This presentation covers security principles for On-Premise organizations, security principles in the Cloud including Azure Deployment and Azure Build Services, and Environment Monitoring.

1. James Reid & Wilkin Shum

2. #FUELGOOD18
YOUR PRESENTERS
JAMES REID WILKIN SHUM
IT Administrators & Tech
Consultants,
Sparkrock

3. #FUELGOOD18
• Discover – What data is under your control?
• Manage – Control how data is captured and used.
• Protect – Keep data out of harms way.
• Report – Collect records for auditing.
AGENDA

4. #FUELGOOD18

5. #FUELGOOD18
Discover

6. #FUELGOOD18
What Data is Important?
Personal Information
• PIPEDA – legislation defining responsibilities and penalties regarding personal information.
Health Information
• PHIPA – legislation defining responsibilities and penalties regarding health/medical information.
GDPR (General Data Protection Regulation)
• Protecting personal data by design and default.

7. #FUELGOOD18
Factors to Determine If Your Data is Part of These Acts
• The sensitivity of the information involved in the breach.
• The probability that the information has been, is being, could be or will be misused.
• Essentially, any data that could be used to identify an individual could be considered of
"significant harm".

8. #FUELGOOD18
Where is your Data?
• Need to understand where data is kept to protect it.
• Is it only in once place? Or is it being duplicated and kept elsewhere?
• If on the Cloud, where is that info kept? If it crosses borders how does
that change liability?
• Where are the scheduled backups kept?

9. #FUELGOOD18
On-Premise
SQL Server
• Primary place for data storage: database servers (no surprise here…)
• Need to understand how systems function & which database they use for specific data.
Users Machines
• It’s much more difficult to centrally manage what data could be kept on a user’s machine.
• System Center allows for scanning for specific data on user’s machines.

10. #FUELGOOD18
Cloud
• Data is not necessarily all kept in a single location.
• Integrated tools allow for easier management with the complexities of how Cloud vs. On-premise
works.
• Microsoft Azure helps you search and identify personal data with Azure Search, Azure Data
Catalog, and Azure Active Directory, along with specialized tools such as Power Query and
Query Explorer

11. #FUELGOOD18
What Data is Under Your Control?

12. #FUELGOOD18
Manage

13. #FUELGOOD18
ADD TITLE HERE FOR THIS SLIDE
Under GDPR individuals to whom data relates can request:
• Information on the processing of the data
• Transfer of their data to other services
• Correction of mistakes in their data
• Restriction of processing certain data in certain cases
Requests must be processed within fixed period of times

14. #FUELGOOD18
Data Governance
• You need to understand what types of personal data your organization
processes, how, and for what purpose.
• A data governance plan can help define policies, roles, and responsibilities for
the access, management, and use of personal data.

15. #FUELGOOD18
Data in Use
• We limit the amount of people and access time
• Application level access
• Encryption Management

16. #FUELGOOD18
Data In Transit
• Limited the path when data flow though the network
• Manage users devices

17. #FUELGOOD18
Data At Rest
• Securely store data
• Servers
• Client devices
• Cloud
• Data Separation
• Storage Location (physical)
• Encryption Key Management

18. #FUELGOOD18
Cloud Tools
• Azure Data Factory and Azure HDInsight help you trace and locate personal data.
• The Azure infrastructure can host customized privacy notices to help meet GDPR notification requirements.
• Azure Active Directory enables requesting and obtaining consent to use of data, and Azure SQL Database
can be used to document data subjects who have granted affirmative consent.
• Inaccurate or incomplete personal data can be identified and rectified using Azure Search, Azure Active
Directory, Azure SQL Explorer, and Query Explorer.

19. #FUELGOOD18
Protect

20. #FUELGOOD18
Protecting Your Data
• Potential risks could range from physical intrusions to hackers
to rogue employees to accidental loss.
• Risk Management Plans and risk mitigating steps such as
password protection, audit logs, and encryption can prevent
losses & ensure compliance.
• Don’t forget about physical security!

21. #FUELGOOD18
Be Proactive!

22. #FUELGOOD18
On-Premise Tools
• Encryption from Data at Rest to Data in Use to Data in Transit
• SQL Dynamic Data Masking to hide sensitive information by default.
• Device protection
• Bit Locker
• Password policies and strength requirements.
• Anti-virus, spam filter
• Network device
• Firewall: DDOS, Anti-virus detection, Certificate Inspection, Rules…etc
• VPN: Site to Site VPN, Client to Site VPN..etc
• Switches: VLAN, Port access control, RADIUS…etc

23. #FUELGOOD18
On-Premise Monitoring
• Monitoring and control over your network infrastructure, virtual machines, as well as
end-users’ computers and other devices.
• All data access permissions should be regularly checked and implemented using a
minimal access by default methodology.
• Create disaster recovery plan and regularly practice

24. #FUELGOOD18
Cloud Tools and Monitoring
Microsoft Azure Services: developed with Microsoft Secure Development Lifecycle, including
privacy-by-design & privacy-by-default methodologies.
Azure & related tools: comply with GDPR data protection requirements by providing ways to secure
personal data in rest and transit, detect and respond to data breaches, and facilitate security
measures.
Azure Security Center: prevents & detects threats with Security Health Monitoring & Security
Incident Response Management tools that monitor traffic, collect logs, and analyze data sources.

25. #FUELGOOD18
Cloud Tools and Monitoring
• Single Sign On and Two Forms Authentication
• Devices Removal practise
• All data access permissions should be regularly checked and implemented using
a minimal access by default methodology.

26. #FUELGOOD18
Report

27. #FUELGOOD18
Record Keeping
Organizations keeping personal data will need to keep detailed records in order to be compliant &
keep records on:
• Reason for processing data
• Type of personal data processed
• Third parties with whom data is shared
• Personal data of countries involved & changes in their laws
• Organizational & technical security measures
• Data retention times applicable to various datasets

28. #FUELGOOD18
On-Premise
SQL Server Auditing
• Audit tables that contain personal information as well as database level logins, configuration changes and schema
changes.
• Targeted auditing can be a lot more effective and practical that auditing the entire database.
Access Auditing
• Audit system access
• Audit on users access
Documentations
• Inventory, data, users device, network devices, permissions
• Disaster Recovery Plan, procedure, update, and practice result.

29. #FUELGOOD18
Cloud
• Azure Active Directory logs detail sign-in activity and
application usage.
• Log Analytics can aggregate and analyze Windows
Event logs, IIS logs, and Syslogs.
• Azure Monitor helps track API calls in customers’
Azure resources.
• Azure Security Center helps collect and review
security logs across Azure applications and services.
• Azure Diagnostics provides access to Event logs for
Azure VMs.
• Azure Storage Analytics can trace data requests made
against Azure Storage.

30. #FUELGOOD18

31. #FUELGOOD18
THANK YOU!
James Reid - Wilkin Shum
jreid@sparkrock.com - wshum@sparkrock.com
All presentations will be made available after the conference

32. #FUELGOOD18
Please take 5mins to fill out
your session evaluations
One lucky winner will win
an Amazon Echo!

33. #FUELGOOD18
www.sparkrock.com @sparkrockinc
Nonprofit, Human Services & K12
software to help you serve more
people, with less effort, stress &
expense.