SlideShare a Scribd company logo

Martin Vliem (Microsoft): Met vertrouwen naar de cloud

Content Guru Benelux
Content Guru Benelux

De waarde en toepassingen van Cloud groeien, vertrouwen blijft uitdagend. De dialoog tussen organisaties en Cloud-leverancier(s) rondom security, privacy en rechtmatigheid is daarin fundamenteel. In deze presentatie gaan we in op een aantal veel voorkomende zorgen rondom de inzet van Cloud. Tevens beschrijven we een praktisch waarborgenmodel, dat kan dienen als kader bij de evaluatie van Cloud-diensten en daarmee het vertrouwen in de Cloud kan helpen verhogen. Heeft u zelf vragen? Stel ze gerust en ga de dialoog aan; Cloud is uiteindelijk een partnerschap!

Technology
1 of 22
Download to read offline
Trust < Cloud < Trust Martin Vliem National Security Officer CCSP, CISSP, CISA martin.vliem@microsoft.com https://www.linkedin.com/in/mvliem
"The Americans have need of the telephone, but we do not. We have plenty of messenger boys." 1878, Sir William Preece Chief Engineer, British Post Office "There is no reason anyone would want a computer in their home." 1977, Ken Olson President, chairman and founder of Digital Equipment Corp. "A rocket will never be able to leave the Earth's atmosphere." 1936, New York Times "By the turn of the century, we will live in a paperless society." 1986, Roger Smith Chairman of General Motors "Nuclear-powered vacuum cleaners will probably be a reality in 10 years.“ 1955, Alex Lewyt President of vacuum cleaner company Lewyt Corp. "X-rays will prove to be a hoax.“ 1883, Lord Kelvin President of the Royal Society "When the Paris Exhibition [of 1878] closes, electric light will close with it and no more will be heard of it.“ 1878, Erasmus Wilson Oxford professor "Rail travel at high speed is not possible because passengers, unable to breathe, would die of asphyxia.“ Dr Dionysys Larder (1793-1859) Professor of Natural Philosophy and Astronomy, University College London. Digital Transformation expectations?
Digital Transformation incoming traffic AMS-IX 1.088.442 TB Mei 2017 690 TB Juli 2001 Third parties are allowed to use the AMS-IX statistics that are published on the website. Upon doing so, please make sure to mention that AMS-IX holds copyright on this information and to accompany the figures with a link directing to the figures on our website. https://ams-ix.net/technical/statistics/historical-traffic-data
Digital Transformation Supported through technology & cloud
Trust concerns Can I control my data? Is my data secured? What happens with my data? Am I compliant? Will my data remain available? Satya Nadella CEO Microsoft
6 Fear is a poor advisor Dutch expression
Zipf’s law Rel. Frequency Order1st 2nd 3rd …
Agility Cost Transformation Modernization Data loss Down time Privacy Malware attacks Information security & risk management guidelines • Frameworks & standards & baselines (ISO 27002, NIST 800-53r4, CSA CCM) • Risk templates (ISO27001, NIST 800- 37, NIST CSF) Opportunity versus risk
1. Data Breaches 2. Weak Identity, Credential and Access Mgmt 3. Insecure APIs 4. System and Application Vulnerabilities 5. Account Hijacking 6. Malicious Insiders 7. Advanced Persistent Threats (APTs) 8. Data Loss 9. Insufficient Due Diligence 10. Abuse and Nefarious Use of Cloud Services 11. Denial of Service 12. Shared Technology Issues Notorious nine 2013 1. Data breaches 2. Data loss 3. Account or service traffic hijacking 4. Insecure interfaces and APIs 5. Denial of service 6. Malicious insiders 7. Abuse of cloud services 8. Insufficient due diligence 9. Shared technology vulnerabilities https://cloudsecurityalliance.org/download/the-treacherous-twelve-cloud-computing-top-threats-in-2016/ The CSA Treacherous 12 Top Cloud threats 2016
Cloud Services Due Diligence checklist based on ISO19086
CLOUD CONSUMER (controller) Information security, privacy, compliance, legal, policy requirements 1 Demonstrate compliance / control risk6 ADDITIONAL CONTROLS & PROCESSES Evaluates claims and add additional controls5 CLOUD PROVIDER CLAIMS RISKS GOVERNANCE, RISK & COMPLIANCE Continuous assessment cycle2 MITIGATING CONTROLS Cloud assurance CLOUD PROVIDER (processor) MITIGATING CONTROLS Customer requests assurances from Cloud vendor 3 Cloud provider provides assurance4 CONTRACTING INDEPENDENTLY VERIFIED DESCRIPTIVE INFORMATION INTERACTIVE INFORMATION & CONTROLS OPTIONAL CONTROLS & SERVICES CUSTOMER OR EMPLOYEE OF CLOUD CONSUMER AS DATA SUBJECT
