Trust in the Cloud. Microsoft Azure

Size: px
Start display at page:

Download "Trust in the Cloud. Microsoft Azure"

Transcription

1 Trust in the Cloud Ovidiu Pismac MCSE Security, CISSP, MCSE Private Cloud / Server & Desktop infrastructure, MCTS Forefront Microsoft Romania

2 Technology trends: driving cloud adoption BENEFITS Speed Scale Economics Cloud Trend: 70% 2 weeks to deliver new services vs months with traditional solution Scale from 30,000 to 250,000 site visitors instantly $25,000 in the cloud would cost $100,000 on premises of CIOs will embrace a cloud-first strategy in 2016 (IDC CIO Agenda webinar) 430B+ AD authentications 280% year-over-year database growth in 50% of Fortune 500 use AZURE ADOPTION

3 Cloud innovation OPPORTUNITY FOR SECURITY & COMPLIANCE BENEFITS Pre-adoption Benefits realized concern 94% 60% cited concerns around experienced security benefits data security they as didn t a barrier previously to adoptionhave on-premise 62% 45% concerned that the said privacy protection increased cloud would as a result in of a moving lack of data to the control cloud SECURTIY Design/Operation Infrastructure Network Identity/access Data PRIVACY COMPLIANCE

4 Trustworthy foundation BUILT ON MICROSOFT EXPERIENCE AND INNOVATION 1 st Microsoft Data Center Active Directory Trustworthy Computing Initiative Malware Protection Center SOC 1 UK G-Cloud Level 2 SOC 2 FedRAMP/ FISMA Operations Security Assurance 20+ Data Centers Microsoft Security Response Center Windows Update Global Data Center Services Security Development Lifecycle Digital Crimes Unit ISO/IEC 27001:2005 E.U. Data Protection Directive HIPAA/ HITECH CSA Cloud Controls Matrix PCI DSS Level 1

5 Trustworthy foundation BUILT ON MICROSOFT EXPERIENCE AND INNOVATION 1 st Microsoft Data Center Microsoft Windows Update Microsoft Security Response Center Trustworthy Computing Initiative 20+ Data Centers: FedRAMP/ Compliance Standards: Malware UK G-Cloud FISMA Protection Level 2 Active Investing Operating Center Microsoft Trustworthy Azure Security Computing Centers Directory heavily robust SOC 2 SOC 1 compliance processes, 11 data including centers Created around of the Excellence: the SDL which has ISO 27001, FedRAMP, world, and plus HIPAA 2 become in ChinaProtecting the industry Microsoft standard for developing customers secure by combatting software CSA Cloud Controls Matrix evolving threats Security Development Global Lifecycle Data Center Services Digital Crimes Unit E.U. Data Protection ISO/IEC Directive HIPAA/ 27001:2005 HITECH Operations Security Assurance 20+ Data Centers PCI DSS Level 1

6 UNIFIED PLATFORM FOR MODERN BUSINESS Automated Managed Resources Elastic Usage Based

7 Shared responsibility REDUCE SECURITY COSTS + MAINTAIN FLEXIBILITY, ACCESS, & CONTROL On-Premises IaaS PaaS SaaS Customer Microsoft

8 Market Endorsement Gartner Magic Quadrant for Enterprise Application Platform as a Service(PaaS) Gartner Magic Quadrant for Cloud Infrastructure as a Service(IaaS) Gartner Magic Quadrant for Public Cloud Storage Services Gartner Magic Quadrant for Virtualization

9 Transparency & independent verification AID CUSTOMERS IN MEETING SECURITY & COMPLIANCE OBLIGATIONS Third-party verification Access to audit reports Compliance packages Best practices and guidance Trust Center Cloud Security Alliance Security Response Center progress report Security intelligence report

10 Microsoft approach in action 10

11 Design & operations Software Development Lifecycle (SDL) Operational security controls Assume breach Incident response Security embedded in planning, design, devel opment, & deployment Rigorous controls to prevent, detect, contai n, & respond to threats Hardening cloud services through simulated real-world attacks Global, 24x7 incident response to mitigate effects of attacks

12 Security We chose Azure because all things being equal, it is the easiest cloud platform to work with. Security and patching is already taken care of, so it is less labour-intensive. 12

13 Infrastructure protection 24 hour monitored physical security Secure multi-tenant environment Firewalls Patch management System monitoring and logging Antivirus/antimalware protection Threat detection Forensics

