• Like
Risk Management in Microsoft Online Services
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Risk Management in Microsoft Online Services



Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Updated August 10, 2009
    Security in Business Productivity Online Suite
  • 2. Agenda
    What is Business Productivity Online Suite
    Microsoft Online Services Risk Management
    Privacy & Regulatory
    Service Continuity
    Compliance Management
    Customer Benefits
  • 3. Business Productivity Online Suite
    Some existing customers
  • 4. Risk Management Program
    Information Security Policy
    Service Continuity
    Compliance Management
  • 5. Security Program
    A risk-based, multi-dimensional approach to help safeguard services and data
    Security Management
    Security Monitoring & Response, Threat & Vulnerability Management
    Access Control & Monitoring, File/Data Integrity
    Account Management, Training & Awareness, Screening
    Secure Development Lifecycle, Access Control & Monitoring, Anti-Malware
    Access Control & Monitoring, Anti-Malware, Patch & Config Mgmt
    Internal Network
    Dual-factor Authentication, Intrusion Detection, Vulnerability Scanning
    Network perimeter
    Edge Routers, Firewalls, Intrusion Detection, Vulnerability Scanning
    Video Surveillance, biometrics, Access Control
  • 6. Privacy Program
    Designed to establish consistent "high bar" privacy practices that support global standards for data handling and transfer
    Documented & enforced privacy requirements
    • Microsoft Online Services Privacy Statement
    • 7. Microsoft Online Services Privacy and Regulatory Divisional Requirements Specific to Software + Services
    • 8. Corporate-level Privacy Guidelines for Service Development
    Privacy disclosures & transparency
    • Microsoft Online Services Privacy Statement
    • 9. EU Safe Harbor Certification
  • Service Continuity Program
    Business Impact Assessment
    Single point of failure and dependency analysis
    Defined recovery objectives
    Documented recovery plans and procedures
    Recovery exercises
  • 10. Compliance Management
    Rationalize and harmonize requirements
    Microsoft internal
    Corporate (security & privacy policies, etc.)
    Microsoft Online Services (security & privacy policies)
    Trustworthy Computing (SDL, Engineering Excellence, etc.)
    Industry & regulatory
    Industry best practices: ISO/IEC 27001:2005, NIST SP 800-53
    Customer requirements: SOX, HIPAA, FISMA, GLBA, PCI DSS
    Data protection laws
    Remove non-applicable, harmonize redundant, identify conditional
    Common Baseline Requirements
    Conditional Requirements
  • 11. Compliance Monitoring & Assessment
    • Internal monitoring
    • 12. Technical compliance (patch and configuration mgmt, vulnerability scans, penetration tests, etc.)
    • 13. Personnel compliance (training and awareness, screening, etc.)
    • 14. Process compliance (business process evaluation, change control, access management, etc.)
    • 15. Physical security compliance (CCTV monitoring, access control and logging, etc.)
    • 16. Third Party validation
    • 17. Facilities & infrastructure services – ISO cert + SAS 70
    • 18. BPOS Dedicated – ISO aligned + SAS 70
    • 19. BPOS Standard – ISO aligned
  • Commitment in Action
    What we provide
    • Services are designed, engineered and operated with security as core tenet
    • 20. Privacy of customer data is respected
    • 21. Audits demonstrate independent validation
    • 22. Service resiliency and service and data recoverability are fundamental to service operations
    • 23. 99.9% uptime SLA
    Customer benefits
    • Mature and comprehensive security management
    • 24. Service upgrades and security updates
    • 25. Comprehensive security monitoring and response
    • 26. Customer control over customer data
    • 27. Compliance management capabilities available to customers
  • Additional Resources
    Microsoft Online Services: www.microsoft.com/online
    Business Productivity Online Suite
    • 30 day free trial : http://www.microsoft.com/online/products.mspx
    • 28. Technical information on TechNet http://technet.microsoft.com/msonline
    • 29. Service descriptions, developer guide, service level agreement, migration/deployment
    guides and tools and other technical information and blogs
    • Security white paper: http://go.microsoft.com/fwlink/?LinkID=125754&clcid=0x409
    • 30. Privacy policy: http://www.microsoft.com/online/legal/MOS_Privacy_Statement_Full.htm
  • Thank You!