Data governance & rights management Responsibility SaaS PaaS IaaS On-prem Client endpoints Account & access management Identity & directory infrastructure Application Network controls Operating system Physical network Physical datacenter CustomerMicrosoft Physical hosts ALWAYS RETAINED BY CUSTOMER VARIES BY SERVICE TYPE TRANSFERS TO CLOUD PROVIDER Cloud service provider responsibility Tenant responsibility A Partnership
EMPOWERING YOU - Customer Security Considerations - SECURING THE PLATFORM - Service Integrated Controls- A TRUST DIALOGUE
Transparency
Threats prevented by a cloud platform
EMPOWERING YOU - Customer Security Considerations - SECURING THE PLATFORM - Service Integrated Controls- A TRUST DIALOGUE
Infrastructure as a Service Azure - IaaS Platform as a Service Azure - PaaS Software as a Service Office 365 - SaaS On Premises Security Dependencies 1. Security strategy, governance, and operationalization: Provide clear vision, standards, and guidance for your organization 2. Administrative control: Defend against the loss of control of your cloud services and on-premises systems 3. Data: Identify and protect your most important information assets 4. User identity and device security: Strengthen protection for accounts and devices 5. Application security: Ensure application code is resilient to attacks 6. Network: Ensure connectivity, isolation, and visibility into anomalous behavior 7. Operating system and middleware: Protect integrity of hosts 8. Private or on-premises environments: Secure the foundation Customer controlled responsibilities
ONPREMISES APPROACH CLOUD-ENABLED PROCESSING Sharing responsibilities Cloud: trust but verify…
1. Cloud security, privacy & compliance is a partnership, governance is key • Business case and Risk management is foundational • Implement flexible goverance processes • Design security requirements & policies 2. Request cloud provider assurances on integrated security capabilities • Many operational & security responsibilities can be transferred to the service provider. 3. Additional customer controls & requirements, empowered by cloud platforms: discover, manage, protect, report • Administrative Privilege Management • Identity Systems and Identity Management • Security Management & Threat Awareness • Information protection Protection Summary key aproach and activities
References 1. Descriptive: Microsoft trustcenter: https://www.microsoft.com/en-us/TrustCenter/default.aspx 2. Independently verified: Microsoft Service Trust portal: https://servicetrust.microsoft.com 3. Contractual: Microsoft online service terms & SLA: https://www.microsoft.com/en-us/Licensing/product- licensing/products.aspx  Microsoft Cloud IT Architecture resources: https://technet.microsoft.com/en-us/library/dn919927.aspx  Cloud Services Due Diligence Checklist (ISO 19086 based): https://www.microsoft.com/en-us/trustcenter/Compliance/Due-Diligence-Checklist  SAFE Handbook: http://aka.ms/safehandbook  Microsoft Cyber Trust Blog: https://blogs.microsoft.com/cybertrust  Microsoft Secure: https://www.microsoft.com/en-us/security/default.aspx  A Data driven security defense: https://gallery.technet.microsoft.com/Fixing-the-1-Problem-in-2e58ac4a  Enterprise Cloud strategy e-book: https://info.microsoft.com/enterprise-cloud-strategy-ebook.html  Microsoft Security Intelligence Report: https://www.microsoft.com/security/sir/default.aspx
The content of the information provided by Microsoft, if any (the “Content”) is provided for information purposes only. It does not under any circumstance constitute a legally binding offer or acceptance of Microsoft Ireland Operations Limited or any other Microsoft Group affiliate. This Content shall not be construed as (i) any commitment from Microsoft Ireland Operations Limited or any other Microsoft Group affiliate and/or (ii) supplementing or amending the terms of any existing agreement with Microsoft Ireland Operations Limited or any other Microsoft Group affiliate. In case of any discrepancies between the Content and this disclaimer, the terms of the latter shall prevail. Microsoft, all rights reserved.

