TABLE RONDE LMI 1 er JUIN 2012
|
|
- Dulcie Merritt
- 7 years ago
- Views:
Transcription
1 TABLE RONDE LMI 1 er JUIN 2012
2 107 Countries
3 Consumerization of IT Distributed Workforce 50 percent of business devices are expected to be smartphones by percent of organizations have a remote workforce Infrastructure Utilization Infrastructure Complexity 85 percent of datacenter capacity is idle on average 70 percent of IT budgets is spent maintaining datacenter operations
4
5 The Microsoft Cloud Data Center Infrastructure August 27, 2010 Page 5
6 MSIT s Windows Azure Approach Move existing applications to Azure Develop segmentation methodology Find low-risk proof-of-concept applications Predictable Bursting Auction Tool Make Azure the default for new application development Growing Fast Identify candidates Capture results Social experience Platform Move BIG/Critical applications Develop Tier 1 apps on the Azure Platform We have Cloud Power Volume Licensing Microsoft
7
8
9 Compute Compute Compute Compute Inactivity Average Period Usage Average Usage Time Time Average Usage Time Average Usage Time
10 Existing APPS Remove for Risk Reduction Mission critical High regulatory exposure HBI High cross-premise High monitoring needs VLDB (>500 GB) Rejection Criteria Fail DISQUALIFIED APPS Select for Success Adds Business Value BVR Defined Solves MSIT Problems (Cost, Time, Quality, Security) Have High Success Rate (Less known Platform Gaps & Risks) Selection Criteria Fail Limited Potential APPS Prioritize for ROI Advances MS Cloud Platform Advances MSIT Cloud Readiness Showcases Concrete ROI Sequencing Criteria Fail Low Cloud Value Add APPS High Cloud Value APPS => Strong Canditate
11
12
13 Savings Savings SaaS TODAY FY13: Efficiency Integrated provisioning, feature parity, integrated monitoring and support escalation FY15: Effectiveness Fully cross-premise services mgmt FY11: Experience Manual provisioning, monitoring, support, and escalation PaaS 30+K users on Exchange Online 500 LBI sites on Sharepoint Online 40+ apps on Azure FY13: 15% apps in the Cloud FY15: 80% apps in the Cloud FY11: Less than 5% apps in the Cloud
14 Before Today Availability 99.1% % Showcase site costs $15,000 month $1,050 month 2-4 hours 0 hours Planned downtime Planned downtime per upgrade per upgrade Release Time HW Provisioning Time Bottom Line weeks VMs 5-6 weeks Physical Servers Paying full-price and underutilizing a 3 rd -party competitive product 30 minutes Server environment provisioning Microsoft.com on Windows Azure at enterprise scale Current Status as of Jan medium VM instances, up to updates without missing a single transaction 10,000,000 error-free transactions since December Processor utilization % often in single digits Average response under 10ms (SLA is 250ms) Fully integrated with SCOM (System Center Ops Mgr.)
