Sikkerhet i skytjenester; hva bør en tenke på? Ole Tom Seierstad National Security Officer Microsoft Norway oles@microsoft.com
|
|
- Alannah Morgan
- 8 years ago
- Views:
Transcription
1 Sikkerhet i skytjenester; hva bør en tenke på? Ole Tom Seierstad National Security Officer Microsoft Norway oles@microsoft.com
2 Cloud is becoming integral to business transformation The secure pathway to innovation Start with a trusted & resilient foundation Leverage economies of scale and expertise Use the cloud to drive business strategy Reshape how you engage with customers Enable more productive work Drive new and more rapid sources of innovation 2
3 Cybersecurity concerns persist Global attacks are increasing and costs are rising Cybercrime extracts between 15% and 20% of the value created by the Internet. 1 In the UK, 81% of large corporations and 60% of small businesses reported a cyberbreach in the past year. 2 Total financial losses attributed to security compromises increased 34% in Impact of cyber attacks could be as much as $3 trillion in lost productivity and growth. 4 3
4 But cloud momentum continues to accelerate If you re resisting the cloud because of security concerns, you re running out of excuses. The question is no longer: How do I move to the cloud? Instead, it s Now that I m in the cloud, how do I make sure I ve optimized my investment and risk exposure? By 2020 clouds will stop being referred to as public and private. It will simply be the way business is done and IT is provisioned. 4
5 Technology is evolving at lightning speed
6 Holistic Tension strategy between to innovation drive business & security success risks Business Innovation SECURITY STRATEGY Extend Trust and Data to Devices Secure new patterns of Data Security Risks Extend Trust to Cloud Service Providers Protect new forms of value generation from big data
7 The Microsoft Trusted Cloud 200+ cloud services, 1+ million servers, $15B+ infrastructure investment 57% of Fortune ,000 new subscribers per week million active users 4 Online 5.5+ billion worldwide queries each month million users per month 5 1 billion customers, 20 million businesses, 90 countries worldwide billion worldwide users 2 48 million members in 57 countries million unique users each month 6 7
8 Microsoft Azure a trusted foundation Privacy and Security Transparency Compliance Control 8 8
9 Microsoft Data Center Unified platform for modern business Compute Data Storage Network Services App Services Global Physical Infrastructure Stores over 4 trillion objects Handles on average 127,000 requests/second Peak of 880,000 requests/second 9
10 Microsoft Data Center Scale Microsoft has datacenter capacity around the world and we re growing Quincy Cheyenne Chicago Des Moines Boydton Dublin Amsterdam Shanghai Japan Hong Kong San Antonio Singapore Brazil 35+ factors in site selection: Proximity to customers Energy, Fiber Infrastructure Skilled workforce Australia 10
11 Certification & Security Reliance Microsoft s cloud environment Application Software as a Service (SaaS) Consumer and small business services Enterprise services Third-party hosted services Microsoft IT PaaS IaaS Physical Cloud Infrastructure and Operations Datacenters Operations Global Network Security 11
12 Responsibility On-Prem IaaS PaaS SaaS Risk customers must manage Data Classification End Point Devices Shared risks Identity & access management Data classification and accountability Client & end-point protection Identity & access management Application level controls Network controls Risks a provider can help reduce Physical Networking Host Security Physical Security Cloud Customer Cloud Provider
13 24-hour security monitoring of data centers Perimeter security Fire suppression Multi-factor authentication Premises monitoring
14 Customer risk management Public Data Internal Data Confidential Data
15
16 Transparency in action
17 Cybersecurity
18 Trustworthy Privacy foundation Privacy by Design Microsoft privacy principles are designed to facilitate the responsible use of customer data, be transparent about practices, and offer meaningful privacy choices. Microsoft Privacy Standard Guidelines that help ensure privacy is applied in the development and deployment of products and services. Data segregation Azure uses logical isolation to segregate each customer s data from that of others. 19
19 ISO/IEC Microsoft is the first major cloud provider to adopt the first international code of practice for governing the processing of personal information by cloud service providers. Prohibits use of customer data for advertising and marketing purposes without customer s express consent. Prevents use of customer data for purposes unrelated to providing the cloud service. 20
20 ISO Born in the Cloud Key Principles - Cloud providers must: Not use data for advertising or marketing unless express consent is obtained Be transparent about data location and how data is handled Provide customers with control over how their data is used Be accountable to determine if customer data was impacted by a breach of information security Communicate to customers and regulators in the event of a breach Have services independently audited for compliance with this standard
