Know within Microsoft Cloud (Azure, Office 365, Dynamics 365, Yammer, and PowerBI): how your data will be stored, who has access to your data, how Government and Law Enforcement data request is handled, how can you find and react to a breach, and how you can perform risk assessment with your cloud service provider.
Based in 6 offices globally, the company provides policy analysis, strategic advice, transformational change management, operational optimization, project and portfolio management, systems engineering, information assurance, and cyber security expertise to support critical infrastructure clients across 4 continents. The company gives clients the ability to understand cyber threats to safety through a collection of methods, models and tools to analyze cybersecurity risks and hazard impacts via attack path modeling and simulation. They help clients mitigate safety and operational risks through improving visibility of system components, controls, and assurance of system capability.
This document provides an overview and summary of security features in SQL Server 2014/2016 and 2017, including row-level security, dynamic data masking, always encrypted, and backup encryption. It describes the benefits of each feature, such as providing fine-grained access control, regulatory compliance, sensitive data protection, and increasing security of backups. Examples and concepts are provided for row-level security and key provisioning for always encrypted. The document is authored by Maximiliano Accotto, a data platform MVP since 2005.
Radix Technologies provides international mobility solutions using cloud-based Software as a Service applications. Managing a globally mobile workforce can be challenging for HR departments, as they often coordinate multiple service providers. ViaExpat allows HR, employees, service providers, and management to communicate and share expatriate transfer information in real time through a secure collaborative platform in the cloud. This electronic data management solution helps organizations collect, store, and retrieve expatriate emails, documents and other information. It also integrates easily with other business software applications.
This document outlines an agenda for solving common problems when managing a hybrid Microsoft infrastructure. The agenda includes discussions on why monitoring and managing a hybrid cloud is critical by addressing challenges around reducing complexity, costs, and ensuring quality of service. It will provide overviews of the MetaVis platform and GSX Solutions for monitoring, managing, and reporting on hybrid environments. The combination of MetaVis and GSX is said to provide comprehensive monitoring and management of Microsoft infrastructures from an end-user perspective.
O365Con18 - Protecting your Data in Office 365 - Arjan CornelissenNCCOMMS
The document discusses security in Office 365 and provides statistics on cybercrime costs and common attacks. It then summarizes Microsoft's approach to security including multi-factor authentication, conditional access policies, and tools to protect devices, applications, and privileged identities. Screenshots demonstrate features like conditional access for SharePoint and the Identity Secure Score dashboard.
Radix Technologies provides international mobility solutions using cloud-based software applications. This allows HR departments, management, service providers, and assignees to communicate and share transfer information in real time. The cloud platform provides a secure and collaborative solution for managing employee transfers. It allows users to store, manage, and retrieve emails, chats and documents related to employee transfers.
The document discusses a clinical trial management platform called Cytel ACES that helps centralize clinical study data and documents. It streamlines communications and workflows to reduce timelines and increase security and compliance. ACES provides a cost-effective solution to securely share electronic data and interim analysis results. It offers a validated framework to restrict unintended access and eliminate potential for bias through role-based security and auditing of document access.
This presentation is designed to help customers using StratexPoint, Ascendore's Integrated GRC software solution, specifically its 'Copy & Move' webpart.
Based in 6 offices globally, the company provides policy analysis, strategic advice, transformational change management, operational optimization, project and portfolio management, systems engineering, information assurance, and cyber security expertise to support critical infrastructure clients across 4 continents. The company gives clients the ability to understand cyber threats to safety through a collection of methods, models and tools to analyze cybersecurity risks and hazard impacts via attack path modeling and simulation. They help clients mitigate safety and operational risks through improving visibility of system components, controls, and assurance of system capability.
This document provides an overview and summary of security features in SQL Server 2014/2016 and 2017, including row-level security, dynamic data masking, always encrypted, and backup encryption. It describes the benefits of each feature, such as providing fine-grained access control, regulatory compliance, sensitive data protection, and increasing security of backups. Examples and concepts are provided for row-level security and key provisioning for always encrypted. The document is authored by Maximiliano Accotto, a data platform MVP since 2005.
Radix Technologies provides international mobility solutions using cloud-based Software as a Service applications. Managing a globally mobile workforce can be challenging for HR departments, as they often coordinate multiple service providers. ViaExpat allows HR, employees, service providers, and management to communicate and share expatriate transfer information in real time through a secure collaborative platform in the cloud. This electronic data management solution helps organizations collect, store, and retrieve expatriate emails, documents and other information. It also integrates easily with other business software applications.
This document outlines an agenda for solving common problems when managing a hybrid Microsoft infrastructure. The agenda includes discussions on why monitoring and managing a hybrid cloud is critical by addressing challenges around reducing complexity, costs, and ensuring quality of service. It will provide overviews of the MetaVis platform and GSX Solutions for monitoring, managing, and reporting on hybrid environments. The combination of MetaVis and GSX is said to provide comprehensive monitoring and management of Microsoft infrastructures from an end-user perspective.
O365Con18 - Protecting your Data in Office 365 - Arjan CornelissenNCCOMMS
The document discusses security in Office 365 and provides statistics on cybercrime costs and common attacks. It then summarizes Microsoft's approach to security including multi-factor authentication, conditional access policies, and tools to protect devices, applications, and privileged identities. Screenshots demonstrate features like conditional access for SharePoint and the Identity Secure Score dashboard.
Radix Technologies provides international mobility solutions using cloud-based software applications. This allows HR departments, management, service providers, and assignees to communicate and share transfer information in real time. The cloud platform provides a secure and collaborative solution for managing employee transfers. It allows users to store, manage, and retrieve emails, chats and documents related to employee transfers.
The document discusses a clinical trial management platform called Cytel ACES that helps centralize clinical study data and documents. It streamlines communications and workflows to reduce timelines and increase security and compliance. ACES provides a cost-effective solution to securely share electronic data and interim analysis results. It offers a validated framework to restrict unintended access and eliminate potential for bias through role-based security and auditing of document access.
This presentation is designed to help customers using StratexPoint, Ascendore's Integrated GRC software solution, specifically its 'Copy & Move' webpart.
The data-liberator toolkit allows data sources to connect to the MenSagam platform by providing APIs that enable querying of underlying data even if the data source itself does not support queriable APIs. The free and open source toolkit can be installed on infrastructure like Tomcat to give users access to the data source's data and allow various MenSagam tools and third party applications to analyze the data. The data source maintains control over securing access and determining what specific data is exposed through the APIs.
The document discusses various risks and security considerations related to cloud computing. It covers assessing risks from real world, corporate, and technical perspectives. Key risks include user access, data location, recovery risks, and ensuring regulatory compliance. The document also provides an overview of security standards like PCI compliance and approaches to securing confidential data and applications in the cloud.
