SlideShare ist ein Scribd-Unternehmen logo

Security in the Cloud

David Chou
David Chou

20170206

Technologie
1 von 26
Discover Security in the Cloud
Agenda Trusted Cloud (What Microsoft Does for You) Azure Security and Identity Capabilities (What You Can Do to Secure a Cloud Solution) Security Guidance (How You Can Secure a Cloud Solution) Questions What’s Next…
Trusted Cloud What Microsoft Does for You
We build security into Microsoft products and services from the start. That’s how we deliver a comprehensive, agile platform to better protect your endpoints, move faster to detect threats, and respond to security breaches across even the largest of organizations. Prevent identity compromise Expand device controls Secure apps and data Safeguard infrastructure Detect threats using the scale and intelligence of the cloud, machine learning and behavioral monitoring. Respond more quickly and comprehensively, and empower our customers with insights that are actionable and holistic. Protect all endpoints – from sensors and datacenters to identities and SaaS applications.
TRANSPARENCY SECURITY COMPLIANCE PRIVACY & CONTROL RELIABILITY We’ll help you keep your data secure You know what we are doing with your data We manage your data in accordance with the law Your data is private and under your control We provide enterprise grade uptime for cloud services Microsoft is committed – to providing a cloud you can trust. We take very seriously our commitment to protect customers in a cloud-first world. We follow a set of standards and best practices to ensure that our cloud services are reliable and perform as you need them to. And we actively partner with a wide range of industry and government entities to establish confidence and trust in the wider cloud ecosystem. Platform PartnersIntelligence
• Microsoft does not provide any government with direct, unfettered access to customers’ data • Microsoft does not provide any government with encryption keys or assist their efforts to break our encryption • Microsoft does not engineer back doors into our products • Microsoft has never provided business or government data in response to a national security order • Microsoft will contest any attempt by the US government to disclose customer content stored exclusively overseas
The scope of Microsoft’s threat intelligence spans trillions of signals from billions of data points. 300 billion Authentications processed monthly 600,000 Known spam email addresses tracked 250 million Windows Defender users worldwide 600 million Computers reporting monthly 200 billion Messages scanned monthly 8.5+ billion Bing web-page scans per month 1 billion Enterprise and consumer customers 200+ Cloud services
• Security Embedded in Planning, Design, Development, & Deployment • Cyber Defense Operations Center (CDOC) • Prevent & Assume Breach Strategy • Incident Response • Access Policy & Controls • Threat Detection • Forensics • Penetration Testing • Datacenter Security • Secure Multi-tenancy • Network Protection • DDoS Defense • Data Segregation • Data Protection Infrastructure security controls Operational security controls • Strategy • Certifications Compliance
Microsoft is committed to the highest levels of trust, transparency, standards conformance, and regulatory compliance. Our broad suite of cloud products and services are all built from the ground up to address the most rigorous security and privacy demands of our customers. https://www.microsoft.com/en-us/TrustCenter/Compliance
"Data [in the Microsoft Cloud] is housed in a bunker that's got the highest possible standards of security and encrypted transit of data." Murray Gardiner, Business Director, Temenos "We chose Microsoft because it has a strong commitment to the criminal justice and public security market." Frank Barret, Director of Cloud Services, MorphoTrak "UL trusts Microsoft to help create a future that is safe and to help us innovate at the speed of our customers." Bob Jamieson, Information Security Director, UL
Azure Security and Identity Capabilities What You Can Do to Secure a Cloud Solution
• Security Center • Key Vault • Anti-Malware • Log Analytics • Operations Management Suite • Disk Encryption • Storage Service Encryption • File Shares with SMB 3.0 Encryption • Storage Analytics • StorSimple Identity and Access Management DatabaseGeneral • Active Directory (AD) • AD B2C • AD B2B Collaboration • AD Domain Services • AD Conditional Access • AD Identity Protection • AD Privileged Identity • Role Based Access Control (RBAC) • Multi-Factor Authentication Storage • Authentication • Firewall • Cell Level Encryption • Column Level Encryption • Always Encryption • Transparent Data Encryption • Database Auditing Networking • Firewall • Virtual Networks • Network Security Groups • VPN • Application Gateway • ExpressRoute • Application Proxy Delivering experiences securely requires a partnership between our platform services and how you enact security policies and controls. Microsoft Azure has the tools empowering you to deliver secure experiences and services to your customers.
A comprehensive identity and access management solution for the cloud that provides a robust set of capabilities to manage users and groups and help secure access to applications including Microsoft online services like Office 365 and a world of non-Microsoft SaaS applications. It combines core directory services, advanced identity governance and application access management.  Single sign-on to any cloud app  Works with multiple platforms and devices  Integrates with on-premises Active Directory  Enterprise scale and SLA  Enforce multi-factor authentication  Centrally manage users and access to Azure, O365, and thousands of pre-integrated SaaS solutions
A highly available, global, identity management service for consumer-facing applications that scales to hundreds of millions of identities. Your consumers can log on to all your applications through fully customizable experiences by using their existing social accounts or by creating new credentials.  Improve connection with your consumers  Pay only for what you use  Scale to hundreds of millions of consumers  Help protect your consumers’ identities  Let consumers use their social media accounts  Customizable workflows for consumer interactions