15 Addressable Spend 55% of Overall MSIT Budget Potential Savings Support Hardware, Hosting & SW Licenses Application Development and Maintenance 32% 53% 20%
16
17
18
19 Source: Microsoft
20 Security & Standards in the Cloud Building trust through openness and interoperability in the Cloud Yale Li Principal Security Architect, Microsoft Corporation Research Director, Cloud Security Alliance (Seattle)
21 Cloud - Generational Shift Centralized compute & storage, thin clients Hard to attack and less demand for security controls High upfront costs for hardware and software PCs and servers for distributed compute, storage, etc. Easy to attack and more demand for security controls Perpetual license for OS and application software Large DCs, commodity HW, scale-out, devices More attacks from all angles and big security control gaps Pay as you go, and only for what you use
22 Policies, Standards, and Procedures Control Objectives Cloud Layers and Information Classification Control Activities Control Activities Data Control Activities Control Activities Control Activities Control Activities Control Activities Control Activities Cloud Applications Cloud Platform The control activities at each layer must, in total, be sufficient to meet the overall control objective as determined by the classification Control Activities Control Activities Control Activities Control Activities Cloud Data Center Infrastructure Control Activities Control Objectives Policies, Standards, and Procedures Information classification pertains to data Classify according to standards Classification is determined by the asset owner Classification determines the controls needed
23 Microsoft Cloud Data Center Infrastructure Purpose-built data centers to host containers at large scale Cost $500 million, 100,000 square foot facility (10 football fields) 40 foot shipping containers can house as many as 2,500 servers Density of 10 times amount of compute in equivalent space in traditional data center Deliver an average PUE of 1.22 Power Usage Effectiveness benchmark from The Green Grid consortium on energy efficiency
24 Microsoft Cloud Platforms SERVICES P L A T F O R M STANDARDIZED SERVICE LOWEST OPERATIONS COST UPDATED BY MICROSOFT SERVER P L A T F O R M CUSTOMIZABLE PRODUCT SUPPORTS ALL EXISTING APPS LOW OPERATIONS COST UPDATED BY CUSTOMER
25 Microsoft Cloud Services/Applications Over 303M Users 76 markets and 48 languages 25M Users 500M Active Live IDs 59 markets and 36 languages Proven track record meeting obligations associated with the delivery of over 200 cloud services Enormous scale efficiently spreads cost of robust security, reliability and privacy investments
26 Microsoft Cloud Security and Compliance ISO SAS70 Type II FISMA (US DCs only) SOX PCI DSS HIPAA ISO 27001: 2011H2 SSAE16: 2012H1 FISMA: Gap assessment underway ISO 27001: All SAS 70 (SSAE 16) Type I: BPOS-S & Office 365 (2011Q4) SAS 70 (SSAE 16) Type II: BPOS-D & Office 365 (2012H2) EU Safe Harbor: All FISMA: Office 365 (2012H1) HIPPA: Office 365 (2011Q4)
27 IDENTITY Lifecycle Management, IDP Authority AUTHENTICATION Multifactor, Password Management, machine & traffic source, account sharing AUTHORIZATION LPA, Admin Role Segmentation, limited admin access, LPA auto provisioning & enforcement AUDITING OS event logging, auto user AuthN/AuthZ Reporting, Audit of Regulatory data, audit of shared account usage SEGMENTATION physical server isolation, logical & physical network segmentation, content isolation, VM isolation, machine access blocking due to noncompliance DATA PROTECTION Data Classification & tagging, Persistent data classification, Lifecycle Management, Data at Rest, Data in Motion, Data in Use APPLICATION SECURITY application code reviews, penetration testing, product release management- SECURITY MACHINE HEALTH MANAGEMENT security updates/patches, auto health remediation for hosts & servers & mobile devices, auto Data Protection remediation, Anti-Malware secure machine baseline config, policy provisioning, configuration discovery, service release management, change management COMPLIANCE ASSESSMENT scanning & assessment of health state of hosts & servers, ensure DP controls in place, DLP data compliance discovery, DLP user Notification, DLP reporting of Compliance, reporting of server health,, user notification of host health, regulatory compliance BUSINESS CONTINUITY/DISASTER RECOVERY Planning, testing INCIDENT RESPONSE & COMMUNICATION Forensics, reporting, tracking KEY MANAGEMENT Key protection, crypto algorithm and implementation ANOMALY DETECTION/MONITORING Data leakage detection, network, host PHYSICAL SECURITY Controlled access to data centers and facilities, stolen & lost equipment containing valued data NON-TECHNICAL Risk management, policy, standards, procedures, HR, background checks, legal ediscovery, Roles & Responsibilities, Awareness, operational processes