Recommended

20171207 we are moving to the cloud what about security
20171207 we are moving to the cloud what about security20171207 we are moving to the cloud what about security
20171207 we are moving to the cloud what about securityArjan Cornelissen
 
2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information Protection2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information ProtectionAndrew Bettany
 
Azure security infographic 2014 sec
Azure security infographic 2014 secAzure security infographic 2014 sec
Azure security infographic 2014 secKesavan Munuswamy
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceDavid J Rosenthal
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal
 
An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)Robert Crane
 
Security and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperSecurity and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperDavid J Rosenthal
 
Microsoft Azure Information Protection
Microsoft Azure Information Protection Microsoft Azure Information Protection
Microsoft Azure Information Protection Syed Sabhi Haider
 

Recommended

20171207 we are moving to the cloud what about security
20171207 we are moving to the cloud what about security20171207 we are moving to the cloud what about security
20171207 we are moving to the cloud what about securityArjan Cornelissen
 
2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information Protection2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information ProtectionAndrew Bettany
 
Azure security infographic 2014 sec
Azure security infographic 2014 secAzure security infographic 2014 sec
Azure security infographic 2014 secKesavan Munuswamy
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceDavid J Rosenthal
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal
 
An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)Robert Crane
 
Security and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperSecurity and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperDavid J Rosenthal
 
Microsoft Azure Information Protection
Microsoft Azure Information Protection Microsoft Azure Information Protection
Microsoft Azure Information Protection Syed Sabhi Haider
 
Microsoft Digital Crimes Unit
Microsoft Digital Crimes UnitMicrosoft Digital Crimes Unit
Microsoft Digital Crimes UnitMicrosoft Österreich
 
Secure Access to Your Enterprise
Secure Access to Your EnterpriseSecure Access to Your Enterprise
Secure Access to Your EnterpriseDavid J Rosenthal
 
Insider Threat Protection | Seclore
Insider Threat Protection | SecloreInsider Threat Protection | Seclore
Insider Threat Protection | SecloreSeclore
 
History of Content Security: Take 2 - ShareCloudSummit Houston
History of Content Security: Take 2 - ShareCloudSummit HoustonHistory of Content Security: Take 2 - ShareCloudSummit Houston
History of Content Security: Take 2 - ShareCloudSummit HoustonAdam Levithan
 
Application Data Security | Seclore
Application Data Security | SecloreApplication Data Security | Seclore
Application Data Security | SecloreSeclore
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreSeclore
 
Cloud Security is not equal to Cloud Data Security
Cloud Security is not equal to Cloud Data SecurityCloud Security is not equal to Cloud Data Security
Cloud Security is not equal to Cloud Data SecuritySeclore
 
Seclore For Microsoft’s Sensitivity Labels
Seclore For Microsoft’s Sensitivity LabelsSeclore For Microsoft’s Sensitivity Labels
Seclore For Microsoft’s Sensitivity LabelsSeclore
 
Submit Your Research Articles - International Journal of Network Security & I...
Submit Your Research Articles - International Journal of Network Security & I...Submit Your Research Articles - International Journal of Network Security & I...
Submit Your Research Articles - International Journal of Network Security & I...IJNSA Journal
 
Bring Your Own Encryption | Seclore
Bring Your Own Encryption | SecloreBring Your Own Encryption | Seclore
Bring Your Own Encryption | SecloreSeclore
 
ATA meetup - Feb 2020 - DevSecOps
ATA meetup - Feb 2020 - DevSecOpsATA meetup - Feb 2020 - DevSecOps
ATA meetup - Feb 2020 - DevSecOpsAlex Altman
 
Email Security Solutions | Seclore
Email Security Solutions | SecloreEmail Security Solutions | Seclore
Email Security Solutions | SecloreSeclore
 
Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Robert Crane
 
Call for Papers - International Journal of Network Security & Its Application...
Call for Papers - International Journal of Network Security & Its Application...Call for Papers - International Journal of Network Security & Its Application...
Call for Papers - International Journal of Network Security & Its Application...IJNSA Journal
 
Compliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreCompliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreSeclore
 
Advantages of privacy by design in IoE
Advantages of privacy by design in IoEAdvantages of privacy by design in IoE
Advantages of privacy by design in IoEMarc Vael
 
Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityAntonioMaio2
 
Data Classification Protection | Seclore
Data Classification Protection | SecloreData Classification Protection | Seclore
Data Classification Protection | SecloreSeclore
 
Security 24 - Seclore
Security 24 - SecloreSecurity 24 - Seclore
Security 24 - SecloreSeclore
 
Securing the Skies: Navigating Cloud Security Challenges and Beyond
Securing the Skies: Navigating Cloud Security Challenges and BeyondSecuring the Skies: Navigating Cloud Security Challenges and Beyond
Securing the Skies: Navigating Cloud Security Challenges and BeyondPraveen Nair
 
Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Ulf Mattsson
 

More Related Content

What's hot

Secure Access to Your Enterprise
Secure Access to Your EnterpriseSecure Access to Your Enterprise
Secure Access to Your EnterpriseDavid J Rosenthal
 
