Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

A deep dive into Azure Security: Is Azure really secure?

The cloud isn’t really new, but it is growing and becoming more complex. It has improved significantly compared to five years ago when we only saw the cloud as a collocation site. Companies are looking to save money and become more efficient. Several arguments make the cloud more compelling than ever before. Companies are great at what they do, but not so much at IT, it’s a different business. The cloud is more secure than companies can provide themselves. Technology is changing quicker than ever before which makes IT more difficult to keep up with, and maintaining high security standards. As hacking, malware and cyber crime incident continue to escalate, there is a huge pressure for companies to protect customers, partners, employees and all their data. Businesses really need to focus on building more secure solutions that deliver value to their customers, partners, and shareholders. Microsoft claims “decades-long experience building enterprise software and running some of the largest online services in the world. We use this experience to implement and continuously improve security-aware software development, operational management, and threat-mitigation practices that are essential to the strong protection of services and data.” This sounds great and compelling. So now my questions is “How secure is the cloud?”

In this session, we will look at Azure in depth to identify what Microsoft is doing to make Azure more secure. Are they really more secure than traditional company data centers? Lets get past the marketing and really understand what makes Azure secure and how we can leverage that security in solutions. How can we collaborate and know that our data is secure. And much more.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

A deep dive into Azure Security: Is Azure really secure?

  1. 1. www.expertpointsolutions.com A Deep Dive into Azure Security: Is Azure really secure? Brian Culver & Alvin Vaughn ● #HSPUG ● March 15, 2017
  2. 2. About Brian Culver  SharePoint Solutions Architect for Expert Point Solutions in Houston, Texas.  Microsoft Certified Master (MCM) in SharePoint  Brian has worked in the Information Technology industry for since 1998 and he has been working with SharePoint since 2005. His deep expertise includes Azure, Office365, SharePoint, ASP.Net, SQL Server and Project Server. He has been involved in many large SharePoint implementations including Internet and Intranet sites, Partner Portals, Enterprise Content Management and Governance, and much custom application integration and development.  Author, Speaker and Blogger Email : brian.culver(at)expertpointsolutions.com Twitter : @spbrianculver LinkedIn : https://www.linkedin.com/in/bculver Blog : http://blog.expertpointsolutions.com
  3. 3. About Alvin Vaughn  Cloud Solutions Architect for Expert Point Solutions in Houston, Texas.  CISSP, CCENT, MCITP Enterprise Server.  Alvin has worked in Information Technology industry since 2005, where he begin initially has a system admin and progressing to server administrator while in college. Alvin became a commissioned officer into the military after college where assigned as the lead IT project manager during the successful implementation the DoD’s Field Health IT system in Iraq and later in Afghanistan. Alvin has served as a technical consultant traveling around the world to provide expertise in enterprise Window’s server administration, open source interoperability, data analytics and has certified in Linux Administration and Oracle SQL. Alvin has led many multi-regional and global IT projects leveraging enterprise platforms such as SharePoint, Oracle DB, Windows RDS while leveraging cloud IaaS such as Azure to securely deliver resources, business intelligence, and other services to clients and their customers. Email : alvin.vaughn(at)expertpointsolutions.com
  4. 4. Session Agenda  Cloud Growth  Digital Security Threat Today  Security Roadmap  “The Trusted Cloud”  Security & Compliance Tools and Resources  Other considerations