28 Microsoft Security Development Lifecycle (SDL) Industry-leading software security assurance process coordinated by TwC since 2004 Online services must conform, just like packaged software Extends to deployment infrastructure Threat model reviews Validation of correct tool usage, documentation, patterns and practices
29 The World of Standards Cloud-Standards.org
30 Microsoft Cloud Standard Support Data Infrastructure Languages XML ATOM (ATOMPub, AtomRSS) ECMA-334 (C#) OData HTTP Java ODBC SOAP ECMA-262 (ECMA Script) TDS WS-Security WS-BPEL JSON WS-SecurityPolicy SQL XML Digital Signature WS-Federation WSDL XML Encryption WS-Trust WS-Policy REST HTML SAML OpenID OAuth-WRAP
31 Standards-Based Interoperability
32 Server 2 Server Rich Client Browser-based Access Control Services Identity Providers ACS Your Application SAML SWT WS-Federation ADFS2. WS-Federation SAML ADFS2. WS-Trust WS-Trust Service Identities SWT OAuth WRAP
33 Sources of Security Standards Law Varies by countries and location Industry-specific requirements Not quite law, but can be hard requirements Standard-setting organizations Voluntary, but often used as a baseline Internal governance Policy/preference of individual organizations
34 The Compliance Landscape ISO (broad international information security standard) SAS 70 / SSAE 16 (US accounting audit standard) FISMA (required by law for US federal agencies and looked on favorably by other government agencies) EU Data Privacy Directive (PII within the EU/EEA/Switzerland) PCI DSS (credit card information) HIPAA (protected health information in the US) SOX (US public company accountability) GLBA, FFIEC (US financial services) CFR Title 21 Part 11 (US FDA regulations) MPAA (Movies etc.) And many others
35 Cloud Security Resources DMTF Cloud Management ENISA Cloud Risk Assessment BOSS ITOS Presentation Application SRM (security & risk management) Information Standards Roadmap Reference Architecture CSA GRC Stack - Controls Matrix - Questionnaire - Cloud Audit Reference Architecture Infrastructure Trusted Cloud Initiative
36 Trusted Cloud Initiative - Reference Architecture
37 CloudTrust Protocol (CTP) Included Within CSA GRC Stack Government Specs Extensions Commercial Deliver continuous monitoring required by A&A methodologies??? Continuous monitoring with a purpose Common technique and nomenclature to request and receive evidence and affirmation of controls from cloud providers??? Claims, offers, and the basis for auditing service delivery Common interface and namespace to automate the Audit, Assertion, Assessment, and Assurance (A6) of cloud environments FedRAMP DIACAP Other C&A standards Pre-audit checklists and questionnaires to inventory controls Industry-accepted ways to document what security controls exist NIST , HITRUST CSF, ISO 27001/27002, ISACA COBIT, PCI, HIPAA, SOX, GLBA, STIG, NIST , SAS 70, The recommended foundations for controls Fundamental security principles in assessing the overall security risk of a cloud provider
38 Summary The Cloud era is now Security, Openness and Interoperability is the foundation We are eager to collaborate with government and partners to build a trusted Cloud ecosystem
39
40 The Microsoft Cloud ~100 Globally Distributed Data Centers Quincy, WA Chicago, IL San Antonio, TX Dublin, Ireland Generation 4 DCs
41 Server Container Deployment
42 Customer & Partner Momentum
43 PRIVATE CLOUD STRATEGY TEST & DEV, ADVANCED APPS Redmond Ridge Lab Scalable/Elastic Business Groups Add Computing Capacity Usage Based for: Compute Storage Network RightSizing Highly Virtualized and Shared Services Self-Service Provision and De-Provision Virtual Machines
44 PRIVATE CLOUD RESULTS BENEFITS Manage Costs Business Agility Improved Control DASHBOARD: CENTRALIZED TEST & DEVELOPMENT LAB CAPACITY UTILIZATION SUPPORT COSTS
Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter
Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationFive steps to Cloud Adoption. Laurent De Grauwe Sales Manager Datacenter
Five steps to Cloud Adoption Laurent De Grauwe Sales Manager Datacenter 1 How Microsoft defines cloud Microsoft You One consistent experience Service provider Why Microsoft and the cloud? Cloud services
More informationCloud Security Alliance and Standards. Jim Reavis Executive Director March 2012
Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters
More informationWindows Azure Platform
Windows Azure Platform Giordano Tamburrelli, PhD giotam@microsoft.com Academic Developer Evangelist Slides by David Chou You manage You manage You manage Types of Clouds Private (On-Premise) Infrastructure
More informationCloud Security. DLT Solutions LLC June 2011. #DLTCloud
Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions
More informationThe Education Fellowship Finance Centralisation IT Security Strategy
The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and
More informationHow Microsoft runs IT. Ludwig Wilhelm CIO Central & Eastern Europe Microsoft IT
How Microsoft runs IT Ludwig Wilhelm CIO Central & Eastern Europe Microsoft IT 2 Source: Accenture Cloudrise: Rewards & Risks at the Dawn of Cloud Computing, November 2010 3 Source: Accenture Cloudrise:
More informationThe standards landscape in cloud
The standards landscape in cloud PRESENTATION computing TITLE GOES HERE Vincent Franceschini CTO Distributed Architectures, Hitachi Data System Chairman Emeritus, SNIA Governing Board Member, SNIA Cloud
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationSecurity, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32
Security, Compliance & Risk Management for Cloud Relationships Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Introductions & Poll Organization is leveraging the Cloud? Organization
More informationAssessing Risks in the Cloud
Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research
More informationSecurity Best Practices for Microsoft Azure Applications
Security Best Practices for Microsoft Azure Applications Varun Sharma Principal Security Engineer, Information Security & Risk Management (ISRM), Microsoft IT Service Lines Application Security Infrastructure
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed
More informationAnypoint Platform Cloud Security and Compliance. Whitepaper
Anypoint Platform Cloud Security and Compliance Whitepaper 1 Overview Security is a top concern when evaluating cloud services, whether it be physical, network, infrastructure, platform or data security.
More informationRealizing the Benefits of Hybrid Cloud. Anand MS Cloud Solutions Architect Microsoft Asia Pacific
Realizing the Benefits of Hybrid Cloud Anand MS Cloud Solutions Architect Microsoft Asia Pacific Agenda Key drivers for Hybrid Cloud Unified Cloud Strategy Example Use Cases How to get there Hybrid Cloud:
More informationMoving beyond Virtualization as you make your Cloud journey. David Angradi
Moving beyond Virtualization as you make your Cloud journey David Angradi Today, there is a six (6) week SLA for VM provisioning it s easy to provision a VM, the other elements change storage, network
More informationCloud Audit and Cloud Trust Protocol. By David Lingenfelter 2011
Cloud Audit and Cloud Trust Protocol By David Lingenfelter 2011 Background > MaaS360 SaaS Cloud Model > Mobile Device Management > FISMA Moderate Certified > SAS-70/SOC-2 Cloud Adoption Obstacles Planning
More informationOWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect
OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud
More informationMaintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com
Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance
More informationSecuring the Microsoft Cloud Infrastructure. Reto Häni Chief Security Officer Microsoft Western Europe MEET SWISS INFOSEC! 24.06.
Securing the Microsoft Cloud Infrastructure Reto Häni Chief Security Officer Microsoft Western Europe MEET SWISS INFOSEC! 24.06.2015 1 Certification & Security Reliance Microsoft s cloud environment Application
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationSplunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF
Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Businesses around the world have adopted the information security standard ISO 27002 as part of their overall risk
More informationKey Enablers for the Cloud Service Broker: Identity, Privacy, and Security
Key Enablers for the Cloud Service Broker: Identity, Privacy, and Security OMG Telecom Cloud Workshop Dec 6, 2010 David F. Chen Lead Principal-Technical Architect Ecosystem & Innovation, AT&T, Inc. Footer
More informationCloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
More informationCloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week
Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions
More informationCloud Services Overview
Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture
More informationMicrosoft Azure. Microsoft Azure Security, Privacy, & Compliance
Security, Privacy, & Compliance Technology trends: driving cloud adoption BENEFITS Speed Scale Economics Cloud Trend: 70% 2 weeks to deliver new services vs. 6-12 months with traditional solution Scale
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationGlobal Efforts to Secure Cloud Computing
April 2012 Global Efforts to Secure Cloud Computing Jim Reavis Executive Director Cloud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute
More informationVirtualization Impact on Compliance and Audit