Protect customer's personal information eng 191018sang yoo
Let's take a look at the mcloudoc-based personal information protection function!
First of all, by unifying the personal information management points, all information managed sporadically on a personal PC is easily managed, reducing the management cost!
In addition, it is possible to control the personal information document because the authority to handle the document can be granted depending on the role of the employee who manages the personal information document.
Even personal information hidden in centralized documents can be detected, and the work history of users using personal information documents can also be tracked, which can also be used to leak malicious documents.
Now, how about realizing the protection of personal information documents with mcloudoc?
Start with mcloudoc!
Web applications are valuable tools for businesses but also attractive targets for attackers seeking sensitive customer, business, and corporate data. As organizations increasingly rely on web applications to power their operations, defending these applications from cybercriminals looking to profit from illegal activities like identity theft and fraud is critical. The GamaSec solution provides a cost-effective way to protect mission critical web applications and their sensitive data from attacks and security breaches that could result in service disruptions, downtime, lost productivity, stolen information, and damage to reputation.
This document outlines the table of contents for a project on securing cloud data. It discusses the existing problems of data security in cloud computing and the limitations of current encryption methods. It then proposes using decoy information technology called "fog computing" to launch disinformation attacks against malicious insiders and prevent them from distinguishing real data from fake data. The document also reviews security issues for different cloud service models like PaaS and IaaS and lists the software and hardware requirements for the project.
Hopper Healthcare provides end-to-end healthcare software consulting and custom software development services including custom and packaged software, product augmentation, onshore and offshore development, big data and analytics solutions, IT and cloud hosting, and healthcare-specific solutions and portals. Their services also include a healthcare billing system, time survey software, EDI processing, data management, and reporting capabilities.
Turn on audit logging and configure increased security settings in the Office 365 tenant to regularly monitor dashboards and reports for any anomalies or threats. Connect Office 365 to Microsoft Cloud App Security and implement protection for admin accounts including using dedicated accounts, enforcing multi-factor authentication, and using a secure Windows 10 device. Also enable Azure Active Directory Identity Protection and enforce account security policies for federated environments. Review information protection recommendations which require organizational coordination such as those for GDPR compliance and securing SharePoint Online sites.
Office 365 security concerns, EU General Data Protection Regulation (GDPR) Sonja Madsen
Office 365 provides access to information from different devices not only from secure office locations,
but also from just about any location in the world. Data security, governance and compliance are the biggest concerns.
This talk is about the robust security that is built into Office 365: data loss prevention,
mobile device management, password and multi-factor authentication, message encryption,
EU General Data Protection Regulation (GDPR) and Rights Management Service.
The document discusses secure web application development. It covers topics like configuration management, sensitive data handling, and session management. Configuration management aims to maintain consistency of a product's attributes over its lifetime. Sensitive data refers to personal information like credit card numbers or social security numbers. Session management is needed because HTTP is stateless, so sessions allow tracking users across multiple requests using a session ID.
Case Study For Real Estate Investment & Property Search Mike Taylor
Real Estate Investment & Property Search Site is an intelligent search engine for property investors to meet their needs of the real-estate owners, operators and managers.
CipherCloud, the pioneer in cloud information security, empowers organizations to receive the cloud while guaranteeing information assurance, consistence, and control. CipherCloud conveys a far reaching multi-cloud security stage that coordinates propelled information assurance, versatile strategy controls, observing, cloud hazard investigation. The biggest budgetary administrations, protection, social insurance, media transmission and government associations crosswise over in excess of 25 nations have put their trust in CipherCloud.
MicroAge offers technology assessments to analyze a company's IT environment, identify vulnerabilities and opportunities to reduce costs and streamline processes. The assessments provide a clear understanding of a company's current infrastructure and are the first step in developing technology solutions aligned with their business goals. MicroAge has decades of experience and expert certifications to create the right solution for each client.
Enterprise system integration challenges you may face
Often organizations use a shared communication medium. The complex structure force transferring the same data over the system many times and cause a loss of the bandwidth.
If communication is based on third-party infrastructure, the cost for the data transfer increases and a strong dependence on the independent operator increases.
Maintenance and documentation of complex architecture is a real challenge for administrators.
If subsystems have various methods of authorization, authentication and user rights management, it is almost impossible to keep an appropriate level of security. As a consequence, it fails to establish a stable communication or loss of data.
Contact Deltadata for Complete System Integration Solutions.
This document provides an overview of Microsoft's Cybersecurity Reference Architectures (MCRA). It begins with an introduction to MCRA and related topics like Zero Trust. It then discusses implementation considerations for architects, technical managers, CIOs, and CISOs. The document outlines various security roles and provides guidance on security strategy, programs, and initiatives. It also lists several Microsoft and third-party resources for security documentation, benchmarks, frameworks, and more. Finally, it discusses key principles for a Zero Trust approach and how Microsoft products can help implement Zero Trust architectures across networks, applications, endpoints, identities, data, and infrastructure.
De waarde en toepassingen van Cloud groeien, vertrouwen blijft uitdagend. De dialoog tussen organisaties en Cloud-leverancier(s) rondom security, privacy en rechtmatigheid is daarin fundamenteel. In deze presentatie gaan we in op een aantal veel voorkomende zorgen rondom de inzet van Cloud. Tevens beschrijven we een praktisch waarborgenmodel, dat kan dienen als kader bij de evaluatie van Cloud-diensten en daarmee het vertrouwen in de Cloud kan helpen verhogen. Heeft u zelf vragen? Stel ze gerust en ga de dialoog aan; Cloud is uiteindelijk een partnerschap!
here's where Microsoft has invested, across these areas: identity and access management, apps and data security, network security, threat protection, and security management.
We’ve put a tremendous amount of investment into these areas and the way it shows up is across a pretty broad array of product areas and features.
Our Identity and Access Management tools enable you to take an identity-based approach to security, and establish truly conditional access policies
Our App and Data Security help you protect your apps and your data as it moves around—both inside and outside your organization
Azure includes a robust networking infrastructure with built-in security controls for your application and service connectivity.
Our Threat Protection capabilities are built in and fully integrated, so you can strengthen both pre-breach protection with deep capabilities across e-mail, collaboration services, and end points including hardware based protection; and post-breach detection that includes memory and kernel based protection and response with automation.
And our Security Management tools give you the visibility and more importantly the guidance to manage policy centrally
Security Essentials For Startups Taking Their First Steps As Cloud Providers.
This deck is based on the the below paper: https://chapters.cloudsecurityalliance.org/israel/papers/
The document provides an overview of a webinar on Microsoft security, compliance, and identity fundamentals presented by Vignesh Ganesan. The webinar covers Microsoft 365 security, Microsoft compliance solutions like information protection and governance, and Microsoft identity including Azure Active Directory. It summarizes the three main components that will be focused on: Microsoft security, Microsoft identity, and Microsoft compliance. It also outlines some of the key capabilities within each area and compares Microsoft's offerings to other vendors in the space.