Insider Threat Protection | Seclore
Insider Threat Protection | SecloreInsider Threat Protection | Seclore
Insider Threat Protection | SecloreSeclore
 
History of Content Security: Take 2 - ShareCloudSummit Houston
History of Content Security: Take 2 - ShareCloudSummit HoustonHistory of Content Security: Take 2 - ShareCloudSummit Houston
History of Content Security: Take 2 - ShareCloudSummit HoustonAdam Levithan
 
Application Data Security | Seclore
Application Data Security | SecloreApplication Data Security | Seclore
Application Data Security | SecloreSeclore
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreSeclore
 
Cloud Security is not equal to Cloud Data Security
Cloud Security is not equal to Cloud Data SecurityCloud Security is not equal to Cloud Data Security
Cloud Security is not equal to Cloud Data SecuritySeclore
 
Seclore For Microsoft’s Sensitivity Labels
Seclore For Microsoft’s Sensitivity LabelsSeclore For Microsoft’s Sensitivity Labels
Seclore For Microsoft’s Sensitivity LabelsSeclore
 
Submit Your Research Articles - International Journal of Network Security & I...
Submit Your Research Articles - International Journal of Network Security & I...Submit Your Research Articles - International Journal of Network Security & I...
Submit Your Research Articles - International Journal of Network Security & I...IJNSA Journal
 
Bring Your Own Encryption | Seclore
Bring Your Own Encryption | SecloreBring Your Own Encryption | Seclore
Bring Your Own Encryption | SecloreSeclore
 
ATA meetup - Feb 2020 - DevSecOps
ATA meetup - Feb 2020 - DevSecOpsATA meetup - Feb 2020 - DevSecOps
ATA meetup - Feb 2020 - DevSecOpsAlex Altman
 
Email Security Solutions | Seclore
Email Security Solutions | SecloreEmail Security Solutions | Seclore
Email Security Solutions | SecloreSeclore
 
Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Robert Crane
 
Call for Papers - International Journal of Network Security & Its Application...
Call for Papers - International Journal of Network Security & Its Application...Call for Papers - International Journal of Network Security & Its Application...
Call for Papers - International Journal of Network Security & Its Application...IJNSA Journal
 
Compliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreCompliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreSeclore
 
Advantages of privacy by design in IoE
Advantages of privacy by design in IoEAdvantages of privacy by design in IoE
Advantages of privacy by design in IoEMarc Vael
 
Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityAntonioMaio2
 
Data Classification Protection | Seclore
Data Classification Protection | SecloreData Classification Protection | Seclore
Data Classification Protection | SecloreSeclore
 
Security 24 - Seclore
Security 24 - SecloreSecurity 24 - Seclore
Security 24 - SecloreSeclore
 

What's hot (20)

Microsoft Digital Crimes Unit
Microsoft Digital Crimes UnitMicrosoft Digital Crimes Unit
Microsoft Digital Crimes Unit
 
Secure Access to Your Enterprise
Secure Access to Your EnterpriseSecure Access to Your Enterprise
Secure Access to Your Enterprise
 
Insider Threat Protection | Seclore
Insider Threat Protection | SecloreInsider Threat Protection | Seclore
Insider Threat Protection | Seclore
 
History of Content Security: Take 2 - ShareCloudSummit Houston
History of Content Security: Take 2 - ShareCloudSummit HoustonHistory of Content Security: Take 2 - ShareCloudSummit Houston
History of Content Security: Take 2 - ShareCloudSummit Houston
 
Application Data Security | Seclore
Application Data Security | SecloreApplication Data Security | Seclore
Application Data Security | Seclore
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
IRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | SecloreIRDAI Compliance & Data-Centric Security | Seclore
IRDAI Compliance & Data-Centric Security | Seclore
 
Cloud Security is not equal to Cloud Data Security
Cloud Security is not equal to Cloud Data SecurityCloud Security is not equal to Cloud Data Security
Cloud Security is not equal to Cloud Data Security
 
Seclore For Microsoft’s Sensitivity Labels
Seclore For Microsoft’s Sensitivity LabelsSeclore For Microsoft’s Sensitivity Labels
Seclore For Microsoft’s Sensitivity Labels
 
Submit Your Research Articles - International Journal of Network Security & I...
Submit Your Research Articles - International Journal of Network Security & I...Submit Your Research Articles - International Journal of Network Security & I...
Submit Your Research Articles - International Journal of Network Security & I...
 
