Secure Your Cloud Migration - Secureworld 2019 Charlotte
1. How I Learned To Love Our Cloud
Securing Your Cloud Estate & Migration
Mike Brannon
2. Generational Tech Change: Leave IBM Mainframe
• Mainframe Deployed in 1985 – Decommission NOW
• SAP HANA (Hosted) Taking Over as System of Record
• IBM Z-OS Mainframe Retired Entirely (on premise)
• Shift: MF On Premise to Hosted SAP to Azure Cloud
3. Keeping Pace: Updated Digital Workplace
• Windows7/Office2010 – OLDER Windows Servers – Working But Outdated = More Risky!
• Move to Win10 Enterprise - EMS/Mobile & Office 365 – Azure Servers & Services
• MUCH MORE SECURE By Design and Deployment (more to come! -> “Zero Trust”!)
• Evolution: From On Premise Servers/Services to Hosted SAP & Azure / SaaS Cloud
• Shifting to SaaS Solutions Integrated Via SSO and more modern approaches
4. Make Our New Systems MORE Secure!
• Less Data And Content Means Less “Attack Surface”
• Far Easier To Defend LESS Data – Also Well Defined (Labeled)
• Data Classification and Access Tracking FAR Easier
• Retire OLD Servers / PCs – New OSes Far MORE Secure
• Azure/Server 2016 and Windows 10 Better Built/Better Defended
• Microsoft Delivers Updates, Enhancements Regularly (ready or not!)
• Lots of Tools – Microsoft 365 / O365-EMS-Windows 10E
• Licensed All 3 Tools For Improved / Interlocked Security
• Data / Endpoint / Server-Services Tightly Managed “in Cloud”
7. Why is Over-Retention a Problem?
7
Per GB Costs
Collection:
$125 to $6,700
$26,250 to $1.4Million
Processing:
$600 to $6,000
$6,000 to $60,000
Review:
$1,800 to $210,000
$4,140 to $483,000
From $36,390 UP to $1.9Million!
9. Standing On The Shoulders Of Giants
To promote the use of best practices for providing security assurance within
Cloud Computing, and provide education on the uses of Cloud Computing
to help secure all other forms of computing.
Celebrated its 10th Anniversary at recent summit meeting!!
Software Defined Perimeter
10. Securing Privileged Access
Office 365 Security
Rapid Cyberattacks
(Wannacrypt/Petya)
https://aka.ms/MCRA Video Recording Strategies
SQL Encryption &
Data Masking
Office 365
Dynamics 365
+Monitor
Data Loss Protection
Data Governance
eDiscovery
14. SecureScore Page / Widgets
1. Page: https://securescore.office.com/#!/dashboard
2. Security Reader or Admin role (AzureAD roles)
3. Analyze and Improve Score! (guidance suggested)
4. Compare your Score to like sizes / companies
5. Drive by RISK – Engage Compliance tooling
Leverage Recommended Actions
1. Queue of possible actions – VERY directed –
2. Improve from 247 (current) to 514 of possible 644
3. MFA authentication gains the MOST – Office 365
4. Add Defender ATP to get a Windows Score, Actions
16. What is Intune?
Register / Manage Devices
DEP / Company Owned or BYOD
Configure / Enforce Compliance
Application Delivery
Data / App Protection
Containerize Our Data on Devices
SW Defined Perimeter/PKI Support
Conditional Access
Support for rules and tools
26. Secure Identity Infrastructure
1. Strengthen your credentials.
2. Reduce your attack surface area.
3. Automate threat response.
4. Increase your awareness of auditing and monitoring.
5. Enable more predictable and complete end-user
security with self-help.
Use Conditional Access – Trusted Devices
1. Only trusted Devices and Users get access to
enterprise data and applications
2. Different rules can invoke MORE or less security and
risk protections (next slide)