21 Contractual commitments Adopt ISO/IEC code of practice Microsoft was the first major cloud service provider to Offer customers E.U. Standard Contractual Clauses that provide specific contractual guarantees around transfers of personal data for in-scope services. Have European data privacy authorities validate that its enterprise agreement meets EU requirements on international data transfers Abide by US-EU Safe Harbor Framework and the US-Swiss Safe Harbor Program. 22
22 Restricted data access Customer data is only accessed when necessary to support customer s use of Azure (e.g. troubleshooting or feature improvement), or when required by law. When granted, access is controlled and logged. Strong authentication, including MFA, helps limit access to authorized personnel only. Access is revoked as soon as it s no longer needed. Access controls are verified by independent audit and certifications. 23
23 Customer Data When a customer utilizes Azure, they retain exclusive ownership of their data. Control over data location Customers choose data location and replication options. Role based access control Tools support authorization based on a user s role, simplifying access control across defined groups of users. Encryption key management Customers have the flexibility to generate and manage their own encryption keys. Control over data destruction Deletion of data on customer request and on contract termination. 24
24 Enable customers to meet global compliance standards in ISO 27001, EUMC, HIPAA, FISMA Contractually commit to privacy, security and handling of customer data through Data Processing Agreements Admin Controls like Data Loss Prevention, Archiving, E-Discovery to enable organizational compliance CJIS Yes No Yes No No EU Model Clauses Yes Yes Yes Yes No EU Safe Harbor Yes Yes Yes Yes Yes FedRamp (Moderate) Yes No Yes No No FERPA Yes Yes Yes N/A Yes HIPAA/BAA Yes Yes Yes Yes No US Government Cloud Yes Yes Yes No No UK G-Cloud Yes Yes Yes No No ISO 27001:2013 (w/iso 27018:2014) Yes Yes Yes Yes Yes (ISO 27001:2005) PCI DSS N/A N/A Yes N/A N/A SOC 1 Type 2 - (SSAE 16 / ISAE 3402) Yes Yes Yes Yes No SOC 2 Type 2 - (AT Section 101) Yes No Yes Yes No
25
26 Law enforcement requests Microsoft does not disclose Customer Data to law enforcement unless as directed by customer or required by law, and will notify customers when compelled to disclose, unless prohibited by law. The Law Enforcement Request Report discloses details of requests every 6 months. Microsoft doesn t provide any government with direct or unfettered access to Customer Data. Microsoft only releases specific data mandated by the relevant legal demand. If a government wants customer data it needs to follow the applicable legal process. Microsoft only responds to requests for specific accounts and identifiers. 27
27 Source:
28
29
30
31 Compliance Program Region Description ISO WW Broad international information security standard. Results in a formal certification. ISO EU, WW International standard for the protection of privacy and personal data in the cloud. Code of practice that provides guidelines, no certification possible. EU Model Clauses EU Contractual addendum offered to EU customers requiring additional safeguards for the protection of personal data beyond Safe Harbor Framework. G-Cloud UK G-Cloud v6 process requires CSPs to self-certify and supply evidence against 14 cloud security principles. SOC 1 WW Key attestation based on AICPA SSAE 16 standard. SOC 2, SOC 3 WW Key attestation based on AICPA AT 101 standard. HIPAA BAA US Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a US Federal law. Business Associate Agreement (BAA) is a contract addendum offered to customers. 21 CFR Part 11 GxP Life Sciences US, WW Food and Drug Administration (FDA) governed storage of electronic records. Good practices for Manufacturing, Laboratory, and Clinical records. FISMA / FedRAMP US Gov Federal Risk and Authorization Management Program (FedRAMP) Authorization to Operate (ATO) is required for Cloud Service Providers who wish to sell their services to US Federal agencies. FIPS US Gov Security requirements for cryptographic modules. CNSSI 1253 US Gov Committee on National Security Systems Instruction No specifies options in the NIST security controls. CJIS US Gov Criminal Justice Information Services (CJIS) is a division of the FBI that provides state, local, and federal law enforcement agencies with access to information concerning individuals, stolen property, criminal organizations, etc. CJIS Security Policy defines 11 policy areas that Cloud Service Providers need to evaluate to meet CJIS requirements. DIACAP / DIARMF US Gov Department of Defense Information Assurance Certification and Accreditation process being migrated to Risk Management Framework.