Microsoft Azure Rights Management provides a comprehensive policy-based enterprise solution to help protect your valuable information, no matter whom you share it with. For $2.00 per user per month, you get Information Rights Management capabilities such as Do Not Forward and Company Confidential, as well as Office 365 Message Encryption, which allows you send encrypted emails to anyone!
Easily enforce policies to improve data security
Both Information Rights Management and Office 365 Message Encryption are policy based and designed to work with the Exchange transport rule engine. That means Microsoft Azure Rights Management allows you to set up complex policy restrictions easily, with just a single action.
Simple and convenient communication management
Information Rights Management is built to work across multiple workloads such as Exchange, SharePoint, and Office documents, and it makes it easier to set restrictions and provide permissions. Office 365 Message Encryption comes with a modern user interface that makes it easy to use.
Through 2020, 95% of cloud security failures will be the customer's fault according to Gartner. While cloud providers offer security controls, cloud security is ultimately a shared responsibility between the customer and provider. It is the customer's responsibility to properly configure security controls within their cloud environment.
Recording of monthly Need to Know webinar for May 2023 that focused on providing a deep dive into Exchange Online Protection. The session also includes Microsoft Cloud news and updates along with an open Q and A session around Microsoft 365. Video recording is available at www.ciaopsacademy.com
The data-liberator toolkit allows data sources to connect to the MenSagam platform by providing APIs that enable querying of underlying data even if the data source itself does not support queriable APIs. The free and open source toolkit can be installed on infrastructure like Tomcat to give users access to the data source's data and allow various MenSagam tools and third party applications to analyze the data. The data source maintains control over securing access and determining what specific data is exposed through the APIs.
The document discusses various risks and security considerations related to cloud computing. It covers assessing risks from real world, corporate, and technical perspectives. Key risks include user access, data location, recovery risks, and ensuring regulatory compliance. The document also provides an overview of security standards like PCI compliance and approaches to securing confidential data and applications in the cloud.
Protect customer's personal information eng 191018sang yoo
Let's take a look at the mcloudoc-based personal information protection function!
First of all, by unifying the personal information management points, all information managed sporadically on a personal PC is easily managed, reducing the management cost!
In addition, it is possible to control the personal information document because the authority to handle the document can be granted depending on the role of the employee who manages the personal information document.
Even personal information hidden in centralized documents can be detected, and the work history of users using personal information documents can also be tracked, which can also be used to leak malicious documents.
Now, how about realizing the protection of personal information documents with mcloudoc?
Start with mcloudoc!
Web applications are valuable tools for businesses but also attractive targets for attackers seeking sensitive customer, business, and corporate data. As organizations increasingly rely on web applications to power their operations, defending these applications from cybercriminals looking to profit from illegal activities like identity theft and fraud is critical. The GamaSec solution provides a cost-effective way to protect mission critical web applications and their sensitive data from attacks and security breaches that could result in service disruptions, downtime, lost productivity, stolen information, and damage to reputation.
This document outlines the table of contents for a project on securing cloud data. It discusses the existing problems of data security in cloud computing and the limitations of current encryption methods. It then proposes using decoy information technology called "fog computing" to launch disinformation attacks against malicious insiders and prevent them from distinguishing real data from fake data. The document also reviews security issues for different cloud service models like PaaS and IaaS and lists the software and hardware requirements for the project.
Hopper Healthcare provides end-to-end healthcare software consulting and custom software development services including custom and packaged software, product augmentation, onshore and offshore development, big data and analytics solutions, IT and cloud hosting, and healthcare-specific solutions and portals. Their services also include a healthcare billing system, time survey software, EDI processing, data management, and reporting capabilities.
Turn on audit logging and configure increased security settings in the Office 365 tenant to regularly monitor dashboards and reports for any anomalies or threats. Connect Office 365 to Microsoft Cloud App Security and implement protection for admin accounts including using dedicated accounts, enforcing multi-factor authentication, and using a secure Windows 10 device. Also enable Azure Active Directory Identity Protection and enforce account security policies for federated environments. Review information protection recommendations which require organizational coordination such as those for GDPR compliance and securing SharePoint Online sites.
Office 365 security concerns, EU General Data Protection Regulation (GDPR) Sonja Madsen
Office 365 provides access to information from different devices not only from secure office locations,
but also from just about any location in the world. Data security, governance and compliance are the biggest concerns.
This talk is about the robust security that is built into Office 365: data loss prevention,
mobile device management, password and multi-factor authentication, message encryption,
EU General Data Protection Regulation (GDPR) and Rights Management Service.
The document discusses secure web application development. It covers topics like configuration management, sensitive data handling, and session management. Configuration management aims to maintain consistency of a product's attributes over its lifetime. Sensitive data refers to personal information like credit card numbers or social security numbers. Session management is needed because HTTP is stateless, so sessions allow tracking users across multiple requests using a session ID.
Case Study For Real Estate Investment & Property Search Mike Taylor
Real Estate Investment & Property Search Site is an intelligent search engine for property investors to meet their needs of the real-estate owners, operators and managers.
CipherCloud, the pioneer in cloud information security, empowers organizations to receive the cloud while guaranteeing information assurance, consistence, and control. CipherCloud conveys a far reaching multi-cloud security stage that coordinates propelled information assurance, versatile strategy controls, observing, cloud hazard investigation. The biggest budgetary administrations, protection, social insurance, media transmission and government associations crosswise over in excess of 25 nations have put their trust in CipherCloud.
MicroAge offers technology assessments to analyze a company's IT environment, identify vulnerabilities and opportunities to reduce costs and streamline processes. The assessments provide a clear understanding of a company's current infrastructure and are the first step in developing technology solutions aligned with their business goals. MicroAge has decades of experience and expert certifications to create the right solution for each client.
Enterprise system integration challenges you may face
Often organizations use a shared communication medium. The complex structure force transferring the same data over the system many times and cause a loss of the bandwidth.
If communication is based on third-party infrastructure, the cost for the data transfer increases and a strong dependence on the independent operator increases.
Maintenance and documentation of complex architecture is a real challenge for administrators.
If subsystems have various methods of authorization, authentication and user rights management, it is almost impossible to keep an appropriate level of security. As a consequence, it fails to establish a stable communication or loss of data.
Contact Deltadata for Complete System Integration Solutions.
This document provides an overview of Microsoft's Cybersecurity Reference Architectures (MCRA). It begins with an introduction to MCRA and related topics like Zero Trust. It then discusses implementation considerations for architects, technical managers, CIOs, and CISOs. The document outlines various security roles and provides guidance on security strategy, programs, and initiatives. It also lists several Microsoft and third-party resources for security documentation, benchmarks, frameworks, and more. Finally, it discusses key principles for a Zero Trust approach and how Microsoft products can help implement Zero Trust architectures across networks, applications, endpoints, identities, data, and infrastructure.
