protocol intended to succeed IPV4, which is the protocol currently used to direct almost all Internet traffic Data Transfer in Internet happens via packets that are routed across networks by routing protocols. Packets require an addressing scheme (IPv4/IPv6), to specify source & destination addresses. Each host, computer or other device on the Internet requires an IP address in order to communicate. 2.Depletion of IPV4 Addresses: Last block of ipv4 addresses was assigned in February Perception: Office 365 needs to be seen as supporting ipv6. This perception decides RFP wins. Below objections to ipv6 may dont matter. There may be unused ipv4 blocks that can be re-released. Current ipv4 addresses should be enough. No one really uses ipv6. 3.Industry Trend: Industry Trend IPv6 solves the problem of IPv4 address depletion by offering a virtually limitless pool of IP addresses that can be used by computers, smartphones, home appliances, gaming devices and all sorts of sensors and actuators that have yet to be invented. 4.Primary reason to use ipv6: IPv4 uses 32-bit addresses and can support 4.3 billion devices connected directly to the Internet. IPv6, on the other hand, uses 128-bit addresses and supports 2 to the 128th power devices (greater than billion devices per human being on planet). What is the next big Government initiative? IPv6

Office 365 Trust Center Clear messaging with plain English Details for security experts Links videos, whitepapers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.