14 Service security starts with physical data center Cameras 24X7 security staff Barriers Fencing Alarms Two-factor access control: Biometric readers & card readers Security operations center Seismic bracing Days of backup power Perimeter Building Computer room

15 Architected for secure multi-tenancy Customer Admin Portal SMAPI Fabric Controller Customer 1 Guest VM Customer 2 Guest VM Hypervisor Host OS End Users Guest VM Azure Storage SQL Database AZURE: Centrally manages the platform and helps isolate customer environments using the Fabric Controller Runs a configuration-hardened version of Windows Server as the Host OS Uses Hyper-V, a battle tested and enterprise proven hypervisor Runs Windows Server and Linux on Guest VMs for platform services CUSTOMER: Manages their environment through service management interfaces and subscriptions Chooses from the gallery or brings their own OS for their Virtual Machines

16

17 Microsoft and Interoperability Microsoft commitment to support Linux Red Hat, SUSE, CentOS, OpenSuse, Ubuntu, Oracle Linux, new FreeBSD 10 on Hyper-V DHMC runs both Windows Server as guest operating systems under Hyper-V, as well as Linux. To date, DHMC has virtualized Web servers, sites on Microsoft Office SharePoint Server, reporting servers, medical applications, domain controllers, file and print servers, Citrix servers, and more. CentOS Dartmouth Hitchcock Medical Center Case Study System Center Configuration Manager 2012 SP1 supports administering non-windows platforms: Linux, Unix (monitored by SCOM) and Mac OS X systems System Center Operations Manager 2012 SP1 supports monitoring of non-windows, including Linux Red Hat, SUSE, CentOS; Unix HP UX, Sun Solaris and IBM AIX; from January 2013 new Linux distributions supported: Debian Linux, Oracle Linux, Ubuntu Linux Server System Center Virtual Machine Manager 2012 manages VMware ESX servers and Citrix XEN Servers

18 Product Operations Manager Configuration Manager Endpoint Protection Virtual Machine Manager Linux UNIX Red Hat SUSE CentOS Ubuntu Debian Oracle AIX HP-UX Solaris Hyper-V No Plans Azure IaaS Future Debian 7.0 has Linux Integration Services

19 Network protection Network isolation Virtual Networks Cloud to on-premises connections Segregates network access between customers, management systems & the internet Connects cloud services using private IP addresses, subnets Site to site, point to site, and ExpressRoute help enable secure connect to Azure 19

20 Identity & access Microsoft employee access management Monitor & protect access to cloud apps Enterprise cloud identity Azure AD Multi-Factor Authentication

21 Data protection Data encryption options: Bitlocker, Azure RMS, AES 256 /512 Data segregation Data location and redundancy Data destruction

22 Data location and redundancy AZURE: Creates three copies of data in each datacenter Offers geo-replication in a datacenter 400+ miles away Does not transfer Customer Data outside of a geo (ex: from US to Europe or from Asia to US) CUSTOMER: Chooses where data resides Configures data replication options Note: data centers, Australia Q2 FY15

23 Data destruction Data Deletion Index immediately removed from primary location Geo-replicated copy of the data (index) removed asynchronously Customers can only read from disk space they have written to Disk Handling Wiping is NIST compliant Defective disks are destroyed at the datacenter

24 Privacy by design Privacy by Design Restricted data access & use Contractual commitments Privacy controls are built into Azure design and operations Customer data is only used to provide the service and is never used for advertising Data Processing Agreements, EU Model Clauses, HIPAA BAA

25 Contractual commitments EU Data Privacy Approval Microsoft meets high bar for protecting privacy of EU customer data Microsoft offers customers EU Model Clauses for transfer of personal data across international borders Microsoft s approach was approved by the Article 29 committee of EU data protection authorities the first company & cloud vendor to obtain this Broad contractual scope Microsoft makes strong contractual commitments to safeguard customer data covered by HIPAA BAA, Data Processing Agreement, & E.U. Model Clauses Enterprise cloud-service specific privacy protections benefit every industry & region

26 Privacy Our vision is to be the national leader in patient-centered e-healthcare. Using Windows Azure as our delivery system provides us with a level of trust and reliability that makes this possible.