De waarde en toepassingen van Cloud groeien, vertrouwen blijft uitdagend. De dialoog tussen organisaties en Cloud-leverancier(s) rondom security, privacy en rechtmatigheid is daarin fundamenteel. In deze presentatie gaan we in op een aantal veel voorkomende zorgen rondom de inzet van Cloud. Tevens beschrijven we een praktisch waarborgenmodel, dat kan dienen als kader bij de evaluatie van Cloud-diensten en daarmee het vertrouwen in de Cloud kan helpen verhogen. Heeft u zelf vragen? Stel ze gerust en ga de dialoog aan; Cloud is uiteindelijk een partnerschap!
here's where Microsoft has invested, across these areas: identity and access management, apps and data security, network security, threat protection, and security management.
We’ve put a tremendous amount of investment into these areas and the way it shows up is across a pretty broad array of product areas and features.
Our Identity and Access Management tools enable you to take an identity-based approach to security, and establish truly conditional access policies
Our App and Data Security help you protect your apps and your data as it moves around—both inside and outside your organization
Azure includes a robust networking infrastructure with built-in security controls for your application and service connectivity.
Our Threat Protection capabilities are built in and fully integrated, so you can strengthen both pre-breach protection with deep capabilities across e-mail, collaboration services, and end points including hardware based protection; and post-breach detection that includes memory and kernel based protection and response with automation.
And our Security Management tools give you the visibility and more importantly the guidance to manage policy centrally
Security Essentials For Startups Taking Their First Steps As Cloud Providers.
This deck is based on the the below paper: https://chapters.cloudsecurityalliance.org/israel/papers/
The document provides an overview of a webinar on Microsoft security, compliance, and identity fundamentals presented by Vignesh Ganesan. The webinar covers Microsoft 365 security, Microsoft compliance solutions like information protection and governance, and Microsoft identity including Azure Active Directory. It summarizes the three main components that will be focused on: Microsoft security, Microsoft identity, and Microsoft compliance. It also outlines some of the key capabilities within each area and compares Microsoft's offerings to other vendors in the space.
Microsoft Azure Rights Management provides a comprehensive policy-based enterprise solution to help protect your valuable information, no matter whom you share it with. For $2.00 per user per month, you get Information Rights Management capabilities such as Do Not Forward and Company Confidential, as well as Office 365 Message Encryption, which allows you send encrypted emails to anyone!
Easily enforce policies to improve data security
Both Information Rights Management and Office 365 Message Encryption are policy based and designed to work with the Exchange transport rule engine. That means Microsoft Azure Rights Management allows you to set up complex policy restrictions easily, with just a single action.
Simple and convenient communication management
Information Rights Management is built to work across multiple workloads such as Exchange, SharePoint, and Office documents, and it makes it easier to set restrictions and provide permissions. Office 365 Message Encryption comes with a modern user interface that makes it easy to use.
Through 2020, 95% of cloud security failures will be the customer's fault according to Gartner. While cloud providers offer security controls, cloud security is ultimately a shared responsibility between the customer and provider. It is the customer's responsibility to properly configure security controls within their cloud environment.
Recording of monthly Need to Know webinar for May 2023 that focused on providing a deep dive into Exchange Online Protection. The session also includes Microsoft Cloud news and updates along with an open Q and A session around Microsoft 365. Video recording is available at www.ciaopsacademy.com
Webinar Mastering Microsoft Security von BaggenstosJenniferMete1
Microsoft 365 Security und Azure Security, Einhaltung von Compliance-Anforderungen unter Berücksichtigung des neuen Schweizer Datenschutzgesetze, Best Practices bei der Einführung und dem Betrieb von Sicherheitslösungen
Security Architecture Best Practices for SaaS ApplicationsTechcello
Gartner has predicted 18-20% growth in SaaS market, and expects it to hit US $22.1 billion by the year 2015. They have also measured that SaaS adoption rate has increased many fold in the last few years (almost 71% of enterprises use SaaS solutions).
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanNCCOMMS
This document summarizes a presentation about red team vs blue team security approaches in Microsoft Cloud. It introduces the two speakers, Mustafa Toroman and Sasha Kranjac, and provides an exclusive 20% discount code for attendees. The bulk of the document outlines Microsoft Azure security features such as virtual network isolation, DDoS protection, identity and access management with Azure Active Directory, multi-factor authentication, encryption options, and key vault for encryption key management. Platform services and various security tools that can be brought to Microsoft Azure are also listed. The presentation aims to demonstrate how security best practices can be implemented in Microsoft Cloud environments.
Making Sense Of Cloud Computing - by Mark RivingtonCA Nimsoft
1) The document summarizes key aspects of cloud computing including the 5-4-3 model of cloud characteristics, deployment models, and service offering models.
2) It discusses challenges of monitoring cloud environments due to their dynamic and elastic nature, and outlines different monitoring strategies for Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
3) The presentation concludes by emphasizing that Nimsoft can help organizations manage services in the cloud.
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...Amazon Web Services
This document summarizes a presentation about security automation improvements that can be made using Amazon CloudWatch Events and AWS Config Rules. It discusses five examples of automation: automatic CloudTrail remediation, CloudFormation template auditing, AWS CIS Foundation Framework account assessment, auto MFA for IAM users, and automatic isolation of "tainted" servers. Code examples and demonstrations are provided for each automation example. Other security automation tools and resources are also listed.
Legacy monitoring and troubleshooting tools can limit visibility and control over your infrastructure and applications. Organizations must find monitoring and troubleshooting tools that can scale with the volume, variety and velocity of data generated by today’s complex applications in order to keep pace with business demands. Our upcoming webinar will discuss how Sumo Logic helped Scripps Networks harness cloud-native machine data analytics to improve application quality and reliability on AWS. Sumo Logic allows IT operations teams to visualize and monitor workloads in real-time, identify issues and expedite root-cause analysis across the AWS environment.
Join us to learn:
• How to migrate from traditional on-premises data centers to AWS with confidence
• How to improve the monitoring and troubleshooting of modern applications
• How Scripps Networks, a leading content developer, used Sumo Logic to optimize their transition to AWS
Who should attend: Developers, DevOps Director/Manager, IT Operations Director/Manager, Director of Cloud/Infrastructure, VP of Engineering
The document provides an agenda and details for a Microsoft Tech Talk event. It includes a schedule with check-in from 12:45-1:00 PM, a welcome and kickoff starting at 1:00 PM, and a Q&A session from 2:45 PM. It also provides information on facilities like restrooms and WiFi access. Microsoft Tech Talks are designed to bring IT leaders together at a Microsoft facility for discussions on Microsoft technology and networking opportunities. Presentations are given by Microsoft experts and cover new products, features, and services. These events have over 2500 members across various local meetup groups.