Bring Your Own Encryption | Seclore
Bring Your Own Encryption | SecloreBring Your Own Encryption | Seclore
Bring Your Own Encryption | Seclore
 
ATA meetup - Feb 2020 - DevSecOps
ATA meetup - Feb 2020 - DevSecOpsATA meetup - Feb 2020 - DevSecOps
ATA meetup - Feb 2020 - DevSecOps
 
Email Security Solutions | Seclore
Email Security Solutions | SecloreEmail Security Solutions | Seclore
Email Security Solutions | Seclore
 
Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365
 
Call for Papers - International Journal of Network Security & Its Application...
Call for Papers - International Journal of Network Security & Its Application...Call for Papers - International Journal of Network Security & Its Application...
Call for Papers - International Journal of Network Security & Its Application...
 
Compliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | SecloreCompliance regulations with Data Centric Security | Seclore
Compliance regulations with Data Centric Security | Seclore
 
Advantages of privacy by design in IoE
Advantages of privacy by design in IoEAdvantages of privacy by design in IoE
Advantages of privacy by design in IoE
 
Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + Security
 
Data Classification Protection | Seclore
Data Classification Protection | SecloreData Classification Protection | Seclore
Data Classification Protection | Seclore
 
Security 24 - Seclore
Security 24 - SecloreSecurity 24 - Seclore
Security 24 - Seclore
 

Similar to Martin Vliem (Microsoft): Met vertrouwen naar de cloud

Securing the Skies: Navigating Cloud Security Challenges and Beyond
Securing the Skies: Navigating Cloud Security Challenges and BeyondSecuring the Skies: Navigating Cloud Security Challenges and Beyond
Securing the Skies: Navigating Cloud Security Challenges and BeyondPraveen Nair
 
Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Ulf Mattsson
 
Information Security: We are all InfoSec (updated for 2018)
Information Security: We are all InfoSec (updated for 2018)Information Security: We are all InfoSec (updated for 2018)
Information Security: We are all InfoSec (updated for 2018)Michael Swinarski
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Ulf Mattsson
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionDLT Solutions
 
Cloud risk and business continuity v21
Cloud risk and business continuity v21Cloud risk and business continuity v21
Cloud risk and business continuity v21Jorge Sebastiao
 
Information Leakage Prevention In Cloud Computing
Information Leakage Prevention In Cloud ComputingInformation Leakage Prevention In Cloud Computing
Information Leakage Prevention In Cloud ComputingIJERA Editor
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxGenericName6
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore apponix123
 
Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Shahar Geiger Maor
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloudUlf Mattsson
 
ASMC 2017 - Martin Vliem - Security &lt; productivity &lt; security: syntax ...
ASMC 2017 - Martin Vliem - Security &lt; productivity &lt; security: syntax ...ASMC 2017 - Martin Vliem - Security &lt; productivity &lt; security: syntax ...
ASMC 2017 - Martin Vliem - Security &lt; productivity &lt; security: syntax ...PlatformSecurityManagement
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationCharles Lim
 
Kaasaegse andmekeskuse arhitektuur ja andmete turvalisus
Kaasaegse andmekeskuse arhitektuur ja andmete turvalisusKaasaegse andmekeskuse arhitektuur ja andmete turvalisus
Kaasaegse andmekeskuse arhitektuur ja andmete turvalisusPrimend
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 

Similar to Martin Vliem (Microsoft): Met vertrouwen naar de cloud (20)

Securing the Skies: Navigating Cloud Security Challenges and Beyond
Securing the Skies: Navigating Cloud Security Challenges and BeyondSecuring the Skies: Navigating Cloud Security Challenges and Beyond
Securing the Skies: Navigating Cloud Security Challenges and Beyond
 
Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...
 
Cloud computing final show
Cloud computing final showCloud computing final show
Cloud computing final show
 
Information Security: We are all InfoSec (updated for 2018)
Information Security: We are all InfoSec (updated for 2018)Information Security: We are all InfoSec (updated for 2018)
Information Security: We are all InfoSec (updated for 2018)
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...
 