2009 Reflex Systems, LLC Virtualization Impact on Compliance and Audit Michael Wronski, CISSP VP Product Management Reflex Systems Agenda Introduction Virtualization? Cloud? Risks and Challenges? Compliance
More informationHosted SharePoint: Questions every provider should answer
Hosted SharePoint: Questions every provider should answer Deciding to host your SharePoint environment in the Cloud is a game-changer for your company. The potential savings surrounding your time and money
More informationEnterprise Architecture Review Checklist
Enterprise Architecture Review Checklist Software as a Service (SaaS) Solutions Overview This document serves as Informatica s Enterprise Architecture (EA) Review checklist for Cloud vendors that wish
More informationEmpowering Your Business in the Cloud Without Compromising Security
Empowering Your Business in the Cloud Without Compromising Security Cloud Security Fabric CloudLock offers the cloud security fabric for the enterprise that helps organizations protect their sensitive
More informationCloud Security Certification
Cloud Security Certification January 21, 2015 1 Agenda 1. What problem are we solving? 2. Definitions (Attestation vs Certification) 3. Cloud Security Responsibilities and Risk Exposure 4. Who is responsible
More informationTHE BLUENOSE SECURITY FRAMEWORK
THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program
More informationCloud Security Framework (CSF): Gap Analysis & Roadmap
Cloud Security Framework (CSF): Gap Analysis & Roadmap Contributors: Suren Karavettil, Bhumip Khasnabish Ning So, Gene Golovinsky, Meng Yu & Wei Yinxing Please send comments & suggestions to Suren Karavettil
More informationCloud models and compliance requirements which is right for you?
Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,
More informationSELECTING AN ENTERPRISE-READY CLOUD SERVICE
21 Point Checklist for SELECTING AN ENTERPRISE-READY CLOUD SERVICE Brought to you by Introduction The journey to the cloud is well underway, and it s easy to see why when 84% of CIOs report cutting application
More informationA Flexible and Comprehensive Approach to a Cloud Compliance Program
A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility
More informationGRC Stack Research Sponsorship
GRC Stack Research Sponsorship Overview Achieving Governance, Risk Management and Compliance (GRC) goals requires appropriate assessment criteria, relevant control objectives and timely access to necessary
More informationSECURE CLOUD COMPUTING
Outline SECURE CLOUD COMPUTING Introduction (of many buzz words) References What is Cloud Computing Cloud Computing Infrastructure Security Cloud Storage and Data Security Identity Management in the Cloud
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationMicrosoft Azure. Rich Lilly Project Leadership Associates
Microsoft Azure Rich Lilly Project Leadership Associates http://www.linkedin.com/in/rich04 rlilly@projectleadership.net b-richl@microsoft.com 8.5 trillion stored objects 900K request/sec on average (2.3+
More informationIT Security & Compliance. On Time. On Budget. On Demand.
IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationCloud Security Framework (CSF): Gap Analysis & Roadmap
Cloud Security Framework (CSF): Gap Analysis & Roadmap Contributors: Suren Karavettil, Bhumip Khasnabish Ning So, Gene Golovinsky, Meng Yu & Wei Yinxing Please send comments & suggestions to Suren Karavettil
More informationSecure Cloud Computing
Secure Cloud Computing Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for
More informationHow To Get A Cloud Security System To Work For You
Trust in the Cloud Ovidiu Pismac MCSE Security, CISSP, MCSE Private Cloud / Server & Desktop infrastructure, MCTS Forefront Microsoft Romania ovidiup@microsoft.com Technology trends: driving cloud adoption
More informationMicrosoft Cloud Workshop - Summary of an Interesting Case Study
Cloud Workshop Michael Richards and John Weigelt Microsoft Canada Goals Tools you can use for the move to the cloud! What is cloud? Infrastructure as a Service Platform as a Service Software as a Service
More informationAzure Active Directory
Azure Active Directory Your Cloud Identity Brian Mansure Azure Specialist bmansure@enpointe.com Agenda What Azure Active Directory is What Azure Active Directory is not Hybrid Identity Features Roadmap
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from
More informationAn Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011
An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011 Brian McLean, CISSP Sr Technology Consultant, RSA Changing Threats and More Demanding Regulations External
More informationSecuring Government Clouds Preparing for the Rainy Days