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...Microsoft Österreich
The document discusses Microsoft's approach to data protection and compliance with the GDPR. It provides an overview of Microsoft's security operations, including its cyber defense operations center and intelligence security graph. It also describes Microsoft's Next Generation Privacy framework for inventorying and standardizing how customer data is treated. Tools like SecureScore and the Compliance Manager are introduced for assessing compliance and managing tasks. Additional resources on GDPR, security reference architectures and blogs are listed in an appendix.
The document discusses secure cloud computing and software as a service (SaaS) acceleration services. It provides an overview of key cloud computing attributes like elasticity and pay-per-use models. It then discusses the financial benefits of cloud computing and common cloud usage models. The document focuses on security as the top concern for cloud computing and outlines Unisys' secure cloud solutions including encryption, security monitoring, and certified data centers. Unisys' SaaS accelerator portfolio is presented including infrastructure as a service, platform as a service, and application management services.
The document discusses challenges facing today's enterprises including cutting costs, driving value with tight budgets, maintaining security while increasing access, and finding the right transformative capabilities. It then discusses challenges in building applications such as scaling, availability, and costs. The document introduces the Windows Azure platform as a solution, highlighting its fundamentals of scale, automation, high availability, and multi-tenancy. It provides considerations for using cloud computing on or off premises and discusses ownership models.
Microsoft Security Advice ISSA Slides.pptxMike Brannon
The document provides guidance on securing Microsoft 365 services through tools like Conditional Access policies and Zero Trust concepts. It recommends emphasizing identity security using Azure AD, enforcing multi-factor authentication, and applying Conditional Access rules. The document also provides references to security advisors and resources like books, blogs, and Twitter accounts that provide best practices for securing Microsoft 365.
The document discusses challenges facing today's enterprises such as cutting costs, driving value with tight budgets, maintaining security while increasing access, and finding the right transformative capabilities. It then discusses challenges in building applications related to scaling, availability, and costs. The remainder summarizes Microsoft's Windows Azure cloud computing platform, how it addresses these challenges, example use cases, and pricing models.
Similar to Getting answers to your top questions for your cloud (20)
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...Fwdays
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
"Scaling RAG Applications to serve millions of users", Kevin GoedeckeFwdays
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxSunil Jagani
Discover how AI is transforming the workplace and learn strategies for reskilling and upskilling employees to stay ahead. This comprehensive guide covers the impact of AI on jobs, essential skills for the future, and successful case studies from industry leaders. Embrace AI-driven changes, foster continuous learning, and build a future-ready workforce.
Read More - https://bit.ly/3VKly70
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
Discover the Unseen: Tailored Recommendation of Unwatched ContentScyllaDB
The session shares how JioCinema approaches ""watch discounting."" This capability ensures that if a user watched a certain amount of a show/movie, the platform no longer recommends that particular content to the user. Flawless operation of this feature promotes the discover of new content, improving the overall user experience.
JioCinema is an Indian over-the-top media streaming service owned by Viacom18.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
"What does it really mean for your system to be available, or how to define w...Fwdays
We will talk about system monitoring from a few different angles. We will start by covering the basics, then discuss SLOs, how to define them, and why understanding the business well is crucial for success in this exercise.
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
Session 1 - Intro to Robotic Process Automation.pdfUiPathCommunity
👉 Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
📕 Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
💻 Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
👉 Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...DanBrown980551
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energy’s Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
ScyllaDB is making a major architecture shift. We’re moving from vNode replication to tablets – fragments of tables that are distributed independently, enabling dynamic data distribution and extreme elasticity. In this keynote, ScyllaDB co-founder and CTO Avi Kivity explains the reason for this shift, provides a look at the implementation and roadmap, and shares how this shift benefits ScyllaDB users.
In our second session, we shall learn all about the main features and fundamentals of UiPath Studio that enable us to use the building blocks for any automation project.
📕 Detailed agenda:
Variables and Datatypes
Workflow Layouts
Arguments
Control Flows and Loops
Conditional Statements
💻 Extra training through UiPath Academy:
Variables, Constants, and Arguments in Studio
Control Flow in Studio
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
"NATO Hackathon Winner: AI-Powered Drug Search", Taras KlobaFwdays
This is a session that details how PostgreSQL's features and Azure AI Services can be effectively used to significantly enhance the search functionality in any application.
In this session, we'll share insights on how we used PostgreSQL to facilitate precise searches across multiple fields in our mobile application. The techniques include using LIKE and ILIKE operators and integrating a trigram-based search to handle potential misspellings, thereby increasing the search accuracy.
We'll also discuss how the azure_ai extension on PostgreSQL databases in Azure and Azure AI Services were utilized to create vectors from user input, a feature beneficial when users wish to find specific items based on text prompts. While our application's case study involves a drug search, the techniques and principles shared in this session can be adapted to improve search functionality in a wide range of applications. Join us to learn how PostgreSQL and Azure AI can be harnessed to enhance your application's search capability.
24. Service Trust Platform https://aka.ms/servicetrust
Audit reports for Azure, Office 365, Dynamics 365,
Yammer and more...
Compliance guides, penetration tests, and technical
white papers
25.
26.
27.
28. perform a risk assessment
and assess the compliance of Microsoft
cloud services
So Caroline let’s see if we can answer top 5 questions from our customers and show how anyone can get in-depth answers for each of the questions
We ask you as customers to make sure you are able to ask and get straight answers for these questions from any and all cloud service providers.
As customers consider the transition to the cloud, we often hear that they want to ensure that their security, privacy and compliance requirements are met.
At Microsoft, we believe that we need to make it super easy for customers to get answers to the following questions:
How Microsoft safeguards confidentiality, privacy, integrity, availability, and reliability of my data?
Who has accesses to my data and how I can control this access.
How Microsoft complies with regulatory and industry standards within the service as well as help me comply with my regulatory, industry and even organizational compliance requirements?
So today we will go over Microsoft cloud’s commitment to trust, how you can get answers to your top security, compliance, and privacy questions. When and why you need to do risk assessment of Microsoft cloud and finally how you can perform this risk assessment
So, Om what are top 3 concerns?
Thanks Caroline – We understand as customers when you are evaluating move to cloud you have 3 top concerns:
How will Microsoft protect my data
Who has access to my data
What about complying with global regulations that matter to me?
Microsoft is committed – starting at the top – to providing a cloud you can trust. We take very seriously our commitment to protect customers in a cloud-first world. We follow a set of standards and best practices to ensure that our cloud services are reliable and perform as you need them to. And we actively partner with a wide range of industry and government entities to establish confidence and trust in the wider cloud ecosystem.