32 Compliance Program Region Description DoD US Gov Set up by Defense Information Systems Agency (DISA) to test Records Management Applications. ITAR US Gov International Traffic in Arms Regulation controls the export and import of defense-related articles and services on the US Munitions List. DISA DoD SRG US Gov The US Department of Defense (DoD) designated the Defense Information Systems Agency (DISA) to perform cloud brokerage functions. DISA issued a Security Requirements Guide (SRG) that aligns their authorization closely to FedRAMP. SEC 17a-4 US Archival storage of broker-dealer records with guaranteed data immutability for predetermined duration of time. FERPA US Family Education Rights and Privacy Act. What s needed is guidance offered to educational institutions. FFIEC US Federal Financial Institutions Examination Council prescribes standards for federal examination of financial institutions. GLB Act US Gramm-Leach-Bliley Act is the Financial Modernization Act of 1999 has security and privacy implications for FSI. IRS 1075 US Safeguards for protecting federal tax information at all points where it is received, processed, stored, and maintained. MTCS Singapore Multi-Tier Cloud Security (MTCS) standard developed by Infocomm Development Authority of Singapore (IDA). OSFI Canada Office of the Superintendent of Financial Institutions expectations for federally regulated financial institutions. FISC Japan The Center for Financial Industry Information Systems. PCI DSS WW Payment Card Industry Data Security Standard. Required when CC data is stored, processed, or accessed in the cloud. TC 260 China Procurement guidelines regarding cloud security issued by the Ministry of Industry and Information Technology (MIIT). MLPS China Multi Level Protocol Scheme issued by the Ministry of Public Security (MPS). Under development. Expected mid 2015.
33 Microsoft Azure Key Vault Azure IaaS Azure PaaS SQL Server PKI 3 rd party Secure VM Custom LOB Application 2 Applications get high performance access to your secrets on your terms 1 You manage your secrets Import keys On-premises HSM Microsoft Confidential
How Microsoft is taking Privacy by Design to Work. Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015
How Microsoft is taking Privacy by Design to Work Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015 Agenda Introducing the New Microsoft Microsoft privacy principle Protecting privacy
More informationAppendix D-1 to Aproove Saas Contract : Security and solution hosting provider specs.
Appendix D-1 to Aproove Saas Contract : Security and solution hosting provider specs. The hosting company retained by Aproove is Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052 USA.
More informationTRUSTED CLOUD. Our commitment to provide a cloud you can trust. Fernando Machado Píriz September 2014
TRUSTED CLOUD Our commitment to provide a cloud you can trust Fernando Machado Píriz September 2014 Technology Trends Driving cloud adoption 71% of strategic buyers cite scalability, cost and business
More informationThe Education Fellowship Finance Centralisation IT Security Strategy
The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and
More informationTrusted Cloud: Microsoft Azure Security, Privacy, and Compliance. April 2015
Trusted Cloud: Microsoft Azure Security, Privacy, and Compliance April 2015 Trusted Cloud: Microsoft Azure Security, Privacy, and Compliance April, 2015 Contents Introduction...4 What customers want from
More informationIn the Cloud We Trust!