27 Simplified compliance Information security standards Effective controls Government & industry certifications ISO SOC 1 Type 2 SOC 2 Type 2 FedRAMP/FISMA PCI DSS Level 1 UK G-Cloud

28 Certifications & programs Program ISO/IEC SOC 1 SSAE 16/ISAE 3402 SOC 2 FedRAMP/FISMA PCI DSS Level 1 UK G-Cloud IL2 HIPAA BAA Description The ISO/IEC 27001:2005 certificate validates that Azure has implemented the internationally recognized information security controls defined in this standard. Azure has also been audited against the Service Organization Control (SOC) reporting framework for SOC 1 Type 2 (formerly SAS 70), attesting to the design and operating effectiveness of its controls. Azure has been audited for SOC 2 Type 2, which includes a further examination of Azure controls related to security, availability, and confidentiality Azure has received Provisional Authorization to Operate from the Federal Risk and Authorization Management Program (FedRAMP) Joint Authorization Board (JAB), having undergone the assessments necessary to verify that it meets FedRAMP security standards. Azure has been validated for PCI-DSS Level 1 compliance by an independent Qualified Security Assessor (QSA). In the United Kingdom, Azure has been awarded Impact Level 2 (IL2) accreditation, further enhancing Microsoft and its partner offerings on the current G-Cloud procurement Framework and CloudStore. To help customers comply with HIPAA and HITECH Act security and privacy provisions, Microsoft offers a HIPAA Business Associate Agreement (BAA) to healthcare entities with access to Protected Health Information (PHI).

29 Compliance Windows Azure was attractive because it has built-in capabilities for compliance with a wide range of regulations and privacy mandates.

30 Microsoft commitment Unified platform for modern business

31 Trusted by leading companies

32 Talk to a Microsoft security expert Explore additional resources: Trustworthy Computing Cloud Services: Microsoft Trust Center for : Microsoft Security Intelligence Report

33

Microsoft Azure. Microsoft Azure Security, Privacy, & Compliance

Microsoft Azure. Microsoft Azure Security, Privacy, & Compliance Security, Privacy, & Compliance Technology trends: driving cloud adoption BENEFITS Speed Scale Economics Cloud Trend: 70% 2 weeks to deliver new services vs. 6-12 months with traditional solution Scale

More information

Microsoft Azure. White Paper Security, Privacy, and Compliance in

Microsoft Azure. White Paper Security, Privacy, and Compliance in White Paper Security, Privacy, and Compliance in Security, Privacy, and Compliance in Executive Summary The adoption of cloud services worldwide continues to accelerate, yet many organizations are wary

More information

Cloud Computing: Safe, Efficient and Easy

Cloud Computing: Safe, Efficient and Easy Microsoft Azure Cloud Computing: Safe, Efficient and Easy Linas Pečiūra Your title goes here Ref: The NIST Definition of Cloud Computing http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf

More information

Appendix D-1 to Aproove Saas Contract : Security and solution hosting provider specs.

Appendix D-1 to Aproove Saas Contract : Security and solution hosting provider specs. Appendix D-1 to Aproove Saas Contract : Security and solution hosting provider specs. The hosting company retained by Aproove is Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052 USA.

More information

The Education Fellowship Finance Centralisation IT Security Strategy

The Education Fellowship Finance Centralisation IT Security Strategy The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and

More information

White Paper How Noah Mobile uses Microsoft Azure Core Services

White Paper How Noah Mobile uses Microsoft Azure Core Services NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah

More information

TRUSTED CLOUD. Our commitment to provide a cloud you can trust. Fernando Machado Píriz September 2014

TRUSTED CLOUD. Our commitment to provide a cloud you can trust. Fernando Machado Píriz September 2014 TRUSTED CLOUD Our commitment to provide a cloud you can trust Fernando Machado Píriz September 2014 Technology Trends Driving cloud adoption 71% of strategic buyers cite scalability, cost and business

More information

Securing the Microsoft Cloud Infrastructure. Reto Häni Chief Security Officer Microsoft Western Europe MEET SWISS INFOSEC! 24.06.