We start with ensuring that our Microsoft cloud services are reliable – we are consistently best in class about up and running cloud
We build reliability, uptime, and security into DNA or our cloud service architecture and infrastructure.
On top of this reliable infrastructure and secure architecture, we build automation to minimize access to customer data (No standing access), ensure privacy and give control to you as customer.
Now to prove that we are doing what we are saying in all the things that I just talked about – we ask 3rd party independent auditors to come and audit us.
Finally, what will be the use of all this investment, if we can not transparently share information around reliability, security, privacy and compliance to you – our customers and partners – so we focus on providing industry leading transparency
We put money where our mouth is – we spend more than $1B on security R&D every year – this demonstrated our commitment to protect your data in our clouds.
The Graph feeds the security capabilities we build into Windows, Office 365, Azure, and the Enterprise Mobility + Security offerings to deliver an empowering work environment (that end users love) that is also incredibly secure (which IT loves).
As Satya noted last year, Microsoft is the biggest security company you’ve never heard of – and the breadth and strength of our security platform is proof. As a company, we spend over $1B each year on security R&D and integrating our breakthroughs into the products and services you rely on every single day.
Today, I want to show you some of our newest innovations and the end-to-end scenarios you can use right now.
http://www.gettyimages.com/license/519515855
This commitment is further demonstrated by our deepest and most comprehensive compliance coverage in the industry
We are compliant with global standards, US Government standard, Industry standards for financial services, and healthcare, and more.
We also understand that you have unique regional requirements and we go above and beyond to ensure we support those.
One of the strengths to our approach is consistency. We are guided by our Trusted Cloud pillars: Security, Privacy & Control, Compliance and Transparency.
These pillars influence how we engineer our services, how we identify and implement security features and controls, how we write our contacts and how we share information with customers.
We have also used our Trusted Cloud pillars to develop and evolve our unique offerings for cloud services customers.
In this presentation, we will focus on these pillars, for which Microsoft has developed amazing new offerings.
So Caroline let’s see if we can answer top 5 questions from our customers and show how anyone can get in-depth answers for each of the questions
We ask you as customers to make sure you are able to ask and get straight answers for these questions from any and all cloud service providers.
Caroline:
Do you know where your data located
Om:
We certainly understand our customers need to understand location of their data. We have created dedicated page (Where your data is located) to be transparent about where there data resides.
Lets walk through Azure, Office 365, and Intune data locations for example.
(Clicks on the link and Goes to Demo)
We wanted you to be crystal clear about where your data is located.
Clicks on Azure Data maps
Clicks on O365 Data maps
(Comes back to slides no 11)
Also when customer creates Microsoft cloud tenant or a cloud subscription we provide choice to customers on where they choose to store their own data within Microsoft cloud.
Caroline:
Do you know where your data located
Om:
We certainly understand their need to understand location of their data. We have created dedicated page (Where your data is located) to be transparent about where there data resides.
Lets walk through Azure, Office 365, and Intune data locations for example.
(Clicks on the link and Goes to Demo)
We wanted you to be crystal clear about where your data is located.
Clicks on Azure Data maps
Clicks on O365 Data maps
(Comes back to slides no 11)
Also when customer creates Microsoft cloud tenant or a cloud subscription we provide choice to customers on where they choose to store their own data within Microsoft cloud.
Caroline:
Do you know where your data located
Om:
We certainly understand their need to understand location of their data. We have created dedicated page (Where your data is located) to be transparent about where there data resides.
Lets walk through Azure, Office 365, and Intune data locations for example.
(Clicks on the link and Goes to Demo)
We wanted you to be crystal clear about where your data is located.
Clicks on Azure Data maps
Clicks on O365 Data maps
(Comes back to slides no 11)
Also when customer creates Microsoft cloud tenant or a cloud subscription we provide choice to customers on where they choose to store their own data within Microsoft cloud.
Caroline:
Do you know where your data located
Om:
We certainly understand their need to understand location of their data. We have created dedicated page (Where your data is located) to be transparent about where there data resides.
Lets walk through Azure, Office 365, and Intune data locations for example.
(Clicks on the link and Goes to Demo)
We wanted you to be crystal clear about where your data is located.
Clicks on Azure Data maps
Clicks on O365 Data maps
(Comes back to slides no 11)
Also when customer creates Microsoft cloud tenant or a cloud subscription we provide choice to customers on where they choose to store their own data within Microsoft cloud.
Caroline:
Do you know where your data located
Om:
We certainly understand their need to understand location of their data. We have created dedicated page (Where your data is located) to be transparent about where there data resides.
Lets walk through Azure, Office 365, and Intune data locations for example.
(Clicks on the link and Goes to Demo)
We wanted you to be crystal clear about where your data is located.
Clicks on Azure Data maps
Clicks on O365 Data maps
(Comes back to slides no 11)
Also when customer creates Microsoft cloud tenant or a cloud subscription we provide choice to customers on where they choose to store their own data within Microsoft cloud.
Caroline:
Do you know who is accessing your data and how you can control access?
Om:
Again we start with the premise as customers you bring in this data- you are the owner of this data so that it is your data
(Demo - Clicks on It is your data links)
We ensure that you can bring in and take action on your data whenever you want
We have processes to ensure that through engineering investments and automations – there is no standing access to customer data. We provide on request – approved by manager – time bound limited access on case by case basis in circumstances that require access to customer data – for example troubleshooting your mailbox.
We are very transparent and require Microsoft full time employees to be transparent in terms of the subcontractors that have access to this data.
(Comes back to slide 12)
Caroline:
Do you know who is accessing your data and how you can control access?
Om:
Again we start with the premise as customers you bring in this data- you are the owner of this data so that it is your data
(Demo - Clicks on It is your data links)
We ensure that you can bring in and take action on your data whenever you want
We have processes to ensure that through engineering investments and automations – there is no standing access to customer data. We provide on request – approved by manager – time bound limited access on case by case basis in circumstances that require access to customer data – for example troubleshooting your mailbox.
We are very transparent and require Microsoft full time employees to be transparent in terms of the subcontractors that have access to this data.
(Comes back to slide 12)
Caroline:
Do you know who is accessing your data and how you can control access?
Om:
Again we start with the premise as customers you bring in this data- you are the owner of this data so that it is your data
(Demo - Clicks on It is your data links)
We ensure that you can bring in and take action on your data whenever you want
We have processes to ensure that through engineering investments and automations – there is no standing access to customer data. We provide on request – approved by manager – time bound limited access on case by case basis in circumstances that require access to customer data – for example troubleshooting your mailbox.
We are very transparent and require Microsoft full time employees to be transparent in terms of the subcontractors that have access to this data.
(Comes back to slide 12)
Caroline:
It is crucial for you to know how government or law enforcement data requests are handled?
Om:
Certainly, very natural question – Lets walk through dedicated page that explains this scenario - How Microsoft responds to Government and law enforcement requests
First of all, we do not offer direct access to customer data – period.