In the Cloud We Trust! Dejan Cvetkovic CTO, Microsoft CEE ISACA, Athens, Greece, November 24 th, 2015 Agenda Compliance for Financial Services The Microsoft Approach to Compliance Risk Management and Threat
More informationFive steps to Cloud Adoption. Laurent De Grauwe Sales Manager Datacenter
Five steps to Cloud Adoption Laurent De Grauwe Sales Manager Datacenter 1 How Microsoft defines cloud Microsoft You One consistent experience Service provider Why Microsoft and the cloud? Cloud services
More informationBrad Smith, General Counsel & Executive Vice President, Legal and Corporate Affairs, Microsoft
Brad Smith, General Counsel & Executive Vice President, Legal and Corporate Affairs, Microsoft 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be
More informationSecuring the Microsoft Cloud Infrastructure. Reto Häni Chief Security Officer Microsoft Western Europe MEET SWISS INFOSEC! 24.06.
Securing the Microsoft Cloud Infrastructure Reto Häni Chief Security Officer Microsoft Western Europe MEET SWISS INFOSEC! 24.06.2015 1 Certification & Security Reliance Microsoft s cloud environment Application
More informationWith Eversync s cloud data tiering, the customer can tier data protection as follows:
APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software
More informationMicrosoft Azure. The cloud platform built for business. Tarmo Tikerpäe DC SSP Microsoft
Microsoft Azure The cloud platform built for business Tarmo Tikerpäe DC SSP Microsoft The next strategic opportunity is here Cloud Mobile Social How do you use technology innovation Big data? to architect
More informationHow To Get A Cloud Security System To Work For You
Trust in the Cloud Ovidiu Pismac MCSE Security, CISSP, MCSE Private Cloud / Server & Desktop infrastructure, MCTS Forefront Microsoft Romania ovidiup@microsoft.com Technology trends: driving cloud adoption
More informationTransparency. Privacy. Compliance. Security. What does privacy at Microsoft mean? Are you using my data to build advertising products?
Privacy Transparency What does privacy at Microsoft mean? Are you using my data to build advertising products? Where is my data? Who has access to my data? Compliance What certifications and capabilities
More information10 Considerations for a Cloud Procurement. Anthony Kelly Erick Trombley David DeBrandt Carina Veksler January 2015
10 Considerations for a Cloud Procurement Anthony Kelly Erick Trombley David DeBrandt Carina Veksler January 2015 www.lbmctech.com info@lbmctech.com Purpose: Cloud computing provides public sector organizations
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationCloud-Scale Datacenters. Tarmo Tikerpäe DC SSP Microsoft Corporation
Cloud-Scale Datacenters Tarmo Tikerpäe DC SSP Microsoft Corporation 1 5.8+ billion worldwide queries each month 250+ million active users 400+ million Active accounts 2.4+ million emails per day 8.6+ trillion
More informationHans Bos Microsoft Nederland. hans.bos@microsoft.com
Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party
More informationMicrosoft Azure. White Paper Security, Privacy, and Compliance in
White Paper Security, Privacy, and Compliance in Security, Privacy, and Compliance in Executive Summary The adoption of cloud services worldwide continues to accelerate, yet many organizations are wary
More informationA Flexible and Comprehensive Approach to a Cloud Compliance Program
A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility
More informationIntermedia s Dedicated Exchange
Intermedia s Dedicated Exchange This is a practical guide to implementing Intermedia s Dedicated Hosted Exchange on AWS. Intermedia, the world s independent provider of Hosted Exchange, and AWS, the leading
More informationMicrosoft Azure. Microsoft Azure Security, Privacy, & Compliance
Security, Privacy, & Compliance Technology trends: driving cloud adoption BENEFITS Speed Scale Economics Cloud Trend: 70% 2 weeks to deliver new services vs. 6-12 months with traditional solution Scale
More informationTransform the datacenter. Henk Den Baes Technology Advisor Datacenter
Transform the datacenter Henk Den Baes Technology Advisor Datacenter Things + devices Applications Data Infrastructure $1.9T Gartner estimates the total economic value-add from the Internet of Things across
More informationInformation Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy
Information Security ISO Standards Feb 11, 2015 Glen Bruce Director, Enterprise Risk Security & Privacy Agenda 1. Introduction Information security risks and requirements 2. Information Security Management
More informationMicrosoft Cloud Platform. Kris Vandermeulen Product Manager Datacenter Microsoft 5/2/2015
Microsoft Cloud Platform Kris Vandermeulen Product Manager Datacenter Microsoft 5/2/2015 Things + devices Applications Data Infrastructure Things + devices Applications Data Infrastructure $1.9T $77B $1.6T
More informationProtecting Data and Privacy in the Cloud
Protecting Data and Privacy in the Cloud Contents 1 3 6 9 12 13 Protecting Data and Privacy in the Cloud an Introduction Building Services to Protect Data Protecting Data in Service Operations Empowering
More informationCloud e-mail services: Security, Compliance and Privacy. Nasos Kladakis Solutions Specialist Microsoft Hellas
Cloud e-mail services: Security, Compliance and Privacy Nasos Kladakis Solutions Specialist Microsoft Hellas Risk Management Program Overview Information Security Policy Security Privacy & Regulatory Service
More informationMicrosoft s Datacenter Best Practices. Darryl Chantry Datacenter Solutions Architect Worldwide Datacenter Center of Excellence
Microsoft s Datacenter Best Practices Darryl Chantry Datacenter Solutions Architect Worldwide Datacenter Center of Excellence We Are Unique in Our Comprehensive Approach Interactive entertainment Search/
More informationAmazon Web Services: Risk and Compliance January 2013
Amazon Web Services: Risk and Compliance January 2013 (Please consult http://aws.amazon.com/security for the latest version of this paper) Page 1 of 59 This document intends to provide information to assist
More informationCloud Security Certification
Cloud Security Certification January 21, 2015 1 Agenda 1. What problem are we solving? 2. Definitions (Attestation vs Certification) 3. Cloud Security Responsibilities and Risk Exposure 4. Who is responsible
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed
More informationA COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012
A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES
More informationAmazon Web Services: Risk and Compliance January 2011
Amazon Web Services: Risk and Compliance January 2011 (Please consult http://aws.amazon.com/security for the latest version of this paper) 1 This document intends to provide information to assist AWS customers
More information<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129
Addendum Amendment ID Proposal ID Enrollment number Microsoft to complete This addendum ( Windows Azure Addendum ) is entered into between the parties identified on the signature form for the
More informationCloud Security Trust Cisco to Protect Your Data
Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive
More informationCloud Computing: Safe, Efficient and Easy
Microsoft Azure Cloud Computing: Safe, Efficient and Easy Linas Pečiūra Your title goes here Ref: The NIST Definition of Cloud Computing http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf
More informationHow to Build an End-to-End Secured Hybrid Cloud for Your Enterprise. Ekkarat Klinbubpa Henky Alimin Sanguan Thammarojsakul
How to Build an End-to-End Secured Hybrid Cloud for Your Enterprise Ekkarat Klinbubpa Henky Alimin Sanguan Thammarojsakul CLOUD MOMENTUM CONTINUES TO ACCELERATE If you re resisting the cloud because of
More informationAnypoint Platform Cloud Security and Compliance. Whitepaper
Anypoint Platform Cloud Security and Compliance Whitepaper 1 Overview Security is a top concern when evaluating cloud services, whether it be physical, network, infrastructure, platform or data security.
More informationMagento Enterprise Cloud Edition A Platform-as-a-Service for Your Business. Peter Sheldon VP Strategy, Magento Commerce
Magento Enterprise Cloud Edition A Platform-as-a-Service for Your Business Peter Sheldon VP Strategy, Magento Commerce 88% of Organizations Have a Cloud 1 st Strategy Source: Gartner Forecast Analysis:
More informationAmazon Web Services: Risk and Compliance July 2012
Amazon Web Services: Risk and Compliance July 2012 (Please consult http://aws.amazon.com/security for the latest version of this paper) 1 This document intends to provide information to assist AWS customers
More informationData, Data, Who Has The Data?