Securing Government Clouds Preparing for the Rainy Days Majed Saadi Director, Cloud Computing Practice Agenda 1. The Cloud: Opportunities and Challenges 2. Cloud s Potential for Providing Government Services
More informationPCI Compliance for Cloud Applications
What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage
More informationSecuring and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable
More informationMicrosoft s Datacenter Best Practices. Darryl Chantry Datacenter Solutions Architect Worldwide Datacenter Center of Excellence
Microsoft s Datacenter Best Practices Darryl Chantry Datacenter Solutions Architect Worldwide Datacenter Center of Excellence We Are Unique in Our Comprehensive Approach Interactive entertainment Search/
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy
More informationBuilding High Growth Services on the Microsoft Cloud Platform. Rich Cannon Senior Director, US Partner Hosting and Cloud Services
Building High Growth Services on the Microsoft Cloud Platform Rich Cannon Senior Director, US Partner and Cloud Services Momentum 35% YoY revenue growth Hosters are largest contributor across all partner
More informationLogically Securing a Public Cloud Service
SESSION ID: CIN-W07 Logically Securing a Public Cloud Service Tim Mather CISO Cadence Design Systems @mather_tim Disclaimer: AWS (Amazon Web Services) is referenced in this presentation extensively, only
More informationLeveraging Cloud Services for Quicker Implementation and More Secure Automation Solutions
Leveraging Cloud Services for Quicker Implementation and More Secure Automation Solutions Peter Reynolds Senior Consultant ARC Advisory Group PReynolds@ARCweb.com Twitter @PeterDReynolds The Hardware Layer
More informationCloud Security Case Study Amazon Web Services. Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com
Cloud Security Case Study Amazon Web Services Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com Agenda 1. Amazon Web Services challenge 2. Virtual Instances and Virtual Storage
More informationIBM Cognos TM1 on Cloud Solution scalability with rapid time to value
IBM Solution scalability with rapid time to value Cloud-based deployment for full performance management functionality Highlights Reduced IT overhead and increased utilization rates with less hardware.
More informationCLOUD SERVICES FOR EMS
CLOUD SERVICES FOR EMS Greg Biegen EMS Software Director Cloud Operations and Security September 12-14, 2016 Agenda EMS Cloud Services Definitions Hosted Service Managed Services Governance Service Delivery
More informationA COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012
A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES
More information2010 Microsoft Corporation. All rights reserved. Microsoft. Page 1
2010 Microsoft Corporation. All rights reserved. Microsoft. Page 1 Overview of Cloud Computing & the Windows Azure Platform Deepak Choithramani Strategic Business Manager, Microsoft India 2010 Microsoft
More informationMicrosoft Private Cloud
Microsoft Private Cloud Lorenz Wolf, Solution Specialist Datacenter, Microsoft SoftwareOne @ Au Premier Zürich - 22.03.2011 What is PRIVATE CLOUD Private Public Public Cloud Private Cloud shared resources.
More informationCloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs
Cloud Computing In a Post Snowden World Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs Guy Wiggins Director of Practice Management Kelley Drye & Warren
More informationSECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP
SECURITY MODELS FOR CLOUD 2012 Kurtis E. Minder, CISSP INTRODUCTION Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson
More informationIT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014
IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationCloud Standardization, Compliance and Certification. Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak
Cloud Standardization, Compliance and Certification Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak Todays Agenda IT Resourcing with Cloud Computing and related challenges Landscape
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationFeliciano Intini Responsabile dei programmi di Sicurezza e Privacy Microsoft Italia
Feliciano Intini Responsabile dei programmi di Sicurezza e Privacy Microsoft Italia NonSoloSecurity Blog: http://blogs.technet.com/feliciano_intini Twitter: @felicianointini Trustworthy Computing Cloud:
More informationCloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing
Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Executive Summary As cloud service providers mature, and expand and refine their offerings, it is increasingly difficult for
More informationHow RSA has helped EMC to secure its Virtual Infrastructure
How RSA has helped EMC to secure its Virtual Infrastructure A new solution, the RSA solution for Cloud Security and Compliance, has been developed and is now available to all of our customers. Luciano
