Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control.

Published byAudra Chambers Modified over 8 years ago

Similar presentations

Presentation on theme: "Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control."— Presentation transcript:

1

2

3 Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control SECURITY Design/Operation Infrastructure Network Identity/access Data PRIVACY COMPLIANCE

4 Reduce cost High assurance that your data is safe Meet compliance requirements Central control over all assets Move incrementally to Azure Let your apps reason over data Deploy quickly Scale infinitely Make your data highly available

5

6

7 If we receive a government demand for data held by a business customer, we take steps to redirect the government to the customer directly, and we notify the customer unless we are legally prohibited from doing so. In the first half of 2014, Microsoft only received five requests from law enforcement for five users associated with an enterprise customer. In all five cases, the requests were rejected or law enforcement was successfully redirected to the customer.

8

9 Reduce cost High assurance that your data is safe Meet compliance requirements Central control over all assets Move incrementally to Azure Let your apps reason over data Deploy quickly Scale infinitely Make your data highly available

10 Economies of scale Pay-for-use pricing Azure platform certifications EU Model Clauses, UK G- Cloud, FedRAMP, SOC, ISO27001, PCI DSS, HIPAA Unified identity management Ease to deploy, and to scale Great HYBRID options Huge investment in security Strong built-in security controls Optional security controls for customers Virtually infinite storage

11 Economies of scale Pay-for-use pricing Unified identity management Ease to deploy, and to scale Great HYBRID options Optional security controls for customers Virtually infinite storage Part 1 of this presentation: Built-in controls in Azure Azure platform certifications EU Model Clauses, UK G- Cloud, FedRAMP, SOC, ISO27001, PCI DSS, HIPAA Huge investment in security Strong built-in security controls

12 Economies of scale Pay-for-use pricing Azure platform certifications EU Model Clauses, UK G- Cloud, FedRAMP, SOC, ISO27001, PCI DSS, HIPAA Ease to deploy, and to scale Huge investment in security Strong built-in security controls Virtually infinite storage Part 2 of this presentation: Controls available for Azure customers Unified identity management Great HYBRID options Optional security controls for customers

13

14

15

16 100+ Data Centers Trustworthy Computing Initiative Security Development Lifecycle Global Data Center Services Malware Protection Center Microsoft Security Response Center Windows Update 1 st Microsoft Data Center Active Directory SOC 1 CSA Cloud Controls Matrix PCI DSS Level 1 FedRAMP/ FISMA UK G-Cloud Level 2 ISO/IEC 27001:2005 HIPAA/ HITECH Digital Crimes Unit SOC 2 E.U. Data Protection Directive Operations Security Assurance 19891995200020052010

17 100+ Data Centers Trustworthy Computing Initiative Security Development Lifecycle Global Data Center Services Windows Update 1 st Microsoft Data Center Active Directory SOC 1 CSA Cloud Controls Matrix PCI DSS Level 1 FedRAMP/ FISMA UK G-Cloud Level 2 ISO/IEC 27001:2005 HIPAA/ HITECH Digital Crimes Unit SOC 2 E.U. Data Protection Directive Operations Security Assurance 19891995200020052010 Malware Protection Center Microsoft Security Response Center

18 100+ Data Centers Trustworthy Computing Initiative Security Development Lifecycle Global Data Center Services Malware Protection Center Microsoft Security Response Center Windows Update 1 st Microsoft Data Center Active Directory SOC 1 CSA Cloud Controls Matrix PCI DSS Level 1 FedRAMP/ FISMA UK G-Cloud Level 2 ISO/IEC 27001:2005 HIPAA/ HITECH SOC 2 E.U. Data Protection Directive Operations Security Assurance Digital Crimes Unit 19891995200020052010

19 100+ Data Centers Trustworthy Computing Initiative Security Development Lifecycle Global Data Center Services Malware Protection Center Microsoft Security Response Center Windows Update 1 st Microsoft Data Center Active Directory Digital Crimes Unit SOC 1 CSA Cloud Controls Matrix PCI DSS Level 1 FedRAMP/ FISMA UK G-Cloud Level 2 ISO/IEC 27001:2005 HIPAA/ HITECH SOC 2 E.U. Data Protection Directive 19891995200020052010 Operations Security Assurance