Data, Data, Who Has The Data? 13 February 2015 Mari Heiser IBM STSM (Senior Technical Staff Member) Master Certified Architect IBM Cloud Security and Compliance Twitter: @MariHeiser What is Cloud? The
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationBeing compliant in the cloud.
Being compliant in the cloud. A framework to guide your thinking and protect your business as you consider a move to the cloud. Tim Walwyn, Principal Technology Strategist at bluesource 1 of 10 www.bluesource.co.uk
More informationThe Internet of Things, big data and the cloud: implications for privacy and trust
The Internet of Things, big data and the cloud: implications for privacy and trust Russell Craig National Technology Officer, Microsoft NZ russell.craig@microsoft.com What are we going to talk about? What
More informationMicrosoft Azure. Die "Hyper-Scale" Cloudplattform. Gerwald Oberleitner 22. September 2015
Microsoft Azure Die "Hyper-Scale" Cloudplattform Gerwald Oberleitner 22. September 2015 Wie sich Microsoft Hyper-scale Azure differenziert Enterprise Grade Hybrid Azure footprint Azure footprint Datacenter
More informationud Infrastructure irector, Datacenter Evangelism rastructure & Operations
er-scale ud Infrastructure akken irector, Datacenter Evangelism rastructure & Operations yper-scale infrastructure strategy principles Hyper Scalable Dynamic Supply Chain Cost Model & Demand Forecasting
More informationSATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks
SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks Moving to the Cloud - Identifying & Managing Legal, Ethical
More informationDoD Cloud Computing Security Requirements Guide (SRG) Overview
DoD Cloud Computing Security Requirements Guide (SRG) Overview 1 General SRG Information Released 12 January 2015 Version 1, release 1 Provides comprehensive security guidance for components (missions)
More informationAcquia Comments on EU Recommendations for Data Processing in the Cloud
Acquia Comments on EU Recommendations for Data Processing in the Cloud Executive Summary On July 1, 2012, European Union (EU) data protection regulators provided guidelines for service providers processing
More informationWe employ third party monitoring services to continually audit our systems to measure performance and identify potential bottlenecks.
Cloud computing, often referred to as simply the cloud, is the delivery of on-demand computing resources over the internet through a global network of state-of-the-art data centers. Cloud based applications
More informationI believe. Satya Nadella CEO, Microsoft. History of making big bets
I believe over the next decade computing will become even more ubiquitous and intelligence will become ambient. The coevolution of software and new hardware form factors will intermediate and digitize
More informationTransform your Datacenter
Transform your Datacenter Enterprise Media Solutions in the Cloud Guadalupe Casuso, Microsoft Marian Figueiras, Microsoft Olga Karpman, Microsoft Jose Luis Kryuff, Deltatre Alexis Castañares, Microsoft
More informationOrchestrating the New Paradigm Cloud Assurance
Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems
More informationSecuring the Cloud Infrastructure
EXECUTIVE STRATEGY BRIEF Microsoft recognizes that security and privacy protections are essential to building the necessary customer trust for cloud computing to reach its full potential. This strategy
More informationAWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II
AWS Security CJ Moses Deputy Chief Information Security Officer Security is Job Zero! Overview Security Resources Certifications Physical Security Network security Geo-diversity and Fault Tolerance GovCloud
More informationSecuring Oracle E-Business Suite in the Cloud
Securing Oracle E-Business Suite in the Cloud November 18, 2015 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy Corporation Agenda The
More informationIT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014
IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security
More informationAmazon Web Services: Risk and Compliance July 2015
Amazon Web Services: Risk and Compliance July 2015 (Consult http://aws.amazon.com/compliance/aws-whitepapers/ for the latest version of this paper) Page 1 of 128 This document is intended to provide information
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationEnsuring Enterprise Data Security with Secure Mobile File Sharing.