Cloud security
Cloud security Cloud security
Cloud security
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
 
Cloud risk and business continuity v21
Cloud risk and business continuity v21Cloud risk and business continuity v21
Cloud risk and business continuity v21
 
Information Leakage Prevention In Cloud Computing
Information Leakage Prevention In Cloud ComputingInformation Leakage Prevention In Cloud Computing
Information Leakage Prevention In Cloud Computing
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
 
Aws training in bangalore
Aws training in bangalore Aws training in bangalore
Aws training in bangalore
 
Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)
 
Emerging application and data protection for multi cloud
Emerging application and data protection for multi cloudEmerging application and data protection for multi cloud
Emerging application and data protection for multi cloud
 
ASMC 2017 - Martin Vliem - Security &lt; productivity &lt; security: syntax ...
ASMC 2017 - Martin Vliem - Security &lt; productivity &lt; security: syntax ...ASMC 2017 - Martin Vliem - Security &lt; productivity &lt; security: syntax ...
ASMC 2017 - Martin Vliem - Security &lt; productivity &lt; security: syntax ...
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your Organization
 
Cloud security
Cloud securityCloud security
Cloud security
 
Cloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningCloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit Planning
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
Kaasaegse andmekeskuse arhitektuur ja andmete turvalisus
Kaasaegse andmekeskuse arhitektuur ja andmete turvalisusKaasaegse andmekeskuse arhitektuur ja andmete turvalisus
Kaasaegse andmekeskuse arhitektuur ja andmete turvalisus
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
 

More from Content Guru Benelux

Willem en Olivier (PlanMen): Workforce Intelligence
Willem en Olivier (PlanMen): Workforce IntelligenceWillem en Olivier (PlanMen): Workforce Intelligence
Willem en Olivier (PlanMen): Workforce IntelligenceContent Guru Benelux
 
Sam Fuller (UK Power Networks): Creating engaging experiences in the moments ...
Sam Fuller (UK Power Networks): Creating engaging experiences in the moments ...Sam Fuller (UK Power Networks): Creating engaging experiences in the moments ...
Sam Fuller (UK Power Networks): Creating engaging experiences in the moments ...Content Guru Benelux
 
Jan de Jong (Randstad): Veranderen is niet leuk
Jan de Jong (Randstad): Veranderen is niet leukJan de Jong (Randstad): Veranderen is niet leuk
Jan de Jong (Randstad): Veranderen is niet leukContent Guru Benelux
 
Geeske te Gussinklo (KSF): Trends en ontwikkelingen technologie en klantcontact
Geeske te Gussinklo (KSF): Trends en ontwikkelingen technologie en klantcontactGeeske te Gussinklo (KSF): Trends en ontwikkelingen technologie en klantcontact
Geeske te Gussinklo (KSF): Trends en ontwikkelingen technologie en klantcontactContent Guru Benelux
 
UK Power Networks tijdens Multichannel Conference 2017
UK Power Networks tijdens Multichannel Conference 2017UK Power Networks tijdens Multichannel Conference 2017
UK Power Networks tijdens Multichannel Conference 2017Content Guru Benelux
 
Whitepaper De optimale vorm van klantherkenning
Whitepaper De optimale vorm van klantherkenningWhitepaper De optimale vorm van klantherkenning
Whitepaper De optimale vorm van klantherkenningContent Guru Benelux
 
Dit gesprek kan worden opgenomen voor trainingsdoeleinden
Dit gesprek kan worden opgenomen voor trainingsdoeleindenDit gesprek kan worden opgenomen voor trainingsdoeleinden
Dit gesprek kan worden opgenomen voor trainingsdoeleindenContent Guru Benelux
 

More from Content Guru Benelux (11)

Willem en Olivier (PlanMen): Workforce Intelligence
Willem en Olivier (PlanMen): Workforce IntelligenceWillem en Olivier (PlanMen): Workforce Intelligence
Willem en Olivier (PlanMen): Workforce Intelligence
 
Sam Fuller (UK Power Networks): Creating engaging experiences in the moments ...
Sam Fuller (UK Power Networks): Creating engaging experiences in the moments ...Sam Fuller (UK Power Networks): Creating engaging experiences in the moments ...
Sam Fuller (UK Power Networks): Creating engaging experiences in the moments ...
 
Jan de Jong (Randstad): Veranderen is niet leuk
Jan de Jong (Randstad): Veranderen is niet leukJan de Jong (Randstad): Veranderen is niet leuk
Jan de Jong (Randstad): Veranderen is niet leuk
 
Geeske te Gussinklo (KSF): Trends en ontwikkelingen technologie en klantcontact
Geeske te Gussinklo (KSF): Trends en ontwikkelingen technologie en klantcontactGeeske te Gussinklo (KSF): Trends en ontwikkelingen technologie en klantcontact
Geeske te Gussinklo (KSF): Trends en ontwikkelingen technologie en klantcontact
 
UK Power Networks tijdens Multichannel Conference 2017
UK Power Networks tijdens Multichannel Conference 2017UK Power Networks tijdens Multichannel Conference 2017
UK Power Networks tijdens Multichannel Conference 2017
 