Securing the Microsoft Cloud Infrastructure. Reto Häni Chief Security Officer Microsoft Western Europe MEET SWISS INFOSEC! 24.06. Securing the Microsoft Cloud Infrastructure Reto Häni Chief Security Officer Microsoft Western Europe MEET SWISS INFOSEC! 24.06.2015 1 Certification & Security Reliance Microsoft s cloud environment Application

More information

Datacenters of the Past. Datacenter of the (New) Present Datacenter without boundaries. Devices

Datacenters of the Past. Datacenter of the (New) Present Datacenter without boundaries. Devices Start Justin President Convergent Computing http://www.cco.com randm@cco.com Devices Things Apps Big data Cloud 52% of information workers across 17 countries report using 3+ devices for work 212 Billion

More information

Cloud Services Overview

Cloud Services Overview Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture

More information

Protecting Data and Privacy in the Cloud

Protecting Data and Privacy in the Cloud Protecting Data and Privacy in the Cloud Contents 1 3 6 9 12 13 Protecting Data and Privacy in the Cloud an Introduction Building Services to Protect Data Protecting Data in Service Operations Empowering

More information

Securing the Microsoft Cloud

Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed

More information

Sikkerhet i skytjenester; hva bør en tenke på? Ole Tom Seierstad National Security Officer Microsoft Norway oles@microsoft.com

Sikkerhet i skytjenester; hva bør en tenke på? Ole Tom Seierstad National Security Officer Microsoft Norway oles@microsoft.com Sikkerhet i skytjenester; hva bør en tenke på? Ole Tom Seierstad National Security Officer Microsoft Norway oles@microsoft.com Cloud is becoming integral to business transformation The secure pathway to

More information

A Flexible and Comprehensive Approach to a Cloud Compliance Program

A Flexible and Comprehensive Approach to a Cloud Compliance Program A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility

More information

Microsoft Azure. The cloud platform built for business. Tarmo Tikerpäe DC SSP Microsoft

Microsoft Azure. The cloud platform built for business. Tarmo Tikerpäe DC SSP Microsoft Microsoft Azure The cloud platform built for business Tarmo Tikerpäe DC SSP Microsoft The next strategic opportunity is here Cloud Mobile Social How do you use technology innovation Big data? to architect

More information

Hans Bos Microsoft Nederland. hans.bos@microsoft.com

Hans Bos Microsoft Nederland. hans.bos@microsoft.com Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party

More information

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing

More information

Transform the datacenter. Ovidiu Pismac MCSE Security, CISSP, MCITP Virtualization, MCTS Forefront Microsoft Romania ovidiup@microsoft.

Transform the datacenter. Ovidiu Pismac MCSE Security, CISSP, MCITP Virtualization, MCTS Forefront Microsoft Romania ovidiup@microsoft. Transform the datacenter Ovidiu Pismac MCSE Security, CISSP, MCITP Virtualization, MCTS Forefront Microsoft Romania ovidiup@microsoft.com Cloud OS Vision Microsoft s vision of the unified platform for

More information

Trusted Cloud: Microsoft Azure Security, Privacy, and Compliance. April 2015

Trusted Cloud: Microsoft Azure Security, Privacy, and Compliance. April 2015 Trusted Cloud: Microsoft Azure Security, Privacy, and Compliance April 2015 Trusted Cloud: Microsoft Azure Security, Privacy, and Compliance April, 2015 Contents Introduction...4 What customers want from

More information

Addressing Cloud Computing Security Considerations

Addressing Cloud Computing Security Considerations Addressing Cloud Computing Security Considerations with Microsoft Office 365 Protect more Contents 2 Introduction 3 Key Security Considerations 4 Office 365 Service Stack 5 ISO Certifications for the Microsoft

More information

Intro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Intro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Intro to QualysGuard IT Compliance SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe QualysGuard ICT Security Management Integrated Suite of ICT Security

More information

Shipping Products Chart. Contents

Shipping Products Chart. Contents Shipping Products Chart Currently shipping EVault Software products and supported platforms Contents Director (Vault) and Related Products Director (Vault) 8.00b ()... 2 Director Management Console (console

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

Shipping Products Chart. Contents

Shipping Products Chart. Contents Shipping Products Chart Currently shipping EVault Software products and supported platforms Contents Director (Vault) and Related Products Director (Vault) 7.11d ()... 2 Director Management Console (console

More information

Securing the Microsoft Cloud

Securing the Microsoft Cloud Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from

More information

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,

More information

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions

More information

Shipping Products Chart. Contents

Shipping Products Chart. Contents Shipping Products Chart Currently shipping EVault Software products and supported platforms Contents Director (Vault) and Related Products Director (Vault) 7.11e ()... 2 Director Management Console (console