20 DataApplicationNetworkHost Security Identity & Access ManagementPhysical 24x7x365 Incident Response

21 REDUCE SECURITY COSTS + MAINTAIN FLEXIBILITY, ACCESS, & CONTROL CustomerMicrosoft On-PremisesIaaS PaaSSaaS Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime

22 Data location Customer Choice Chooses region where data resides Configures data replication options Microsoft Creates multiple copies of data in the datacenter Geo-replication in a datacenter 400+ miles away Does not transfer Customer Data outside of a geo

23

24 Data Deletion Data retention and destruction Disk Handling Data Retention

25 Protect data in transit Secured by TLS best practices Perfect forward secrecy 2048-bit keys Strong ciphers are used / FIPS 140-2 support Import / Export Service (Physical Media Shipment) Only accepts BitLocker encrypted data disks Datacenter to Datacenter Encrypts customer data transfer between Azure datacenters by EOY Data in transit between a user and the service Protects user from interception of their communication and helps ensure transaction integrity Data in transit between data centers Protects from bulk interception of data

26 Microsoft operator access & logging Operator requests access Grants temporary privilege on specific asset No standing access to Customer Data Grants least privilege required to complete a task Multi-factor authentication required for all administration Locked down admin console used for operator access Access is audited, logged, and analyzed Just in Time & Role Based Access Microsoft Network Azure

27

28

29

30 Economies of scale Pay-for-use pricing Azure platform certifications EU Model Clauses, UK G- Cloud, FedRAMP, SOC, ISO27001, PCI DSS, HIPAA Ease to deploy, and to scale Huge investment in security Strong built-in security controls Virtually infinite storage Part 2 of this presentation: Controls available for Azure customers Unified identity management Great HYBRID options Optional security controls for customers

31 Virtual Machine with custom app Storage …

32

33 ■■■■■■ @microsoft.com

34

35

36

37

38

39 Virtual Machine with custom app StorSimple … Protection elements Access control: No change. StorSimple appliance appears like a NAS (via iSCSI) Encryption: Automatic. StorSimple protects all data that it writes to Azure with AES-256 + SHA-256. Keys stay on-premises. Logs: StorSimple emits audit logs. Availability: Azure takes care of this automatically. Protection elements Access control: No change. StorSimple appliance appears like a NAS (via iSCSI) Encryption: Automatic. StorSimple protects all data that it writes to Azure with AES-256 + SHA-256. Keys stay on-premises. Logs: StorSimple emits audit logs. Availability: Azure takes care of this automatically.

40

41

42 Protection elements Access control: Stays on-premises, no change. Encryption: Use TDE. You have choice of crypto algorithm. Keys stay on-premises, and can be offloaded to HSM of your choice. Logs: SQL Server audit log, no change. Availability: Azure takes care of this automatically. Protection elements Access control: Stays on-premises, no change. Encryption: Use TDE. You have choice of crypto algorithm. Keys stay on-premises, and can be offloaded to HSM of your choice. Logs: SQL Server audit log, no change. Availability: Azure takes care of this automatically.

43

44 Virtual Machine with custom app Storage …

45 Protection elements Access control: No change, same as on-premises SQL server. Encryption: Use TDE. Keep key in Azure or install optional EKM provider to offload to an on-premises HSM. Logs: No change. SQL Server audit log. Availability: Azure takes care of this automatically. Protection elements Access control: No change, same as on-premises SQL server. Encryption: Use TDE. Keep key in Azure or install optional EKM provider to offload to an on-premises HSM. Logs: No change. SQL Server audit log. Availability: Azure takes care of this automatically.