Whitepaper De optimale vorm van klantherkenning
Whitepaper De optimale vorm van klantherkenningWhitepaper De optimale vorm van klantherkenning
Whitepaper De optimale vorm van klantherkenning
 
Verzeker uw klantcontact
Verzeker uw klantcontactVerzeker uw klantcontact
Verzeker uw klantcontact
 
Klanttevredenheid meten is weten
Klanttevredenheid meten is wetenKlanttevredenheid meten is weten
Klanttevredenheid meten is weten
 
Klantbeleving maakt het verschil
Klantbeleving maakt het verschilKlantbeleving maakt het verschil
Klantbeleving maakt het verschil
 
Dit gesprek kan worden opgenomen voor trainingsdoeleinden
Dit gesprek kan worden opgenomen voor trainingsdoeleindenDit gesprek kan worden opgenomen voor trainingsdoeleinden
Dit gesprek kan worden opgenomen voor trainingsdoeleinden
 
Stormvoorhetmkb contentguru
Stormvoorhetmkb contentguruStormvoorhetmkb contentguru
Stormvoorhetmkb contentguru
 

Recently uploaded

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

Recently uploaded (20)

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 

Martin Vliem (Microsoft): Met vertrouwen naar de cloud

  • 1. Trust < Cloud < Trust Martin Vliem National Security Officer CCSP, CISSP, CISA martin.vliem@microsoft.com https://www.linkedin.com/in/mvliem
  • 2. "The Americans have need of the telephone, but we do not. We have plenty of messenger boys." 1878, Sir William Preece Chief Engineer, British Post Office "There is no reason anyone would want a computer in their home." 1977, Ken Olson President, chairman and founder of Digital Equipment Corp. "A rocket will never be able to leave the Earth's atmosphere." 1936, New York Times "By the turn of the century, we will live in a paperless society." 1986, Roger Smith Chairman of General Motors "Nuclear-powered vacuum cleaners will probably be a reality in 10 years.“ 1955, Alex Lewyt President of vacuum cleaner company Lewyt Corp. "X-rays will prove to be a hoax.“ 1883, Lord Kelvin President of the Royal Society "When the Paris Exhibition [of 1878] closes, electric light will close with it and no more will be heard of it.“ 1878, Erasmus Wilson Oxford professor "Rail travel at high speed is not possible because passengers, unable to breathe, would die of asphyxia.“ Dr Dionysys Larder (1793-1859) Professor of Natural Philosophy and Astronomy, University College London. Digital Transformation expectations?
  • 3. Digital Transformation incoming traffic AMS-IX 1.088.442 TB Mei 2017 690 TB Juli 2001 Third parties are allowed to use the AMS-IX statistics that are published on the website. Upon doing so, please make sure to mention that AMS-IX holds copyright on this information and to accompany the figures with a link directing to the figures on our website. https://ams-ix.net/technical/statistics/historical-traffic-data
  • 5. Trust concerns Can I control my data? Is my data secured? What happens with my data? Am I compliant? Will my data remain available? Satya Nadella CEO Microsoft
  • 6. 6 Fear is a poor advisor Dutch expression
  • 8. Agility Cost Transformation Modernization Data loss Down time Privacy Malware attacks Information security & risk management guidelines • Frameworks & standards & baselines (ISO 27002, NIST 800-53r4, CSA CCM) • Risk templates (ISO27001, NIST 800- 37, NIST CSF) Opportunity versus risk
  • 9. 1. Data Breaches 2. Weak Identity, Credential and Access Mgmt 3. Insecure APIs 4. System and Application Vulnerabilities 5. Account Hijacking 6. Malicious Insiders 7. Advanced Persistent Threats (APTs) 8. Data Loss 9. Insufficient Due Diligence 10. Abuse and Nefarious Use of Cloud Services 11. Denial of Service 12. Shared Technology Issues Notorious nine 2013 1. Data breaches 2. Data loss 3. Account or service traffic hijacking 4. Insecure interfaces and APIs 5. Denial of service 6. Malicious insiders 7. Abuse of cloud services 8. Insufficient due diligence 9. Shared technology vulnerabilities https://cloudsecurityalliance.org/download/the-treacherous-twelve-cloud-computing-top-threats-in-2016/ The CSA Treacherous 12 Top Cloud threats 2016
  • 10. Cloud Services Due Diligence checklist based on ISO19086
  • 11. CLOUD CONSUMER (controller) Information security, privacy, compliance, legal, policy requirements 1 Demonstrate compliance / control risk6 ADDITIONAL CONTROLS & PROCESSES Evaluates claims and add additional controls5 CLOUD PROVIDER CLAIMS RISKS GOVERNANCE, RISK & COMPLIANCE Continuous assessment cycle2 MITIGATING CONTROLS Cloud assurance CLOUD PROVIDER (processor) MITIGATING CONTROLS Customer requests assurances from Cloud vendor 3 Cloud provider provides assurance4 CONTRACTING INDEPENDENTLY VERIFIED DESCRIPTIVE INFORMATION INTERACTIVE INFORMATION & CONTROLS OPTIONAL CONTROLS & SERVICES CUSTOMER OR EMPLOYEE OF CLOUD CONSUMER AS DATA SUBJECT