More information

Shipping Products Chart. Contents

Shipping Products Chart. Contents Shipping Products Chart Currently shipping EVault Software products and supported platforms Contents Director (Vault) and Related Products Director (Vault) 7.11c ()... 2 Director Management Console (console

More information

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation

Cloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways

More information

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Ensuring Enterprise Data Security with Secure Mobile File Sharing. A c c e l l i o n S e c u r i t y O v e r v i e w Ensuring Enterprise Data Security with Secure Mobile File Sharing. Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite

More information

In the Cloud We Trust!

In the Cloud We Trust! In the Cloud We Trust! Dejan Cvetkovic CTO, Microsoft CEE ISACA, Athens, Greece, November 24 th, 2015 Agenda Compliance for Financial Services The Microsoft Approach to Compliance Risk Management and Threat

More information

SECURE CLOUD COMPUTING

SECURE CLOUD COMPUTING Outline SECURE CLOUD COMPUTING Introduction (of many buzz words) References What is Cloud Computing Cloud Computing Infrastructure Security Cloud Storage and Data Security Identity Management in the Cloud

More information

Cloud Security. Are you on the train or the tracks? ISSA CISO Executive Forum April 18, 2015. Brian Grayek CISSP, CCSK, ITILv3

Cloud Security. Are you on the train or the tracks? ISSA CISO Executive Forum April 18, 2015. Brian Grayek CISSP, CCSK, ITILv3 Cloud Security Are you on the train or the tracks? ISSA CISO Executive Forum April 18, 2015 Brian Grayek CISSP, CCSK, ITILv3 1 Agenda: Facts Opinions (based on experience) A little humor Some gold nuggets

More information

ANDREW HERTENSTEIN Manager Microsoft Modern Datacenter and Azure Solutions En Pointe Technologies Phone 317-362-1213

ANDREW HERTENSTEIN Manager Microsoft Modern Datacenter and Azure Solutions En Pointe Technologies Phone 317-362-1213 ANDREW HERTENSTEIN Manager Microsoft Modern Datacenter and Azure Solutions En Pointe Technologies Phone 317-362-1213 Application Compatibility Many organizations have business critical or internally

More information

Security and Billing for Azure Pack. Presented by 5nine Software and Cloud Cruiser

Security and Billing for Azure Pack. Presented by 5nine Software and Cloud Cruiser Security and Billing for Azure Pack Presented by 5nine Software and Cloud Cruiser Meet our Speakers Symon Perriman VP of Business Development 5nine Software symon@5nine.com @SymonPerriman Paul Zinn Senior

More information

Shipping Products Chart. Contents

Shipping Products Chart. Contents Shipping Products Chart Currently shipping EVault Software products and supported platforms Contents Director (Vault) and Related Products Director (Vault) 7.02b ()... 2 Director Console (console only)

More information

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities

More information

Realizing the Benefits of Hybrid Cloud. Anand MS Cloud Solutions Architect Microsoft Asia Pacific

Realizing the Benefits of Hybrid Cloud. Anand MS Cloud Solutions Architect Microsoft Asia Pacific Realizing the Benefits of Hybrid Cloud Anand MS Cloud Solutions Architect Microsoft Asia Pacific Agenda Key drivers for Hybrid Cloud Unified Cloud Strategy Example Use Cases How to get there Hybrid Cloud:

More information

THE BLUENOSE SECURITY FRAMEWORK

THE BLUENOSE SECURITY FRAMEWORK THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program

More information

Security Overview Enterprise-Class Secure Mobile File Sharing

Security Overview Enterprise-Class Secure Mobile File Sharing Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud

More information

Securing the Cloud Infrastructure

Securing the Cloud Infrastructure EXECUTIVE STRATEGY BRIEF Microsoft recognizes that security and privacy protections are essential to building the necessary customer trust for cloud computing to reach its full potential. This strategy

More information

Asigra Cloud Backup V13 Delivers Enhanced Protection for Your Critical Enterprise Data

Asigra Cloud Backup V13 Delivers Enhanced Protection for Your Critical Enterprise Data Datasheet Asigra Cloud Backup V13 Delivers Enhanced Protection for Your Critical Enterprise Data Ensure the critical data you need to run your operations, serve customers, gain competitive advantage, and