46

47 Azure SQL DB Virtual Machine with custom app Storage … Protection elements Access control: Username/password per server, controlled by Azure subscriber who created server. Encryption: N.A. Logs: Azure SQL DB audit feature, now in preview. Availability: Azure takes care of local redundancy automatically. You can optionally make it geo- redundant. Protection elements Access control: Username/password per server, controlled by Azure subscriber who created server. Encryption: N.A. Logs: Azure SQL DB audit feature, now in preview. Availability: Azure takes care of local redundancy automatically. You can optionally make it geo- redundant.

48

49 Virtual Machine Virtual Machine with custom app Storage … Active Directory Users, machines Key Manager e.g. HSM Protection elements Access control: BitLocker key protector. Encryption: Bitlocker. Multiple “protectors” available to protect key – password, certificate, AD group, … Logs: Windows event log. Availability: VHD is stored in Azure storage, which automatically replicates it. Protection elements Access control: BitLocker key protector. Encryption: Bitlocker. Multiple “protectors” available to protect key – password, certificate, AD group, … Logs: Windows event log. Availability: VHD is stored in Azure storage, which automatically replicates it. Azure storage

50

51 Virtual Machine boot volume encryption and pre-boot authorization Virtual Machines

52

53 Virtual Machine with custom app Storage … Protection elements Access control: Storage access key + custom Encryption: Custom Logs: Azure Storage logs Availability: Azure takes care of this automatically. Protection elements Access control: Storage access key + custom Encryption: Custom Logs: Azure Storage logs Availability: Azure takes care of this automatically. Virtual Machine in Azure

54

55

56 Virtual Machine with custom app Storage … App/device outside your organization

57 Virtual Machine with custom app Storage … Active Directory Users, machines Key Manager e.g. HSM App/device outside your organization

58 Virtual Machine with custom app Storage … Active Directory Users, machines Key Manager e.g. HSM App/device outside your organization

59

60

61

62 www.microsoft.com/learning http://developer.microsoft.com http://microsoft.com/technet http://channel9.msdn.com/Events/TechEd

63

64

65

66

67

Download ppt "Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control."

Similar presentations

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
System Center 2012 R2 Overview

System Center 2012 R2 Overview
Common Question Who can benefit from Cloud? Every enterprise today can benefit from Cloud.

Common Question Who can benefit from Cloud? Every enterprise today can benefit from Cloud.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
DCIM-B221

DCIM-B221
Provide a platform built on security, privacy, and trust Maintain an evergreen service Offer highly configurable and scalable services.

Provide a platform built on security, privacy, and trust Maintain an evergreen service Offer highly configurable and scalable services.
Cloud OS Microsoft’s Vision of the Unified Platform for Modern Business.

Cloud OS Microsoft’s Vision of the Unified Platform for Modern Business.
Dell Compellent and SafeNet KeySecure

Dell Compellent and SafeNet KeySecure
Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.
BRK3490 Cybersecurity concerns persist Global attacks are increasing and costs are rising Cybercrime extracts between 15% and 20% of the value created.

BRK3490 Cybersecurity concerns persist Global attacks are increasing and costs are rising Cybercrime extracts between 15% and 20% of the value created.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.

Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.
Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers Vendors.

Today’s challenges Deliver applications to mobile platforms (BYOD) Respond to dynamic business requirements for IT: Seasonal/temporary workers Vendors.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
4/19/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/19/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control Security Privacy.

60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control Security Privacy.
Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.

Demi Albuz SENIOR PRODUCT MARKETING MANAGER Samim Erdogan PRINCIPAL ENGINEERING MANAGER Thomas Willingham TECHNICAL PRODUCT MANAGER.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Why consider the cloud? Cloud innovation presents challenges for IT.

Why consider the cloud? Cloud innovation presents challenges for IT.
Windows Azure Windows Azure: Security, Privacy, ComplianceTitle: Country Mgrs., Account Mgrs., BG leads, BG execs & speakers Speaker: BDM, ITDMs Audience:

Windows Azure Windows Azure: Security, Privacy, ComplianceTitle: Country Mgrs., Account Mgrs., BG leads, BG execs & speakers Speaker: BDM, ITDMs Audience:

Similar presentations

Ads by Google