Datensicherheit bei Microsoft Azure und Office 365
1. 14:47
Donnerstag, 05. März 2015
Datensicherheit bei
Microsoft Azure und Offrice 365
Martina Grom
Rainer Stropek
Harald Leitenmüller
2. Global Foundation Services
Lowest $/MW, Rapid Deployment
Geo-independent design
ISO27001, SSAE16, FISMA
Security & Compliance
Data Centers
Design, Build, Operate
Modular Cloud-Scale Designs
Utility Pricing
Cost Transparency
Global Capacity
Microsite Strategy
300+ Product Teams
Microsoft IT (1900 LOB Apps)
Cloud Hosting – O365/Windows
Azure/CRM
Global Network
Dark Fiber, Routing, Switching,
Load-Balancing
Lower DC to DC costs
MOC
Microsoft Operation Centers
Tools & Automation
SCRY & System Center 2012
3. Large infrastructure scale is the enabler
19 Regions ONLINE…large datacenter capacity around the world…and we’re growing
100+ datacenters
One of the top 3 networks in the world (coverage, speed, connections)
2 x and 6x number of offered regions vs. competition
G Series – Largest VM available in the market – 32 cores, 448GB Ram, SSD…
Operational Announced
Central US
Iowa
West US
California
North Europe
Ireland
East US
Virginia
East US 2
Virginia
US Gov
Virginia
North CentralUS
Illinois
US Gov
Iowa
South Central US
Texas
Brazil South
Sao Paulo
West Europe
Netherlands
China North *
Beijing
China South *
Shanghai
Japan East
Saitama
Japan
West
Osaka
India West
TBD
India East
TBD
East Asia
HongKong
SE Asia
Singapore
Australia West
Melbourne
Australia East
Sydney
* Operated by 21Vianet
4. Datacenter evolution
Server
Capacity
20yearTechnology
30m$/MW
2.0+ PUE
Colocation
Generation 1
Density
Rack
Density&Deployment
MinimizedResourceImpact
1.4 – 1.6 PUE
Generation 2
201220091989-2005 2007
Containment
1.2 – 1.5 PUE
Containers,PODs
Scalability&Sustainability
Air&Water
Economization
DifferentiatedSLAs
Generation 3
Modular
1.12 – 1.20 PUE
ITPACs&Colocations
ReducedCarbon
FasterTime-to-Market
OutsideAirCooled
3-5m$/MW
Generation 4
Hyper Scale
1.07 – 1.19 PUE
IntegratedSystem
ResilientSoftware
CommonInfrastructure
OperationalSimplicity
Flexible&Scalable
Generation 5
Future
5. Boydton, VA Data Center
Colocation Rooms
Contained Server Racks and Hot Aisles
Adiabatic – Air Cooled
Outdoor ITPAC’s
Adiabatic Air Cooled
Air-Cooled Colocation design
connected by a Spine
6. Global Foundation Services
Microsoft’s cloud environment
Platform as a Service
(PaaS)
Infrastructure as a
Service (IaaS)
Consumer and
small business
services
Enterprise
services
Third-party
hosted services
Software as a Service (SaaS)
Microsoft IT
Security Global delivery SustainabilityInfrastructure
7. Security Controls in the Cloud
Secure Data
Centres
Secure
Services
Security
Practices
Office 365 Azure
Tenant Isolation Access Controls
Physical Security Secure Network
Geo-redundancy
Breach detection
and mitigation
Update
Management
Denial-of-service
mitigations
Single Global
ISMS
Compliance
Management
Risk
Management
Independent
Verification
Customer
Controls
Multi-Factor
Authentication Access Controls
Identity Federation Antimalware
Data Loss
Prevention
Encryption Monitoring
3rd Party
Additions
9. Wir:
Kleines Team
Expertise rund um Public Cloud Lösungen
Development und Deployment
Consulting und Strategie
Kunde:
Fokus auf Kernkompetenz
Kostenorientiert
Lösungsorientiert
Zukunftsorientiert
Photo: George Thomas, https://flic.kr/p/bz2dNP, Creative Commons License
15. Photo: Dennis Skley, https://flic.kr/p/oq2MwM, Creative Commons License
Vertrauen in Software als
16. Wir:
Kleines Team
Domänenwissen und Entwicklungsexpertise
Photo: Domenico, https://flic.kr/p/7EpxL3, Creative Commons License
Kunde:
Lösung, die funktioniert
Fokus auf Kernkompetenz
Ohne ins Detail gehen zu wollen und hier nicht den zeitlichen Rahmen sprengen zu wollen,
ein Beispiel welche Bereiche hier zur Bewertung herangezogen werden.
(Bausteine aus dem Service heraus)
Verwendung schafft Vertrauen
Szenario
Kunde entwickelt Sicherheitsstrategie
Multi Factor
Hybrid
Datenklassifizierung
IRM
Verschlüsselung
Vertrauen in Cloud aus der Sicht von Software-as-a-Service
Unterscheiden in Kunden- und Anbietersicht