  5. 5. Cloud Growth  “Companies continued their adoption of cloud computing services at a rapid clip in 2016, with overall growth expected to rise 25% year over year for that period, according to new numbers from Synergy Research Group. The forecaster estimated aggregate annual revenue from all those cloud segments at nearly $150 billion. Synergy lumps two key cloud categories, known by techies as infrastructure as a service and platform as a service, into one big bucket, which together showed the most dramatic growth rate of 53%. Infrastructure as a service (aka IaaS) is typically exemplified by offerings from Amazon Web Services (AWS),Microsoft and Google (GOOGL, +0.37%).”  “Torrid Cloud Growth Continues”, Barb Darrow, Jan 04, 2017, http://fortune.com/2017/01/04/robust-cloud-growth/  Operator and vendor revenue for six segments of cloud computing reached $148 billion during that period, with spending on private clouds accounting for over half the total but spending on the public cloud growing much more rapidly.  “Cloud computing revenues jumped 25% in 2016, with strong growth ahead, researcher says”, Dan Richman, January 4, 2017, http://www.geekwire.com/2017/cloud-computing-revenues-jumped-25-2016-strong-growth-ahead-researcher-says/
  6. 6. Azure Cloud Growth Microsoft’s cloud infrastructure by the numbers  1989: The year Microsoft opened its first datacenter on its Redmond, Washington campus.  90-plus: The number of marketplaces that our cloud services are available in today.  200-plus: The number of online services delivered by Microsoft’s datacenters 24x7x365.  $15 billion-plus: Microsoft’s investment in building our huge cloud infrastructure.  1 million-plus: The number of servers hosted in our datacenters.  100-plus: The number of datacenters Microsoft has in its global cloud infrastructure portfolio.  30 trillion-plus: The number of data objects we store in our datacenters.  1.5 million-plus: The average number of requests our networks process per second.  3: The number of times Microsoft’s fiber optic network, one of North America’s largest, could stretch to the moon and back.  1.125: Microsoft’s average PUE for its new datacenters. Power usage effectiveness (PUE) is a metric of datacenter energy efficiency and is the ratio of the power and cooling overhead required to support our server load. The industry average is 1.8. http://download.microsoft.com/download/8/2/9/8297F7C7-AE81-4E99-B1DB- D65A01F7A8EF/Microsoft_Cloud_Infrastructure_Datacenter_and_Network_Fact_Sheet.pdf
  7. 7. Azure Cloud Growth Microsoft’s cloud infrastructure by the numbers (Continued)  2.3 billion kWh: The amount of green power purchased by Microsoft as part of our carbon-neutral goal - ranking as the third most purchased by any U.S. company, according to the U.S. Environmental Protection Agency.  16: The number of carbon offset projects Microsoft has invested in, including projects in Brazil, Cambodia, China, Guatemala, India, Kenya, Mongolia, Peru, Turkey and the United States. (including Keechi Wind Power investment announced November 4, 2013)  100 percent: The percentage of our servers and electronic equipment that we send to a third-party vendor for recycling and/or reselling after it has been securely decommissioned.  2007: The year Microsoft began sharing its best practices for cloud infrastructure with the industry. Download our latest Top Ten Best Business Practices for Environmentally Sustainable Datacenters white paper. http://download.microsoft.com/download/8/2/9/8297F7C7-AE81-4E99-B1DB- D65A01F7A8EF/Microsoft_Cloud_Infrastructure_Datacenter_and_Network_Fact_Sheet.pdf
  8. 8. Azure Cloud Growth  “[Microsoft] last week said its Azure revenue grew 93% year over year as it reported results for the quarter ended Dec. 31, 2016. The annualized revenue run rate for Microsoft's commercial cloud business, a segment that includes Azure, now surpasses $14 billion, according to the company.”  “Azure partners benefit from Microsoft cloud growth”, John Moore and Spencer Smith, Jan 27, 2017, http://searchitchannel.techtarget.com/news/450411909/Azure-partners-benefit-from-Microsoft-cloud-growth
  9. 9. Read Microsoft’s marketing about the cloud carefully Microsoft purposely skews cloud statistics to drive adoption. Move when it is the right time for your organization. Microsoft enterprise customers has Office 365 – Microsoft There’s a rush at every major tech vendor to sign up customers for their own cloud offerings before their competitors nab them. They are trying to nab their share of a market that will grow — conservatively — from $56.6 billion in 2014 to more than $127 billion in 2018, according to market research. – ICD 1 in 480% of the Fortune 500 are on the Microsoft Cloud – Microsoft
  10. 10. By 2018, Microsoft expects commercial cloud revenues to exceed Microsoft’s cloud-first, mobile-first strategy is paying off and is now on an annualized revenue run rate of $14 billion $20B driven by Office 365, Azure, and Dynamic CRM Online Commercial cloud growth of 80% Azure cloud growth of 93% Cloud customer base has doubled over the past 12 months Source: Taft, Darryl K. “Microsoft Continues to See Impact of Transition to Cloud.” eWeek. Source: Todd, Deborah M. “Cloud business boosts Microsoft’s quarterly revenue, shares rise.” Reuters.