Provides a consolidated view into risk events and potential vulnerabilities affecting your organization’s identities. Based on risk events, Identity Protection calculates a user risk level for each user, enabling you to configure risk-based policies to automatically protect the identities of your organization. Brute force attacks Leaked credentials Infected devices Suspicious sign-in activities  Improve connection with your consumers  Pay only for what you use  Scale to hundreds of millions of consumers  Help protect your consumers’ identities  Let consumers use their social media accounts  Customizable workflows for consumer interactions
Discover, restrict and monitor privileged identities and their access to resources but also enforce on-demand, just in time administrative access when needed. .  See which users are Azure AD administrators  Enable on-demand, "just in time" administrative access to Microsoft Online Services like Office 365 and Intune  Get reports about administrator access history and changes in administrator assignments  Get alerts about access to a privileged role
Azure Multi-Factor Authentication (MFA) helps safeguard access to data and applications while meeting user demand for a simple sign-in process. It delivers strong authentication via a range of verification methods, including phone call, text message, or mobile app verification.  Protect sensitive data and applications both on-premises and in the cloud with Multi Factor Authentication  Can use Active Directory (on-premises) with Azure Active Directory (in cloud) to enable single sign-on, a single directory, and centralized identity management  Multi Factor Authentication can be implemented with Phone Factor or with AD on-premises Active Directory Microsoft Azure Active Directory
Safeguard cryptographic keys and other secrets used by cloud apps and services. With Azure Key Vault, you can encrypt keys and small secrets like passwords using keys stored in hardware security modules (HSMs). Microsoft Azure IaaS SaaSPaaS Import keys HSM KeyVault  Increase security and control over keys and passwords  Create and import encryption keys in minutes  Applications have no direct access to keys  Use FIPS 140-2 Level 2 validated HSMs  Reduce latency with cloud scale and global redundancy  Simplify and automate tasks for SSL/TLS certificates
Azure Security Center helps you prevent, detect and respond to threats with increased visibility and control over the security of all your Azure resources. It provides a central view of security across your subscriptions, and enables you to set policies and monitor security configurations. Visibility & Control Deploy & Detect Set Policy & Monitor Understand Current State Deploy Integrated Solutions Respond & recover faster Find threats that might go unnoticed Continue learning  Threat detection using advanced analytics  Asset discovery and ongoing security assessment (OS configurations, system updates, SQL Db configurations, virtual network configurations)  Actionable security recommendations with easy remediation  Security policy for IT governance  Integrated management and monitoring of partner security solutions
Virtual machines • Kaspersky • Trend Micro Active Directory integrations • Symantec • McAfee Antimalware • aiScaler • Barracuda • Check Point • Riverbed • Cohesive Networks • F5 • Cisco • CloudFlare • Imperva • Fortinet • Stormshield • Palo Alto Networks • Brocade Networking security • CloudLink • Townsend Security Encryption • Alert Logic • Derdack • Nagios • Imperva • Dome9 • Trend Micro Monitoring and alerts • Kaspersky • Barracuda • Trend Micro • GreatHorn Messaging Security • Waratek • DataSunrise • Tinfoil Security • CipherPoint • Hewlett Packard Enterprise Application Security • Login People • Auth0 Authentication In addition to the robust security capabilities built into Azure, the Azure Marketplace offers a rich array of additional security products built by our partners for Azure.
Security Guidance How You Can Secure a Cloud Solution
Different types of workloads have varying security requirements. Your responsibility for security is based on the type of cloud service. Compute Security • Encrypt virtual disk & disk storage • OS hardening • Install antimalware • Software updates management Network Security • Implement network isolation • Deploy DMZ for network zoning • Control routing behavior • Control and limit endpoint access Identity Management • Centralize identity management • Use multi-factor authentication • Use a key management solution Data and Storage Security • Protect data in transit • Encrypt data at rest System Resiliency • Implement best practices for high availability • Implement disaster recovery plans • Establish backup strategies Operational Security • Secure administrative access • Use role-based access control • Implement credential lifecycle management policies • Centralize monitoring and systems management
NSG NSG NSG We start with a typical web application deployed using Azure Virtual Machines – with a web/application server, a database server, and files stored in Azure Storage. Load Balancer Blob Storage Azure Portal Key VaultMulti-Factor Authentication Active Directory Security Center Operations Management Suite Application Insights Content Delivery Network Application Gateway Traffic Manager VPN Gateway ExpressRoute DNS 2. Add Virtual Machine as firewall appliance 3. Add Virtual networks, network security groups (NSG) 4. Add VM instances in Availability Sets 5. Store keys and secrets in Key Vault 6. Manage identities with Active Directory 7. Add Multi-Factor Authentication 8. Instrument application with Application Insights 9. Integrate application, diagnostics, and system logs with OMS 10. Use Security Center for centralized security management And other capabilities can also be used to further enhance the architecture Virtual Machine (web/app server) Virtual Machine (database server) Virtual Machine (firewall appliance) VMs in avail. set (firewall appliance) VMs in avail. set (web/app server) VMs in avail. set (database server) 1. Implement data encryption (in transit and at rest) • Virtual Machine Disk Encryption • SQL Server Transparent Data Encryption (TDE) • Blob Storage Service Encryption (SSE)
 Learn more about our approach to security at www.microsoft.com/security  Discover more about our principled approach at www.microsoft.com/trustcenter  Explore our certifications at www.microsoft.com/TrustCenter/Compliance  Take an in-depth view of our global datacenters at www.microsoft.com/datacenters  Read about best practices from our Cyber Defense Operations Center at blogs.microsoft.com/microsoftsecure/2017/01/17/microsofts-cyber-defense-operations-center-shares-best-practices/  Read more about Azure as the Trusted Cloud at azure.microsoft.com/trustcenter  Learn about Azure security capabilities and best practices at docs.microsoft.com/en-us/azure/security/
Q&A
Thank you!