More information

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility. FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer

More information

Microsoft Azure. Rich Lilly Project Leadership Associates

Microsoft Azure. Rich Lilly Project Leadership Associates Microsoft Azure Rich Lilly Project Leadership Associates http://www.linkedin.com/in/rich04 rlilly@projectleadership.net b-richl@microsoft.com 8.5 trillion stored objects 900K request/sec on average (2.3+

More information

Cloud Assurance: Ensuring Security and Compliance for your IT Environment

Cloud Assurance: Ensuring Security and Compliance for your IT Environment Cloud Assurance: Ensuring Security and Compliance for your IT Environment A large global enterprise has to deal with all sorts of potential threats: advanced persistent threats (APTs), phishing, malware

More information

Cloud Courses Description

Cloud Courses Description Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment

More information

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 2 How does IBM deliver cloud security? Contents 2 Introduction 3 Cloud governance 3 Security governance, risk management

More information

Microsoft is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries.

Microsoft is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries. Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names,

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

MANAGED MICROSOFT AZURE SERVICES

MANAGED MICROSOFT AZURE SERVICES MANAGED MICROSOFT AZURE SERVICES Moving Your Applications to the Microsoft Azure Cloud? Let Connectria Help. No other provider hosts as many technologies in the Cloud as Connectria. If you re interested

More information

Leveraging Technology New Horizons Computer Learning Center of Memphis

Leveraging Technology New Horizons Computer Learning Center of Memphis New Horizons Computer Learning Center of Memphis Presents Leveraging Technology Presenter: Charles B. Watkins, Sr. Technical Instructor New Horizons Computer Learning Center of Memphis About Me: Agenda:

More information

Frequently Asked Questions

Frequently Asked Questions Frequently Asked Questions Page 1 Instsanda FAQs v1.2 Instanda FAQs Contents Hosting, Security, Monitoring and Management... 3 Where is Instanda hosted?... 3 What is the hosting datacentre compliance?...

More information

Building Secure Cloud Applications. On the Microsoft Windows Azure platform

Building Secure Cloud Applications. On the Microsoft Windows Azure platform Building Secure Cloud Applications On the Microsoft Windows Azure platform Contents 1 Security and the cloud 3 1.1 General considerations 3 1.2 Questions to ask 3 2 The Windows Azure platform 4 2.1 Inside

More information

Standards and Open Source: Trends Affecting Microsoft and You. October 9, 2014 8:00 am 8:50 am

Standards and Open Source: Trends Affecting Microsoft and You. October 9, 2014 8:00 am 8:50 am Standards and Open Source: Trends Affecting Microsoft and You October 9, 2014 8:00 am 8:50 am Moderator David Ezell Principal Software Architect VeriFone Inc. Speaker Brian Benz Senior Technical Evangelist

More information

EXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources

EXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources EXECUTIVE STRATEGY BRIEF Securing the Cloud Infrastructure Cloud Resources 01 Securing the Cloud Infrastructure / Executive Strategy Brief Securing the Cloud Infrastructure Microsoft recognizes that trust

More information

How to Build an End-to-End Secured Hybrid Cloud for Your Enterprise. Ekkarat Klinbubpa Henky Alimin Sanguan Thammarojsakul

How to Build an End-to-End Secured Hybrid Cloud for Your Enterprise. Ekkarat Klinbubpa Henky Alimin Sanguan Thammarojsakul How to Build an End-to-End Secured Hybrid Cloud for Your Enterprise Ekkarat Klinbubpa Henky Alimin Sanguan Thammarojsakul CLOUD MOMENTUM CONTINUES TO ACCELERATE If you re resisting the cloud because of

More information

Transparency. Privacy. Compliance. Security. What does privacy at Microsoft mean? Are you using my data to build advertising products?