  11. 11. There are benefits to the cloud; examine common criteria when evaluating a move • Once a year you will have the ability to true up or true down your licenses. Historically, only an annual true-up was possible, adding to cumulative SA costs. • Corporations can lose millions or hundreds of millions of dollars in the event of downtime. • Microsoft has a 99.9% uptime guarantee. True Up or Down 99.9% Uptime • Microsoft has increased the number of devices that can be used with O365 licenses enabling shared devices. 15 Devices • Historically, licensing has been device based, as BYOD and multiple devices weren’t prominent. • User licensing allows for multiple devices and is approximately 30% more expensive than licensing one device. User-Based Licensing • Microsoft has invested hundreds of millions of dollars into security for its cloud. It knows that with a single breach, many organizations will be searching for an alternative. Excellent Cloud Security • If you want to reduce time spent on providing patches and updates, Microsoft wants to automate tasks leaving you more time to work on other areas of your business. Automatic Updates • Microsoft is continuously increasing integration and collaboration capabilities within its products. Exchange, SharePoint, Skype, and Office have all seen changes in recent years. Enabled Collaboration • Instead of having to replace hardware every 3- 4 years, moving to Microsoft’s cloud can move you out of the hardware management space and help you focus on performance. Reduce Infra Costs Fifty-six percent of enterprises consider cloud to be a strategic differentiator, and approximately fifty-eight percent of enterprises spend more than 10 percent of their annual budgets on cloud services. – ICD
  12. 12. Organizations are delaying a move to the cloud for the following reasons • Certain organizations have bylaws in place because of proprietary information or government limitations on where data can reside. • Bandwidth and network connectivity in remote locations are large concerns for organizations who rely on the Microsoft productivity suite as their primary communication tools. Data Sovereignty Performance • The cost of moving to a subscription-based model is undoubtedly higher, and in the long run when your data is in the cloud, software vendors know switching to another vendor will be difficult. Cost • While having updates completed automatically by Microsoft, organizations with aforementioned legacy systems could face unexpected issues. Adaptability to Change • Organizations that have legacy systems or integrations with current software know that a move to cloud will be possible when similar functionality is possible in the cloud. Legacy Systems • If on-premise licenses or storage were recently purchased, moving to the cloud would decrease the planned usage life. Historical Purchases …the single biggest obstacle to cloud adoption in general continues to be the fear of security breaches, closely followed by issues with data sovereignty. – Capgemini Consulting Many organizations maintain hybrid environments when moving to the cloud. Microsoft has granted users who are licensed with Office 365 Enterprise User Subscription Licenses (USLs) equivalent rights to on-premise workloads. On-premise server licenses still need to be purchased. Small/mid-sized business and kiosk Office 365 plans do not contain the same rights.
