How can Cloud help your Security Christophe Van Mollekot Solution Advisor Microsoft
Global datacenter footprint 100+ Datacenters in over 40 countries
Integral to business transformation 71% of strategic buyers cite scalability, cost and business agility as the most important drivers for using cloud services. Gigaom Research
Efficiently Scalability Scale
Test Costs & Dev
Agility
Global attacks are increasing and costs are rising Risk of cyber attacks can cost business up to $3 trillion a year 1 Cybercrime extracts between 15- of the value created by the Internet. 2 20% 91% agree consumers have lost control over how personal information is collected and used by companies 5 More than 800M in individual records were breached in 2013. 4 The number of recorded data breaches increased 78% 2014. 3
How can Cloud help your Security
How can Cloud help your Security No one is able to use your data in a way that you do not approve. Your content is stored and managed in compliance with applicable laws, regulations and standards. You have visibility into how your data is being handled and used.
12 Infrastructure protection 24 hour monitored physical security System monitoring and logging Patch management Anti-Virus/Anti-Malware protection Intrusion detection/ddos Penetration testing
Network protection Network isolation Encrypted connections Virtual Networks ExpressRoute
Identity & access Enterprise cloud identity Windows Azure AD Access monitoring Single sign-on Multi-Factor Authentication Role based access controls
15 Data protection Encrypted data transfer Encryption options for stored data Data segregation Choice of data location Data redundancy Data destruction
Traditional protect & recover security strategy
The mindset shift
Assume Breach FUNDAMENTALLY, IF SOMEBODY WANTS TO GET IN, THEY'RE GETTING IN ACCEPT THAT. WHAT WE TELL CLIENTS IS: NUMBER ONE, YOU'RE IN THE FIGHT, WHETHER YOU THOUGHT YOU WERE OR NOT. NUMBER TWO, YOU ALMOST CERTAINLY ARE PENETRATED. Michael Hayden Former Director of NSA & CIA
19 If you found out tomorrow that your most critical systems had been infiltrated or that your most critical data was being exfiltrated, would you be prepared to deal with the breach?
RED vs. BLUE All your bases BELONG to us
Assume Breach Execution Wargame exercises Monitor emerging threats Red teaming Execute post breach Insider attack simulation Blue teaming 22
Post Breach Execution Establish security baselines Time to detect Time to contain Time to fix Time to recover Framework to inventory damage Identify reactive security investments Update response plans If you measure MTTR in WEEKS/MONTHS/YEARS instead of hours/days, then YOU VE FAILED! 23
How can Cloud help your Security The confidentiality, integrity, and availability of your data is protected. Your content is stored and managed in compliance with applicable laws, regulations and standards. You have visibility into how your data is being handled and used.
We ll keep your data secure Your data is private and under your control We manage your data in accordance with the law You know what we re doing with your data
How can Cloud help your Security The confidentiality, integrity, and availability of your data is protected. No one is able to use your data in a way that you do not approve. You have visibility into how your data is being handled and used.
Microsoft Cloud Compliance Certifications
How can Cloud help your Security The confidentiality, integrity, and availability of your data is protected. No one is able to use your data in a way that you do not approve. Your content is stored and managed in compliance with applicable laws, regulations and standards.
Law Enforcement Requests http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/
Transparency Center Microsoft NDA-To be shared under NDA only
How can Cloud help your Security
One last word
An on-premises solution to identify advanced security attacks before they cause damage Comparison: Microsoft Advanced Threat Analytics brings this concept to IT and users of a particular organization Credit card companies monitor cardholders behavior. If there is any abnormal activity, they will notify the cardholder to verify charge.
An on-premises solution to identify advanced security attacks before they cause damage Behavioral Analytics Detection for known attacks and issues Advanced Threat Detection
Detect threats fast with Behavioral Analytics Adapt as fast as your enemies Focus on what is important fast using the simple attack timeline Reduce the fatigue of false positives
Thank You
Additional Resources Learn more about the Microsoft Enterprise Cloud Visit the Microsoft Trust Centers: Azure, Intune, Office 365, and Dynamics CRM Review the Microsoft Law Enforcement Request Report and US National Security Orders Report Read our blogs: Microsoft Cyber Trust and Microsoft On the Issues Follow us on Twitter: @MSFTSecurity