A c c e l l i o n S e c u r i t y O v e r v i e w Ensuring Enterprise Data Security with Secure Mobile File Sharing. Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite
More informationSOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS
SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS Jeff Cook November 2015 Summary Service Organization Control (SOC) reports (formerly SAS 70 or
More informationSimone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud
Simone Brunozzi, AWS Technology Evangelist, APAC Fortress in the Cloud AWS Cloud Security Model Overview Certifications & Accreditations Sarbanes-Oxley (SOX) compliance ISO 27001 Certification PCI DSS
More informationData safety at UXprobe. White Paper Copyright 2015 UXprobe bvba
Data safety at UXprobe White Paper Copyright 2015 UXprobe bvba Table of contents Executive summary.... 3 1. Google App Engine... 4 2. Security at Google... 4 2.1. Data Access and identity... 4 2.2. Storage...
More informationAmazon Web Services: Risk and Compliance May 2011
Amazon Web Services: Risk and Compliance May 2011 (Please consult http://aws.amazon.com/security for the latest version of this paper) 1 This document intends to provide information to assist AWS customers
More informationSecuring Amazon It s a Jungle Out There
ANALYST BRIEF Securing Amazon It s a Jungle Out There PART 1 CONTROLS AND OPTIONS OFFERED BY AMAZON Author Rob Ayoub Overview Infrastructure as a service (IaaS) is a foundational component of modern cloud
More informationCloud Security Strategies. Fabio Gianotti, Head of Cyber Security and Enterprise Security Systems
Cloud Security Strategies Fabio Gianotti, Head of Cyber Security and Enterprise Security Systems London, 14 October 2015 UNICREDIT AT A GLANCE Employees: more than 146.600 Branches: 8.403 Banking operations
More informationSecuring Government Clouds Preparing for the Rainy Days
Securing Government Clouds Preparing for the Rainy Days Majed Saadi Director, Cloud Computing Practice Agenda 1. The Cloud: Opportunities and Challenges 2. Cloud s Potential for Providing Government Services
More informationPROTECTING YOUR VOICE SYSTEM IN THE CLOUD
PROTECTING YOUR VOICE SYSTEM IN THE CLOUD Every enterprise deserves to know what its vendors are doing to protect the data and systems entrusted to them. Leading IVR vendors in the cloud, like Angel, consider
More informationDean Bank Primary and Nursery School. Secure Storage of Data and Cloud Storage
Dean Bank Primary and Nursery School Secure Storage of Data and Cloud Storage January 2015 All school e-mail is disclosable under Freedom of Information and Data Protection legislation. Be aware that anything
More informationFamly ApS: Overview of Security Processes
Famly ApS: Overview of Security Processes October 2015 Please consult http://famly.co for the latest version of this paper Page 1 of 10 Table of Contents 1. INTRODUCTION TO SECURITY AT FAMLY... 3 2. PHYSICAL
More informationEnrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 --------------
w Microsoft Volume Licensing Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 Enrollment for Education Solutions number Microsoft to complete --------------
More informationCloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs
Cloud Computing In a Post Snowden World Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs Guy Wiggins Director of Practice Management Kelley Drye & Warren
More informationInformation Technology: This Year s Hot Issue - Cloud Computing
Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.
More informationOffice Exchange SharePoint Lync
Office Exchange SharePoint Lync Comprehensive tools to do your best work Enterprise-grade cloud services Office 365 is A HIGHLY CONFIGURABLE, but not a customizable solution. MICROSOFT DATA CENTER
More informationOffice 365 Data Processing Agreement with Model Clauses
Enrollment for Education Solutions Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Enrollment for Education Solutions number Microsoft to complete 7392924 GOLDS03081
More informationCloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC
Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications
More informationProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary
VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION
More informationSecurity and Privacy in Cloud Computing
Security and Privacy in Cloud Computing - Study Report Sai Lakshmi General Manager Enterprise Security Solutions 2 Agenda Background & Objective Current Scenario & Future of Cloud Computing Challenges
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationCybersecurity as a Risk Factor in doing business
Cybersecurity as a Risk Factor in doing business 1 Data is the new raw material of business Economist UK, 2013. In trying to defend everything he defended nothing Frederick the Great, Prussia 1712-86.
More informationCloud security architecture
ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide
More informationCloud and Regulations: A match made in heaven, or the worst blind date ever?