  13. 13. Digital Security Threat Today Security remains a concern  News of security breaches continues to dominate headlines, and the scale and scope of intrusions are growing. In 2014 alone, data breaches were up by 49% over the previous year, and cyber criminals compromised more than a billion data records in more than 1500 breaches. In a 2014 report for the World Economic Forum, McKinsey & Company estimated the risk of cyberattacks“ could materially slow the pace of technology and business innovation with as much as $3 trillion in aggregate impact.” In any security attack, target organizations are only as safe as their weakest link; ifany component is not secured then the entire system is at risk. While acknowledging that the cloud can provide increased data security and administrative control, IT leaders are still concerned that migrating to the cloud will leave them more vulnerable to hackers than their current in-house Solutions http://download.microsoft.com/download/5/C/7/5C770A50-4FE4-4052-98E1- 562EBFE4F35A/Trusted_Cloud_White_paper_EN_US.pdf
  14. 14. Digital Security Threat Today  Russian Spies, Two Others, Indicted in Yahoo Hack Internet-Connected Sex Toy Maker Settles Privacy Lawsuit 7 Facts: 'Vault 7' CIA Hacking Tool Dump by WikiLeaks Breach Tally: Hacking Incidents Still on the Rise Yahoo CEO Loses Bonus Over Security Lapses SHA-1 Has Fallen Mobile Devices: What Could Go Wrong? Yahoo Takes $350 Million Hit in Verizon Deal
  15. 15. Digital Security Threat Today The top reported breaches by state are:  California with 39 breaches  Florida with 28 breaches  Texas with 23 breaches  New York with 15 breaches  Illinois, Indiana and Washington with 12 breaches  Ohio and Pennsylvania with 11 breaches  Michigan with 10 breaches  Arizona and Arkansas with 9 breaches  Georgia and Minnesota with 8 breaches and  Colorado and Missouri with 7 breaches. The report lists the worst data breaches per record compromised as:  Arizona with 4,524,278 records  New York with 3,588,554 records  Florida with 2,872,912 records  California with 1,436,701 records and  Georgia with 782,956 records. Report Lists Health Care Data Breaches by State
  16. 16. Digital Security Threat Today Ransonware
  17. 17. Digital Security Threat Today  Nearly 50 percent of organizations have been hit with ransomware  56,000 ransomware infections in March 2016, alone  $209 million was paid to ransomware criminals in Q1 2016  The average ransom demand is now $679  Email is the #1 delivery vehicle for ransomware  600% growth in new ransomware families since December 2015  4x jump in Android ransomware  230 percent jump in JavaScript ransomware payloads https://blog.barkly.com/ransomwar e-statistics-2016 http://www.symantec.com/content/en/us/enterprise/media/securi
  18. 18. Digital Security Threat Today  As of March 9, 50 major breaches impacting 424,286 individuals have been added to the Department of Health and Human Services' Office for Civil Rights' "wall of shame" website of major breaches affecting 500 or more individuals.  Of those 2017 incidents, 20 are listed as unauthorized access/disclosure breaches; 14 are hacking incidents; and 14 are breaches involving loss/theft of protected health information. Of the incidents involving loss or theft, eight involved paper/film records, and six involved unencrypted desktop or laptop computers, or other portable devices.  As of March 9, more than 171.66 million individuals in total have been impacted by the 1,852 major breaches that have been reported to HHS since September 2009.  In total so far in 2017, 14 hacking incidents affected nearly 262,000 individuals, or about 60 percent of all individuals impacted by major HIPAA breaches.  The six breaches so far posted in 2017 involving lost or stolen unencrypted computing devices impacted a total of about 15,000 individuals.  http://www.databreachtoday.com/breach-tally-hacking-incidents-still-on-rise-a-9762
  19. 19. Digital Security Threat Today Cybercrime is getting worse, far worse. Three and a Half Crimeware Trends to Watch in 2017  New malware configurations and trends seen in 2016;  Trends from the mobile malware arena;  A look into the most prominent threats expected in 2017. http://www.databreachtoday.com/webinars/three-half-crimeware-trends-to-watch-in-2017-w-1178?rf=promotional_webinar
  20. 20. Azure Security Roadmap  Microsoft is Transparent about security  Constantly Adapting and Making Changes as Trends Arise  Cloud Platform roadmap  https://www.microsoft.com/en-us/cloud-platform/roadmap-public-preview  White papers  Securing the Microsoft Cloud white paper  Azure Security, Privacy, and Compliance white paper  Security Management in Microsoft Azure white paper  Cloud Operations Excellence and Reliability strategy paper  Leveraging Stored Energy for Handling Power Emergencies white paper  Resilience by Design for Cloud Services white paper  Information Security Management white paper