Empfohlen

Cloud Native Apps
Cloud Native AppsCloud Native Apps
Cloud Native Apps
David Chou
 
Windows Phone app development overview
Windows Phone app development overviewWindows Phone app development overview
Windows Phone app development overview
David Chou
 
Microsoft AI Platform Overview
Microsoft AI Platform OverviewMicrosoft AI Platform Overview
Microsoft AI Platform Overview
David Chou
 
Designing Artificial Intelligence
Designing Artificial IntelligenceDesigning Artificial Intelligence
Designing Artificial Intelligence
David Chou
 
Immersive Computing
Immersive ComputingImmersive Computing
Immersive Computing
David Chou
 
Java on Windows Azure
Java on Windows AzureJava on Windows Azure
Java on Windows Azure
David Chou
 
Microsoft Azure
Microsoft AzureMicrosoft Azure
Microsoft Azure
David Chou
 
Designing Microservices
Designing MicroservicesDesigning Microservices
Designing Microservices
David Chou
 

Empfohlen

Cloud Native Apps
Cloud Native AppsCloud Native Apps
Cloud Native Apps
David Chou
 
Windows Phone app development overview
Windows Phone app development overviewWindows Phone app development overview
Windows Phone app development overview
David Chou
 
Microsoft AI Platform Overview
Microsoft AI Platform OverviewMicrosoft AI Platform Overview
Microsoft AI Platform Overview
David Chou
 
Designing Artificial Intelligence
Designing Artificial IntelligenceDesigning Artificial Intelligence
Designing Artificial Intelligence
David Chou
 
Immersive Computing
Immersive ComputingImmersive Computing
Immersive Computing
David Chou
 
Java on Windows Azure
Java on Windows AzureJava on Windows Azure
Java on Windows Azure
David Chou
 
Microsoft Azure
Microsoft AzureMicrosoft Azure
Microsoft Azure
David Chou
 
Designing Microservices
Designing MicroservicesDesigning Microservices
Designing Microservices
David Chou
 
Combining Private and Public Clouds into Meaningful Hybrids
Combining Private and Public Clouds into Meaningful HybridsCombining Private and Public Clouds into Meaningful Hybrids
Combining Private and Public Clouds into Meaningful Hybrids
David Chou
 
CloudConnect 2011 - Building Highly Scalable Java Applications on Windows Azure
CloudConnect 2011 - Building Highly Scalable Java Applications on Windows AzureCloudConnect 2011 - Building Highly Scalable Java Applications on Windows Azure
CloudConnect 2011 - Building Highly Scalable Java Applications on Windows Azure
David Chou
 