More informationHans Bos Microsoft Nederland. hans.bos@microsoft.com
Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party
More informationPublic Cloud Service Definition
Public Version 1.5 TECHNICAL WHITE PAPER Table Of Contents Introduction... 3 Enterprise Hybrid Cloud... 3 Public Cloud.... 4 VMware vcloud Datacenter Services.... 4 Target Markets and Use Cases.... 4 Challenges
More informationRSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively
RSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively Arrow ECS DLP workshop, Beograd September 2011 Marko Pust marko.pust@rsa.com 1 Agenda DLP in general What to expect from
More informationOn Demand Cloud Services Value First
On Demand Cloud Value First Hardware, Software, and Engineered to Work Together John Barker Oracle On Demand john.barker@oracle.com 804-967-7228 Safe Harbor Statement The following
More informationVMware vcloud Service Definition for a Public Cloud. Version 1.6
Service Definition for a Public Cloud Version 1.6 Technical WHITE PAPER 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
More informationSAFELY ENABLING MICROSOFT OFFICE 365: THREE MUST-DO BEST PRACTICES
SAFELY ENABLING MICROSOFT OFFICE 365: THREE MUST-DO BEST PRACTICES Netskope 2015 Enterprises are rapidly adopting Microsoft Office 365. According to the Netskope Cloud Report, the suite is among the top
More informationSecuring the Cloud through Comprehensive Identity Management Solution
Securing the Cloud through Comprehensive Identity Management Solution Millie Mak Senior IT Specialist What is Cloud Computing? A user experience and a business model Cloud computing is an emerging style
More informationLive Guide System Architecture and Security TECHNICAL ARTICLE
Live Guide System Architecture and Security TECHNICAL ARTICLE Contents 1. Introduction... 2 2. Hosting Environment... 2 2.1. Standards - Compliancy... 3 2.2. Business Continuity Management... 3 2.3. Network
More informationFederated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.
PingFederate We went with PingFederate because it s based on standards like SAML, which are important for a secure implementation. John Davidson Senior Product Manager, Opower PingFederate is the leading
More informationBuilding Energy Security Framework
Building Energy Security Framework Philosophy, Design, and Implementation Building Energy manages multiple subsets of customer data. Customers have strict requirements for regulatory compliance, privacy
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationSecurity Information & Policies
Security Information & Policies 01 Table of Contents OVERVIEW CHAPTER 1 : CHAPTER 2: CHAPTER 3: CHAPTER 4: CHAPTER 5: CHAPTER 6: CHAPTER 7: CHAPTER 8: CHAPTER 9: CHAPTER 10: CHAPTER 11: CHAPTER 12: CHAPTER
More informationAddressing Cloud Computing Security Considerations
Addressing Cloud Computing Security Considerations with Microsoft Office 365 Protect more Contents 2 Introduction 3 Key Security Considerations 4 Office 365 Service Stack 5 ISO Certifications for the Microsoft
More informationSolution Brief for HIPAA HIPAA. Publication Date: Jan 27, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045
Publication Date: Jan 27, 2015 8815 Centre Park Drive, Columbia MD 21045 HIPAA About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized
More informationAn Introduction to RSA envision The Information Log Management Platform for Security and Compliance Success. September, 2009
An Introduction to RSA envision The Information Log Management Platform for Security and Compliance Success September, 2009 Changing Threats and More Demanding Regulations External attacks Malicious insiders
More informationHow To Secure Cloud Computing
A hole in the cloud: Is cloud secure? N. Vijaykumar Infosys Technologies Limited, Bangalore presented at Security in cloud is a key challenge! 70% 60% 50% 40% 30% 20% 10% 0% Data integrity tampering Hacker
More informationAWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II
AWS Security CJ Moses Deputy Chief Information Security Officer Security is Job Zero! Overview Security Resources Certifications Physical Security Network security Geo-diversity and Fault Tolerance GovCloud
More informationHet is een kleine stap naar een hybrid cloud
Het is een kleine stap naar een hybrid cloud Isabel Moll-Kranenburg Microsoft 14 jaar IT industrie 4 jaar Microsoft Cloud Private Private Cloud Meeting customers where they are The Microsoft Cloud Computing
More informationBusiness Risk Assessment - A Primer
The Evolving Security Landscape: Technology Overview and Business Drivers Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Agenda About Nemertes Technology Overview and
More information