  21. 21. Security Roadmap  Microsoft Cyber Defense Operations Center (CDOC) is a 24x7x365 state-of-the-art cybersecurity and defense facility. The CDOC is part of the company’s initiative to continuously advance its efforts on cybersecurity, risk management, and data protection. The CDOC is the physical hub for the company’s real-time security-focused experts, leveraging technology and analytics that protect, detect, and respond to threats to Microsoft’s cloud infrastructure and customer-facing resources and the services hosted within them, our products, devices, and the company’s internal resources. The teams that come together in the CDOC manage intelligence collection and correlation from our global threat landscape, real-time analysis and incident response, and provide ground zero security crisis management when needed.  Security Development Lifecycle (SDL) f
  22. 22. “The Trusted Cloud”  Most comprehensive compliance coverage of any cloud provider  More certifications than any other cloud provider  Industry leader for customer advocacy and privacy protection  Unique data residency guarantees  https://azure.microsoft.com/en-us/support/trust-center/  Commitment to compliance: “There are more compliance certifications with Azure than any other vendor out there”  Scott Guthrie, Exec VP Cloud + Enterprise Group, Microsoft Corp, AZGroups Conference 2017 (March 2017) https://youtu.be/_uW0N1Re_wk  Whether you are targeting government scenerios, healthcare, ecommerce, or a unique regulations in Australia, Ireland, or the UK its services can be depended on and you can take advantage of them  ISO/IEC, CSA/CCM, ITAR, CJIS, HIPAA, IRS 1075 Microsoft understands that for you—our enterprise customer—to realize the benefits of the cloud, you must be willing to entrust your cloud provider with one of your most
  23. 23. Microsoft has invested hundreds of millions of dollars into security, and has the most certifications of any cloud provider Microsoft’s servers are the second most attacked datacenter in the world with 30,000–40,000 threats per day. It has the experience and a proven track record in keeping data safe, knowing it only takes one hacker to get through for trust to be lost. Microsoft has the following certifications:
  24. 24. “The Trusted Cloud”  Whose using Azure in 2017  90% of the fortune 500 Use Microsoft Cloud:  BMW 2016  Concept to Production in less than a year to develop Azure connected vehicle dashboard sold in every vehicle today  Mobile companion app that allows you see stats of car and unlock the vehicle which is all running through Azure backend  Ford, Toyota, and others have integrated vehicles into Azure  AccuWeather (6 billion API weather calls per day from apps all over the weather)  GEICO, in very heavily regulated industry, has moved all of its customer facing and business processing systems to the cloud.  Walmart has Ecommerce and mobile based solutions are in the Azure cloud  Infrastructure  38 Regions and growing as of March 13 2017. Open a new region about every other month.  Datacenters implement multi-layer physical security
  25. 25. “The Trusted Cloud”  Security: We keep your customer data safe (https://azure.microsoft.com/en-us/support/trust-center/)  Managing and controlling identity and user access to your environments, data, and applications by federating user identities to Azure Active Directory and enabling multi-factor authentication for more secure sign-in.  Encrypting communications and operation processes. For data in transit, Azure uses industry-standard transport protocols between user devices and Microsoft datacenters, and within datacenters themselves. For data at rest, Azure offers a wide range of encryption capabilities up to AES-256, giving you the flexibility to choose the solution that best meets your needs.  Securing networks. Azure provides the infrastructure necessary to securely connect virtual machines to one another and to connect on-premises datacenters with Azure VMs. Azure blocks unauthorized traffic to and within Microsoft datacenters, using a variety of technologies. Azure Virtual Network extends your on-premises network to the cloud through site-to-site VPN.  Managing threats. To protect against online threats, Azure offers Microsoft Antimalware for cloud services and virtual machines. Microsoft also employs intrusion detection, denial-of-service (DDoS) attack prevention, regular penetration testing, and data analytics and machine learning tools to help mitigate threats to the Azure platform.