Transparency. Privacy. Compliance. Security. What does privacy at Microsoft mean? Are you using my data to build advertising products? Privacy Transparency What does privacy at Microsoft mean? Are you using my data to build advertising products? Where is my data? Who has access to my data? Compliance What certifications and capabilities

More information

Cloud Security and Managing Use Risks

Cloud Security and Managing Use Risks Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access

More information

With Eversync s cloud data tiering, the customer can tier data protection as follows:

With Eversync s cloud data tiering, the customer can tier data protection as follows: APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software

More information

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns

More information

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014 IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security

More information

CONTENT OUTLINE. Background... 3 Cloud Security... 3. Instance Isolation:... 4. SecureGRC Application Security... 5

CONTENT OUTLINE. Background... 3 Cloud Security... 3. Instance Isolation:... 4. SecureGRC Application Security... 5 Page 2 Disclaimer THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF THE LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

Microsoft s Compliance Framework for Online Services

Microsoft s Compliance Framework for Online Services Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft

More information

Course 20533: Implementing Microsoft Azure Infrastructure Solutions

Course 20533: Implementing Microsoft Azure Infrastructure Solutions Course 20533: Implementing Microsoft Azure Infrastructure Solutions Overview About this course This course is aimed at experienced IT Professionals who currently administer their on-premises infrastructure.

More information

Implementing Microsoft Azure Infrastructure Solutions

Implementing Microsoft Azure Infrastructure Solutions Course Code: M20533 Vendor: Microsoft Course Overview Duration: 5 RRP: 2,025 Implementing Microsoft Azure Infrastructure Solutions Overview This course is aimed at experienced IT Professionals who currently

More information

ISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services

ISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services ISSUE BRIEF Cloud Security for Federal Agencies Achieving greater efficiency and better security through federally certified cloud services This paper is intended to help federal agency executives to better

More information

Cloud Security Trust Cisco to Protect Your Data

Cloud Security Trust Cisco to Protect Your Data Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive

More information

Securing Oracle E-Business Suite in the Cloud

Securing Oracle E-Business Suite in the Cloud Securing Oracle E-Business Suite in the Cloud November 18, 2015 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy Corporation Agenda The

More information

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions

More information

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud Simone Brunozzi, AWS Technology Evangelist, APAC Fortress in the Cloud AWS Cloud Security Model Overview Certifications & Accreditations Sarbanes-Oxley (SOX) compliance ISO 27001 Certification PCI DSS

More information

Seeing Though the Clouds

Seeing Though the Clouds Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating

More information

Cloud Courses Description

Cloud Courses Description Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,

More information

Cloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs

Cloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs Cloud Computing In a Post Snowden World Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs Guy Wiggins Director of Practice Management Kelley Drye & Warren

More information

Cloud Computing: The Next Big Thing?

Cloud Computing: The Next Big Thing? May 28 th, 2014 Athens, Greece Cloud Computing: The Next Big Thing? Where we are. What lies ahead. About Performance For more than 15 years, we architect, implement and deliver state of the art solutions

More information

Feliciano Intini Responsabile dei programmi di Sicurezza e Privacy Microsoft Italia

Feliciano Intini Responsabile dei programmi di Sicurezza e Privacy Microsoft Italia Feliciano Intini Responsabile dei programmi di Sicurezza e Privacy Microsoft Italia NonSoloSecurity Blog: http://blogs.technet.com/feliciano_intini Twitter: @felicianointini Trustworthy Computing Cloud:

More information

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred DETECT All changes across your IT environment With coverage for your servers, network devices, critical workstations, point of sale systems, and more, CimTrak has your infrastructure covered. CimTrak provides

More information

VEMBU VS VEEAM. Why Vembu is Better VEMBU TECHNOLOGIES TRUSTED BY OVER 25,000 BUSINESSES. www.vembu.com

VEMBU VS VEEAM. Why Vembu is Better VEMBU TECHNOLOGIES TRUSTED BY OVER 25,000 BUSINESSES. www.vembu.com VS Why Vembu is Better TECHNOLOGIES www.vembu.com Copyright Information Information in this document is subject to change without notice. The entire risk of the use or the results of the use of this document

More information

Cloud Service Providers Overcoming security and compliance barriers

Cloud Service Providers Overcoming security and compliance barriers Cloud Service Providers Overcoming security and compliance barriers Dr Theodoros Stergiou, CEng, CPMM Security Solutions Product Manager & Cloud Security Officer Agenda A brief introduction Security barriers

More information

AWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II

AWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II AWS Security CJ Moses Deputy Chief Information Security Officer Security is Job Zero! Overview Security Resources Certifications Physical Security Network security Geo-diversity and Fault Tolerance GovCloud

More information

How Microsoft is taking Privacy by Design to Work. Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015