Cloud and Regulations: A match made in heaven, or the worst blind date ever? Vinod S Chavan Director Industry Cloud Solutions, IBM Cloud October 28, 2015 Customers are faced with challenge of balancing
More informationCloud Operations Excellence & Reliability
Cloud Operations Excellence & Reliability Cloud Operations Excellence & Reliability Page 1 Cloud Operations Excellence & Reliability Microsoft has invested over $15 billion in building a highly scalable,
More informationHow To Achieve Pca Compliance With Redhat Enterprise Linux
Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More informationMicrosoft s. Cloud Server Specification Design. Kushagra Vaid General Manager, Cloud Infrastructure Server Engineering Microsoft
Microsoft s Cloud Server Specification Design Kushagra Vaid General Manager, Cloud Infrastructure Server Engineering Microsoft 5.8+ billion worldwide queries each month 250+ million active users 400+ million
More informationCloud Security Case Study Amazon Web Services. Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com
Cloud Security Case Study Amazon Web Services Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com Agenda 1. Amazon Web Services challenge 2. Virtual Instances and Virtual Storage
More informationSecurity Overview Enterprise-Class Secure Mobile File Sharing
Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud
More informationCloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week
Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions
More information{Moving to the cloud}
{Moving to the cloud} plantemoran.com doesn t mean outsourcing your security controls. Cloud computing is a strategic move. Its impact will have a ripple effect throughout an organization. You don t have
More informationSolicitation Addendum
Solicitation Number: 100049 Solicitation Description: Solicitation Opening Date and Time: Addendum Number: 01 Addendum Date: May 23, 2016 Purchasing Agent: NORTH CAROLINA DEPARTMENT OF INFORMATION TECHNOLOGY
More informationANDREW HERTENSTEIN Manager Microsoft Modern Datacenter and Azure Solutions En Pointe Technologies Phone 317-362-1213
ANDREW HERTENSTEIN Manager Microsoft Modern Datacenter and Azure Solutions En Pointe Technologies Phone 317-362-1213 Application Compatibility Many organizations have business critical or internally
More informationVMware vcloud Air Security TECHNICAL WHITE PAPER
TECHNICAL WHITE PAPER The Shared Security Model for vcloud Air The end-to-end security of VMware vcloud Air (the Service ) is shared between VMware and the customer. VMware provides security for the aspects
More informationCloud Security. A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud. Sean Curry Sales Executive, Aquilent
Cloud Security A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud Sean Curry Sales Executive, Aquilent The first in a series of audits DoD did not fully execute elements of the July 2012
More informationExpand Your Infrastructure with the Elastic Cloud. Mark Ryland Chief Solutions Architect Jenn Steele Product Marketing Manager
Expand Your Infrastructure with the Elastic Cloud Mark Ryland Chief Solutions Architect Jenn Steele Product Marketing Manager Today we re going to talk about The Cloud Scenarios Questions You Probably
More informationAWS Worldwide Public Sector
15 Minute Introduction to AWS and Q&A April 2015 Mark Fox Sr. Manager DoD Sales I love/hate relationship with the term cloud Now the IT norm Commercial Cloud should not be scary nor considered less secure
More informationSecurity Considerations
Concord Fax Security Considerations For over 15 years, Concord s enterprise fax solutions have helped many banks, healthcare professionals, pharmaceutical companies, and legal professionals securely deliver
More informationPaul Schuman Sr Director, WW Hosting Service Providers Microsoft
Paul Schuman Sr Director, WW Hosting Service Providers Microsoft Revenue Hosters are largest contributor across all 35% partner types for Microsoft cloud business YoY Growth THE OPPORTUNITY AHEAD CUSTOMERS
More informationMicrosoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10
Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID This Microsoft Online Services Security Amendment ( Amendment ) is between
More informationCompliance and Industry Regulations
Compliance and Industry Regulations Table of Contents Introduction...1 Executive Summary...1 General Federal Regulations and Oversight Agencies...1 Agency or Industry Specific Regulations...2 Hierarchy
More information