We always attempt to redirect the third party to obtain the requested data from our customer. We will promptly notify you of any third-party request, and give you a copy unless we are legally prohibited from doing so.
We are fully committed to protect customer data from inappropriate government access, and where necessary, we have advanced this position through the courts.
Demo - Clicks on page explaining the process and takes them to portal where they can see stats about Law Enforcement requests.
Caroline:
It is crucial for you to know how government or law enforcement data requests are handled?
Om:
Certainly, very natural question – Lets walk through dedicated page that explains this scenario - How Microsoft responds to Government and law enforcement requests
First of all, we do not offer direct access to customer data – period.
We always attempt to redirect the third party to obtain the requested data from our customer. We will promptly notify you of any third-party request, and give you a copy unless we are legally prohibited from doing so.
We are fully committed to protect customer data from inappropriate government access, and where necessary, we have advanced this position through the courts.
Demo - Clicks on page explaining the process and takes them to portal where they can see stats about Law Enforcement requests.
Caroline:
It is crucial for you to know how government or law enforcement data requests are handled?
Om:
Certainly, very natural question – Lets walk through dedicated page that explains this scenario - How Microsoft responds to Government and law enforcement requests
First of all, we do not offer direct access to customer data – period.
We always attempt to redirect the third party to obtain the requested data from our customer. We will promptly notify you of any third-party request, and give you a copy unless we are legally prohibited from doing so.
We are fully committed to protect customer data from inappropriate government access, and where necessary, we have advanced this position through the courts.
Demo - Clicks on page explaining the process and takes them to portal where they can see stats about Law Enforcement requests.
Caroline:
Can you quickly find and react to breach?
Om:
We have aligned our security incident response process based on NIST 800-61 guidance.
We have detailed our incident response plan for our customers to review and to get answers for this exact set of questions. https://aka.ms/Office365SIM provides information on:
Microsoft’s approach to security incident management
Our Response Management Process
Our Federated Security Response Model
(Demo – clicks on link – open documents and talks about incident response process)
Comes back to slide 14
Lets take example of our content encryption whitepaper for O365 – it provides following information:
Encryption of customer content at rest
Volume and File-level encryption
Mailbox level encryption
Encryption of customer content in-transit
Various risks and protection provided by encryption against those risks
Caroline:
That brings us to final top question about have you performed in-depth risk assessment on your cloud Microsoft?
Om:
At Microsoft we believe in complete transparency – that is why created Service Trust Platform, where anyone can get access to our 3rd party audit reports, compliance guide, penetration testing and security assessment, and technical white papers.
This is very key question and let me talk about when customers should perform risk assessments
While evaluation us and performing due diligence – you should ask can we support your security and compliance requirements?
If you have signed agreement with our cloud and are about to move your mission critical data – you should ask how can you protect that mission critical data?
If you are in regulated industry or following information security best practice then you should at least perform an annual risk assessment on your cloud – is your cloud service provider in this case us Microsoft are still ensuring that effectiveness of security privacy and compliance controls?
Also when you are renewing your agreement with us or after every few years – you should ask Microsoft about how not only we are meeting your current requirements but can we meet your needs in future?
Caroline:
So Om can you explain how does the shared responsibility model works between customer and cloud service provider?
Om:
Sure – So, when customers have their data on-Prem they are responsible for 100% of controls to secure that data and be compliant. When they move to Microsoft cloud – we are a partnership and operated under a shared responsibility model. We at Microsoft do major lifting and implement 80% of these controls. Furthermore, with Service Trust platform features like Control Companions – we let customers understand – how can they configure remaining 20% controls. So indeed, we are in a partnership here with customers to help them to protect their data and stay compliant with Microsoft cloud.
Caroline:
Let’s say I am Alex who is responsible for compliance at a bank. How I go about the risk assessment to evaluate Microsoft cloud?
Om:
First anyone with Azure Active Directory account (with either paid or free trial service) can access any and all of the information that I am going to talk about.
So if you are a Risk and Compliance Officer – We have created a specific package for you – by reviewing this package, you get to know:
How Microsoft cloud services comply with global standards and requirements
How you can manage data security and compliance while using Microsoft cloud services
How Microsoft helps protect your data
If you need access to all of the compliance reports they are available for you at https://aka.ms/auditreports
Furthermore, we have made “Audited controls” feature that not only provides “what” in terms of controls implemented and tested but also provides details on “How” we have implemented the controls and “How” 3rd party independent auditors have tested these controls. Audited controls are available for ISO 27001, ISO 27018 and for NIST 800-53 frameworks. Across these audited control documents - customers can get unparalleled “Under the hood” insights into not only what we are compliant with but how we went about it! As of today, no other cloud service provider provides this information to customers / partners.
Om:
First anyone with Azure Active Directory account (with either paid or free trial service) can access any and all of the information that I am going to talk about.
So if you are a Risk and Compliance Officer – We have created a specific package for you – by reviewing this package, you get to know:
How Microsoft cloud services comply with global standards and requirements
How you can manage data security and compliance while using Microsoft cloud services
How Microsoft helps protect your data
If you need access to all of the compliance reports they are available for you at https://aka.ms/auditreports
Furthermore, we have made “Audited controls” feature that not only provides “what” in terms of controls implemented and tested but also provides details on “How” we have implemented the controls and “How” 3rd party independent auditors have tested these controls. Audited controls are available for ISO 27001, ISO 27018 and for NIST 800-53 frameworks. Across these audited control documents - customers can get unparalleled “Under the hood” insights into not only what we are compliant with but how we went about it! As of today, no other cloud service provider provides this information to customers / partners.
Om:
First anyone with Azure Active Directory account (with either paid or free trial service) can access any and all of the information that I am going to talk about.
So if you are a Risk and Compliance Officer – We have created a specific package for you – by reviewing this package, you get to know:
How Microsoft cloud services comply with global standards and requirements
How you can manage data security and compliance while using Microsoft cloud services
How Microsoft helps protect your data
If you need access to all of the compliance reports they are available for you at https://aka.ms/auditreports
Furthermore, we have made “Audited controls” feature that not only provides “what” in terms of controls implemented and tested but also provides details on “How” we have implemented the controls and “How” 3rd party independent auditors have tested these controls. Audited controls are available for ISO 27001, ISO 27018 and for NIST 800-53 frameworks. Across these audited control documents - customers can get unparalleled “Under the hood” insights into not only what we are compliant with but how we went about it! As of today, no other cloud service provider provides this information to customers / partners.
Let take example of SOC reports reviewed by compliance officer – what you should look for:
Our assertion of what controls areas we have implemented around security, availability, and confidentiality and processing integrity of your data.