  26. 26. Trustworthy foundation BUILT ON MICROSOFT EXPERIENCE AND INNOVATION 20+ Data Centers Trustworthy Computing Initiative Security Development LifecycleGlobal Data Center Services Malware Protection Center Microsoft Security Response Center Windows Update 1st Microsoft Data Center Active Directory SOC 1 CSA Cloud Controls Matrix PCI DSS Level 1 FedRAMP/ FISMAUK G-Cloud Level 2 ISO/IEC 27001:2005 HIPAA/ HITECH Digital Crimes Unit SOC 2 E.U. Data Protection Directive Operations Security Assurance
  27. 27. Trustworthy foundation BUILT ON MICROSOFT EXPERIENCE AND INNOVATION Trustworthy Computing Initiative Security Development LifecycleGlobal Data Center Services Malware Protection Center Microsoft Security Response Center Microsoft Update Active Directory SOC 1 CSA Cloud Controls Matrix PCI DSS Level 1 FedRAMP/ FISMAUK G-Cloud Level 2 ISO/IEC 27001:2005 HIPAA/ HITECH Digital Crimes Unit SOC 2 E.U. Data Protection Directive Operations Security Assurance 1st Microsoft Data Center 20+ Data Centers: Operating Microsoft Azure in 8 data centers around the world 20+ Data Centers
  28. 28. Microsoft Azure 27 UNIFIED PLATFORM FOR MODERN BUSINESS
  29. 29. 20+ Data Centers Trustworthy foundation BUILT ON MICROSOFT EXPERIENCE AND INNOVATION Trustworthy Computing Initiative Security Development LifecycleGlobal Data Center Services Windows Update 1st Microsoft Data Center Active Directory SOC 1 CSA Cloud Controls Matrix PCI DSS Level 1 FedRAMP/ FISMAUK G-Cloud Level 2 ISO/IEC 27001:2005 HIPAA/ HITECH Digital Crimes Unit SOC 2 E.U. Data Protection Directive Operations Security Assurance Malware Protection Center Microsoft Security Response Center Security Centers of Excellence: Protecting Microsoft customers by combatting evolving threats
  30. 30. 20+ Data Centers Trustworthy foundation BUILT ON MICROSOFT EXPERIENCE AND INNOVATION Trustworthy Computing Initiative Security Development LifecycleGlobal Data Center Services Malware Protection Center Microsoft Security Response Center Windows Update 1st Microsoft Data Center Active Directory SOC 1 CSA Cloud Controls Matrix PCI DSS Level 1 FedRAMP/ FISMAUK G-Cloud Level 2 ISO/IEC 27001:2005 HIPAA/ HITECH SOC 2 E.U. Data Protection Directive Operations Security Assurance Digital Crimes Unit Digital Crimes Unit: Using legal and technical expertise to disrupt the way cybercriminals operate
  31. 31. 20+ Data Centers Trustworthy foundation BUILT ON MICROSOFT EXPERIENCE AND INNOVATION Trustworthy Computing Initiative Security Development LifecycleGlobal Data Center Services Malware Protection Center Microsoft Security Response Center Windows Update 1st Microsoft Data Center Active Directory Digital Crimes Unit SOC 1 CSA Cloud Controls Matrix PCI DSS Level 1 FedRAMP/ FISMAUK G-Cloud Level 2 ISO/IEC 27001:2005 HIPAA/ HITECH SOC 2 E.U. Data Protection Directive Compliance Standards: Investing heavily in robust compliance processes, including ISO 27001, FedRAMP, and HIPAA Operations Security Assurance
  32. 32. Microsoft Azure 31 Automated Managed Resources Elastic Usage Based UNIFIED PLATFORM FOR MODERN BUSINESS
  33. 33. Unified platform for modern business Microsoft commitment
  34. 34. ISO 27001:5 NIST 800-53 SOC 1 Type 2 SOC 2 Type 2 FedRAMP/FISMA PCI DSS Level 1 UK G-Cloud US-EU Safe Harbor Information security standards Effective controls Government & industry certifications Simplified compliance
  35. 35. 34 Security compliance strategy Security analytics Risk management best practices Security benchmark analysis Test and audit Security Compliance Framework • Security goals set in context of business and industry requirements • Security analytics & best practices deployed to detect and respond to threats • Benchmarked to a high bar of certifications and accreditations to ensure compliance • Continual monitoring, test and audit