How Microsoft is taking Privacy by Design to Work. Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015 How Microsoft is taking Privacy by Design to Work Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015 Agenda Introducing the New Microsoft Microsoft privacy principle Protecting privacy

More information

Windows Least Privilege Management and Beyond

Windows Least Privilege Management and Beyond CENTRIFY WHITE PAPER Windows Least Privilege Management and Beyond Abstract Devising an enterprise-wide privilege access scheme for Windows systems is complex (for example, each Window system object has

More information

APS Connect Denver, CO

APS Connect Denver, CO New Generation Data Protection Powered by the Acronis AnyData Engine APS Connect Denver, CO Jon Farmer February 26, 2015 2015 Acronis Industry Leader in Data Protection Market Leading Solutions & Technology

More information

GoodData Corporation Security White Paper

GoodData Corporation Security White Paper GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP SOLUTION BRIEF PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP The benefits of cloud computing are clear and compelling: no upfront investment, low ongoing costs, flexible capacity and fast application

More information

HC3 Draft Cloud Security Assessment

HC3 Draft Cloud Security Assessment HC3 Draft Cloud Security Assessment Respondent Contact Information First Name: Grant Company: Ostendio Email: gelliott@ostendio.com Last Name: Elliott Company Address: Ostendio Date: 01/27/2015 Information

More information

IBM G-Cloud Microsoft Windows Active Directory as a Service

IBM G-Cloud Microsoft Windows Active Directory as a Service IBM G-Cloud Microsoft Windows Active Directory as a Service Service Definition IBM G-Cloud Windows AD as a Service 1 1. Summary 1.1 Service Description This offering is provided by IBM Global Business

More information

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment

More information

Governance and Control in the Cloud. Infrastructure as a Service

Governance and Control in the Cloud. Infrastructure as a Service 1 Governance and Control in the Cloud Infrastructure as a Service Cows 2 The Triumph of the Utility 3 Our Discussion 4 How we ll talk about Governance and Controls today Not an IT-assurance methodology

More information

Cloud Data Security. Sol Cates CSO @solcates scates@vormetric.com

Cloud Data Security. Sol Cates CSO @solcates scates@vormetric.com Cloud Data Security Sol Cates CSO @solcates scates@vormetric.com Agenda The Cloud Securing your data, in someone else s house Explore IT s Dirty Little Secret Why is Data so Vulnerable? A bit about Vormetric

More information

Sean Horne CTO EMC UKI. The leakage of Intellectual Property.. .and the risk of Privacy, Trustworthiness, Governance and Data Breaches

Sean Horne CTO EMC UKI. The leakage of Intellectual Property.. .and the risk of Privacy, Trustworthiness, Governance and Data Breaches Sean Horne CTO EMC UKI The leakage of Intellectual Property...and the risk of Privacy, Trustworthiness, Governance and Data Breaches 1 The business of Insurance is guided by Trust Insurance is a promise

More information

Secure Your Business with EVault Cloud-Connected Solutions

Secure Your Business with EVault Cloud-Connected Solutions Secure Your Business with EVault Cloud-Connected Solutions Winfried Posthumus Channel Sales Manager NL Winfried.Posthumus@evault.com 11/22/2012 2012 EVault, Inc. All Rights Reserved 1 Agenda Who is EVault

More information

Healthcare: La sicurezza nel Cloud October 18, 2011. 2011 IBM Corporation

Healthcare: La sicurezza nel Cloud October 18, 2011. 2011 IBM Corporation Healthcare: La sicurezza nel Cloud October 18, 2011 Cloud Computing Tests The Limits Of Security Operations And Infrastructure Security and Privacy Domains People and Identity Data and Information Application

More information

Introduction to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Introduction to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Introduction to QualysGuard IT Compliance SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe A Unified and Continuous View of ICT Security, Risks and

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility

More information

Optimizing IT costs with Cloud. Tarmo Tikerpäe Datacenter SSP Microsoft Corporation

Optimizing IT costs with Cloud. Tarmo Tikerpäe Datacenter SSP Microsoft Corporation Optimizing IT costs with Cloud Tarmo Tikerpäe Datacenter SSP Microsoft Corporation BENEFITS Speed Scale Economics Cloud Trend: 70% 2 weeks to deliver new services vs. 6-12 months with traditional solution

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

PCI Compliance for Cloud Applications

PCI Compliance for Cloud Applications What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage

More information