  • 12. Data governance & rights management Responsibility SaaS PaaS IaaS On-prem Client endpoints Account & access management Identity & directory infrastructure Application Network controls Operating system Physical network Physical datacenter CustomerMicrosoft Physical hosts ALWAYS RETAINED BY CUSTOMER VARIES BY SERVICE TYPE TRANSFERS TO CLOUD PROVIDER Cloud service provider responsibility Tenant responsibility A Partnership
  • 13. EMPOWERING YOU - Customer Security Considerations - SECURING THE PLATFORM - Service Integrated Controls- A TRUST DIALOGUE
  • 15. Threats prevented by a cloud platform
  • 16. EMPOWERING YOU - Customer Security Considerations - SECURING THE PLATFORM - Service Integrated Controls- A TRUST DIALOGUE
  • 17. Infrastructure as a Service Azure - IaaS Platform as a Service Azure - PaaS Software as a Service Office 365 - SaaS On Premises Security Dependencies 1. Security strategy, governance, and operationalization: Provide clear vision, standards, and guidance for your organization 2. Administrative control: Defend against the loss of control of your cloud services and on-premises systems 3. Data: Identify and protect your most important information assets 4. User identity and device security: Strengthen protection for accounts and devices 5. Application security: Ensure application code is resilient to attacks 6. Network: Ensure connectivity, isolation, and visibility into anomalous behavior 7. Operating system and middleware: Protect integrity of hosts 8. Private or on-premises environments: Secure the foundation Customer controlled responsibilities
  • 18. ONPREMISES APPROACH CLOUD-ENABLED PROCESSING Sharing responsibilities Cloud: trust but verify…
  • 19. 1. Cloud security, privacy & compliance is a partnership, governance is key • Business case and Risk management is foundational • Implement flexible goverance processes • Design security requirements & policies 2. Request cloud provider assurances on integrated security capabilities • Many operational & security responsibilities can be transferred to the service provider. 3. Additional customer controls & requirements, empowered by cloud platforms: discover, manage, protect, report • Administrative Privilege Management • Identity Systems and Identity Management • Security Management & Threat Awareness • Information protection Protection Summary key aproach and activities
  • 20. References 1. Descriptive: Microsoft trustcenter: https://www.microsoft.com/en-us/TrustCenter/default.aspx 2. Independently verified: Microsoft Service Trust portal: https://servicetrust.microsoft.com 3. Contractual: Microsoft online service terms & SLA: https://www.microsoft.com/en-us/Licensing/product- licensing/products.aspx  Microsoft Cloud IT Architecture resources: https://technet.microsoft.com/en-us/library/dn919927.aspx  Cloud Services Due Diligence Checklist (ISO 19086 based): https://www.microsoft.com/en-us/trustcenter/Compliance/Due-Diligence-Checklist  SAFE Handbook: http://aka.ms/safehandbook  Microsoft Cyber Trust Blog: https://blogs.microsoft.com/cybertrust  Microsoft Secure: https://www.microsoft.com/en-us/security/default.aspx  A Data driven security defense: https://gallery.technet.microsoft.com/Fixing-the-1-Problem-in-2e58ac4a  Enterprise Cloud strategy e-book: https://info.microsoft.com/enterprise-cloud-strategy-ebook.html  Microsoft Security Intelligence Report: https://www.microsoft.com/security/sir/default.aspx
  • 21.
  • 22. The content of the information provided by Microsoft, if any (the “Content”) is provided for information purposes only. It does not under any circumstance constitute a legally binding offer or acceptance of Microsoft Ireland Operations Limited or any other Microsoft Group affiliate. This Content shall not be construed as (i) any commitment from Microsoft Ireland Operations Limited or any other Microsoft Group affiliate and/or (ii) supplementing or amending the terms of any existing agreement with Microsoft Ireland Operations Limited or any other Microsoft Group affiliate. In case of any discrepancies between the Content and this disclaimer, the terms of the latter shall prevail. Microsoft, all rights reserved.