Overview of operation – this is in-depth discussion around our cloud service architecture and how all components of service come together
You should looks into detail information provided by 3rd party independent auditor
Lastly you will find supplemental information as per demands particular audit that will provide you details around management response around audit findings etc.
Caroline:
Let’s say I am a Security Officers or Architects at healthcare company who want to understand technical implementation of various security controls within Microsoft cloud?
Om:
For Security Officers and Architects, we have created similar package on Microsoft Trust Center.
So they can start with “Protect your data by using Microsoft cloud services” page. On this page:
They will get access to information on how we build security into our cloud services
They will understand various features like Office 365 secure score that they can use to secure their cloud services and data.
Further on Service Trust Platform they can get Trust Documents at https://aka.ms/trustdocs - where we provide “Control Companions” .
The Office 365 Control Companions are Microsoft Excel workbooks designed to help security and compliance officers (and other professionals like Tenant Admins) to locate the Office 365 features that map to specific security and compliance controls. By leveraging these in-built Office 365 features, customers can secure their data and get help in becoming compliant with standards like ISO and FedRAMP. With control companion’s customers can understand:
· Controls that are customer’s responsibilities
· Description of what exactly these customer’s responsibilities are
· Office 365 features that customer's can leverage to fulfill these responsibilities
· Links to Office 365 portal to configure these controls
· PowerShell Configure / PowerShell Get commands to configure these controls
Om:
For Security Officers and Architects, we have created similar package on Microsoft Trust Center.
So they can start with “Protect your data by using Microsoft cloud services” page. On this page:
They will get access to information on how we build security into our cloud services
They will understand various features like Office 365 secure score that they can use to secure their cloud services and data.
Further on Service Trust Platform they can get Trust Documents at https://aka.ms/trustdocs - where we provide “Control Companions” .
The Office 365 Control Companions are Microsoft Excel workbooks designed to help security and compliance officers (and other professionals like Tenant Admins) to locate the Office 365 features that map to specific security and compliance controls. By leveraging these in-built Office 365 features, customers can secure their data and get help in becoming compliant with standards like ISO and FedRAMP. With control companion’s customers can understand:
· Controls that are customer’s responsibilities
· Description of what exactly these customer’s responsibilities are
· Office 365 features that customer's can leverage to fulfill these responsibilities
· Links to Office 365 portal to configure these controls
· PowerShell Configure / PowerShell Get commands to configure these controls
Om:
For Security Officers and Architects, we have created similar package on Microsoft Trust Center.
So they can start with “Protect your data by using Microsoft cloud services” page. On this page:
They will get access to information on how we build security into our cloud services
They will understand various features like Office 365 secure score that they can use to secure their cloud services and data.
Further on Service Trust Platform they can get Trust Documents at https://aka.ms/trustdocs - where we provide “Control Companions” .
The Office 365 Control Companions are Microsoft Excel workbooks designed to help security and compliance officers (and other professionals like Tenant Admins) to locate the Office 365 features that map to specific security and compliance controls. By leveraging these in-built Office 365 features, customers can secure their data and get help in becoming compliant with standards like ISO and FedRAMP. With control companion’s customers can understand:
· Controls that are customer’s responsibilities
· Description of what exactly these customer’s responsibilities are
· Office 365 features that customer's can leverage to fulfill these responsibilities
· Links to Office 365 portal to configure these controls
· PowerShell Configure / PowerShell Get commands to configure these controls
Lets take example of our content encryption whitepaper for O365 – it provides following information:
Encryption of customer content at rest
Volume and File-level encryption
Mailbox level encryption
Encryption of customer content in-transit
Various risks and protection provided by encryption against those risks
Caroline:
What about I am Ellie the privacy officer European organization?
Om:
Yes, we understand that Governance and Privacy officers have a need to review specific set of focused information when they perform their risk assessment.
So we created specific package for them on Microsoft trust center – they can start with understanding Microsoft cloud governance and privacy practices.
They can access ISO 27001, and 27018 audit reports – that demonstrate Microsoft’s adherence to best practices around information security and privacy policy and procedures.
Since lot of our customers are focused on upcoming GDPR regulation. We have created special information package around GDPR.
On this GDPR page we provide customers information on how Microsoft is committed to support customers’ ability to comply with GDPR.
Also, we have started providing in-depth information around Microsoft cloud features that customers can use to be compliant with GDPR requirements.
Om:
Yes, we understand that Governance and Privacy officers have a need to review specific set of focused information when they perform their risk assessment.
So we created specific package for them on Microsoft trust center – they can start with understanding Microsoft cloud governance and privacy practices.
They can access to ISO 27001, and 27018 audit reports – that demonstrate Microsoft’s adherence to best practices around information security and privacy policy and procedures.
Since lot of our customers are focused on upcoming GDPR regulation. We have created special information package around GDPR.
On this GDPR page we provide customers information on how Microsoft is committed to support customers’ ability to comply with GDPR.
Also, we have started provided in-depth information around Microsoft cloud features that customers can use to be compliant with GDPR requirements.
Om:
Yes, we understand that Governance and Privacy officers have a need to review specific set of focused information when they perform their risk assessment.
So we created specific package for them on Microsoft trust center – they can start with understanding Microsoft cloud governance and privacy practices.
They can access to ISO 27001, and 27018 audit reports – that demonstrate Microsoft’s adherence to best practices around information security and privacy policy and procedures.
Since lot of our customers are focused on upcoming GDPR regulation. We have created special information package around GDPR.
On this GDPR page we provide customers information on how Microsoft is committed to support customers’ ability to comply with GDPR.
Also, we have started provided in-depth information around Microsoft cloud features that customers can use to be compliant with GDPR requirements.
Om:
First we are committed to be most transparent cloud and customers should continue to expect industry leading deep insights from us.
Second if you are trying to navigate security, compliance and privacy requirements and our responses then we would recommend you starting from Microsoft Trust Center at https://microsoft.com/trustcenter - choose either your role based package or browse wide range of topics that interests you on the trust center.
Lastly if you are seasoned veteran trying to get access to all audit reports and trust documents that we have to help you understand how we comply with various global regulations, how you can protect your data and be compliant with using Microsoft cloud – visit Service Trust platform at https://aka.ms/servicetrust
Thank you and we look forward to earning your trust!
Om:
First we are committed to be most transparent cloud and customers should continue to expect industry leading deep insights from us.
Second if you are trying to navigate security, compliance and privacy requirements and our responses then we would recommend you starting from Microsoft Trust Center at https://microsoft.com/trustcenter - choose either your role based package or browse wide range of topics that interests you on the trust center.
Lastly if you are seasoned veteran trying to get access to all audit reports and trust documents that we have to help you understand how we comply with various global regulations, how you can protect your data and be compliant with using Microsoft cloud – visit Service Trust platform at https://aka.ms/servicetrust
Thank you and we look forward to earning your trust!