Common Question Who can benefit from Cloud? Every enterprise today can benefit from Cloud
Ask Do note that cloud is always moving, please make sure do not read OLD blogs and articles. If we answer a question stating “feature not available today”, revisit the question again in few months and answer could be different.
Unspoken Concern Will public cloud platform make my administrators lose their job? In long run your administrators role will change. They will manage less infrastructure and be a Strategic Technology Architect managing more cloud contracts.
Availability Question? Will cloud datacenter be up? Public cloud provider datacenter will be at least as good as your own datacenter. You should look at your provider promised SLA and historical SLA.
Security Question? Can public cloud platform keep my data safe? a)You must identify a provider who made public cloud strategic to their company as its main business income. b)You must learn to trust your provider c)You are also responsible for your data
Social media giants Facebook, LinkedIn, among others, get hacked… repeatedly.
Service-level security capabilities
Physical Security Network Host Application Admin Dat a
Engineers must have current background check, fingerprinting, security training. System grants least privilege required to complete task.
Content DB ABC D E Key Store ABCD A B C D E
Customer security controls
Browser
Exchange server Data disk Exchange server Data disk Message Delivery RMS, S/MIME protected
Secondary mailbox with separate quota Managed through EAC or PowerShell Available on-premises, online, or through EOA Automated and time-based criteria Set policies at item or folder level Expiration date shown in message Capture deleted and edited messages Time-based in-place hold Granular query-based in-place hold Optional notification Web-based eDiscovery center and multi-mailbox search Search primary, in-place archive, and recoverable items Delegate through roles- based administration De-duplication after discovery Auditing to ensure controls are met
What does compliance mean to customers? What standards do we meet? What is regulatory compliance and organizational
ISO SOC
Article 29 Working Party – collection of data protection authorities in Europe regulating world’s toughest privacy laws Validation by EU Data Protection Authorities for Microsoft’s commercial commitments for DPA/EU Model clauses (covering Office 365, Azure, CRM Online, and Intune) Microsoft is the only provider to have received this validation Standard part of contracts as of July 1st
Microsoft Security Engineering Center - Security Development Lifecycle (SDL) Exchange Hosted Services (part of Office 365) Hotmail SSAE-16 U.S.-EU Safe Harbor European Union Model Clauses (EUMC) Health Insurance Portability and Accountability Act Business Associate Agreement (HIPAA BAA) Data Processing Agreement (DPA) Active Directory Microsoft Security Response Center (MSRC) Global Foundation Services (GFS) ISO Certification Microsoft Security Essentials 1 st Microsoft Data Center Trustworthy Computing Initiative (TwC) Microsoft experience and credentials Xbox Live MSN Bill Gates Memo Windows Azure FISMA Windows Update Malware Protection Center SAS-70 Microsoft Online Services (MOS) One of the world’s largest cloud providers & datacenter/network operators CJIS Security Policy Agreement Bing/MSN Search Outlook.com