  36. 36. 35 Program Description ISO/IEC 27001 Internationally recognized information security standard, broadly accepted outside U.S. PCI DSS Level 1 Information security standard designed to prevent fraud through controls around credit card data UK G-Cloud IL2 ‘Protect' level of security for data processing, storage and transmission by UK public sector organization including local and regional government SSAE 16 / ISAE 3402 Accounting standard relied upon as the authoritative guidance for reporting on service organizations (SOC 1, SOC 2, SOC 3) FedRAMP/FISMA U.S. Federal law enacted in 2002, based on NIST 800 series, 18 control domains, with in-depth audit, and applies to all U.S. Federal agencies Certifications & programs
  37. 37. Contractual commitments EU Data Privacy Approval • Microsoft makes strong contractual commitments to safeguard customer data covered by HIPAA BAA, Data Processing Agreement, & E.U. Model Clauses • Enterprise cloud-service specific privacy protections benefit every industry & region • Microsoft meets high bar for protecting privacy of EU customer data • EU Data Privacy approval allows Microsoft to transfer personal data across international borders • Only Microsoft is jointly approved from EU Article 29 Broad contractual scope
  38. 38. Security & Compliance Tools and Resources  Microsoft has taken on the responsibility to provide tools and information that will enable our customers to deploy our cloud services with the highest confidence that they are safe and compliant. Dervish Tayyip, General Counsel, Microsoft Corp https://blogs.microsoft.com/eupolicy/2016/11/10/microsoft-cloud-assurance-legal- regulatory-compliance-for-cloud-computing/#pmD5xEGu7XcQCa15.99  Cloud Computing Compliance Tools Central Repo: Microsoft Trust Center  Cloud Service Due Diligence Checklist: In anticipation for your organization’s move to the cloud, please review ISO/IEC 19086-1 and the Cloud Services Due Diligence Checklist.  Auditing Logging tools  Built into the cloud from the ground up. Wasn’t an after thought  Auditing and logging Overview  Examples:  How to: Monitor Apps in Azure App Service  Storage Analytics Logging  Creating alerts in Azure Monitor for Azure services  Azure AD Privileged Identity Management
  39. 39. Security & Compliance Tools and Resources  Well-Defined System Configuration Models  Azure’s recent transition from Service Manager to Resource Manager model  Security and Data Encryption Services  Azure Key Vault: Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications and services.  Client-Side Encryption and Azure Key Vault for Microsoft Azure Storage: Supports encrypting data within client applications before uploading to Azure Storage, and decrypting data while downloading to the client. The library also supports integration with Azure Key Vault for storage account key management  Tutorials: Encrypt and decrypt blobs in Microsoft Azure Storage using Azure Key Vault
  40. 40. Closing Comments  Azure is more secure than your data center  The bigger the IT spend, the more Azure makes sense  Conduct an accurate and thorough risk analysis that incorporates all information technology equipment, applications and data systems storing PII, PCI;  Create and maintain a risk management plan;  Implement policies and procedures and retain for six years;  Reasonably safeguard the electronic PII and PCI using prevailing practices;  Encrypt computing devices and storage media;  Obtain satisfactory assurances in the form of a written business associate agreement;  Monitor and maintain user provisioning, such as not removing user access in a timely manner.  Top 12 Recommendations for Your Security Strategy
  41. 41. Questions ?? ? ?
  42. 42. Constructive Feedback Is Appreciated Great information, but would like to have learned more about [Insert Topic]Brian – Your presentation was … Good Demos! Thanks!
  43. 43. Thank you! Brian Culver, MCM Twitter: @spbrianculver E-mail: brian.culver(at)expertpointsolutions.com Blog: http://blog.expertpointsolutions.com/ Slides: http://www.slideshare.net/bculver Alvin Vaughn, CISSP E-mail: Alvin.Vaughn(at)expertpointsolutions.com

×