Java on Windows Azure
Java on Windows AzureJava on Windows Azure
Java on Windows Azure
David Chou
 
Windows Azure AppFabric
Windows Azure AppFabricWindows Azure AppFabric
Windows Azure AppFabric
David Chou
 
Java on Windows Azure (Cloud Computing Expo 2010)
Java on Windows Azure (Cloud Computing Expo 2010)Java on Windows Azure (Cloud Computing Expo 2010)
Java on Windows Azure (Cloud Computing Expo 2010)
David Chou
 
Scale as a Competitive Advantage
Scale as a Competitive AdvantageScale as a Competitive Advantage
Scale as a Competitive Advantage
David Chou
 
Architecting Cloudy Applications
Architecting Cloudy ApplicationsArchitecting Cloudy Applications
Architecting Cloudy Applications
David Chou
 
Building Highly Scalable Java Applications on Windows Azure - JavaOne S313978
Building Highly Scalable Java Applications on Windows Azure - JavaOne S313978Building Highly Scalable Java Applications on Windows Azure - JavaOne S313978
Building Highly Scalable Java Applications on Windows Azure - JavaOne S313978
David Chou
 
Kelley Blue Book and Cloud Computing
Kelley Blue Book and Cloud ComputingKelley Blue Book and Cloud Computing
Kelley Blue Book and Cloud Computing
David Chou
 
Windows Phone 7
Windows Phone 7Windows Phone 7
Windows Phone 7
David Chou
 
Silverlight 4 Briefing
Silverlight 4 BriefingSilverlight 4 Briefing
Silverlight 4 Briefing
David Chou
 
Architecting Solutions Leveraging The Cloud
Architecting Solutions Leveraging The CloudArchitecting Solutions Leveraging The Cloud
Architecting Solutions Leveraging The Cloud
David Chou
 
SOA And Cloud Computing
SOA And Cloud ComputingSOA And Cloud Computing
SOA And Cloud Computing
David Chou
 
Microsoft Cloud Computing - Windows Azure Platform
Microsoft Cloud Computing - Windows Azure PlatformMicrosoft Cloud Computing - Windows Azure Platform
Microsoft Cloud Computing - Windows Azure Platform
David Chou
 
Microsoft Database Options
Microsoft Database OptionsMicrosoft Database Options
Microsoft Database Options
David Chou
 
Microsoft Data Access Technologies
Microsoft Data Access TechnologiesMicrosoft Data Access Technologies
Microsoft Data Access Technologies
David Chou
 
Microsoft Cloud Computing
Microsoft Cloud ComputingMicrosoft Cloud Computing
Microsoft Cloud Computing
David Chou
 
Windows Azure Platform in 3 Minutes
Windows Azure Platform in 3 MinutesWindows Azure Platform in 3 Minutes
Windows Azure Platform in 3 Minutes
David Chou
 
Architecting For The Windows Azure Platform
Architecting For The Windows Azure PlatformArchitecting For The Windows Azure Platform
Architecting For The Windows Azure Platform
David Chou
 
Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure Platform
David Chou
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 

Weitere ähnliche Inhalte

Mehr von David Chou

Mehr von David Chou (20)

Combining Private and Public Clouds into Meaningful Hybrids
Combining Private and Public Clouds into Meaningful HybridsCombining Private and Public Clouds into Meaningful Hybrids
Combining Private and Public Clouds into Meaningful Hybrids
 
CloudConnect 2011 - Building Highly Scalable Java Applications on Windows Azure
CloudConnect 2011 - Building Highly Scalable Java Applications on Windows AzureCloudConnect 2011 - Building Highly Scalable Java Applications on Windows Azure
CloudConnect 2011 - Building Highly Scalable Java Applications on Windows Azure
 
Java on Windows Azure
Java on Windows AzureJava on Windows Azure
Java on Windows Azure
 
Windows Azure AppFabric
Windows Azure AppFabricWindows Azure AppFabric
Windows Azure AppFabric
 
Java on Windows Azure (Cloud Computing Expo 2010)
Java on Windows Azure (Cloud Computing Expo 2010)Java on Windows Azure (Cloud Computing Expo 2010)
Java on Windows Azure (Cloud Computing Expo 2010)
 
Scale as a Competitive Advantage
Scale as a Competitive AdvantageScale as a Competitive Advantage
Scale as a Competitive Advantage
 
Architecting Cloudy Applications
Architecting Cloudy ApplicationsArchitecting Cloudy Applications
Architecting Cloudy Applications
 
Building Highly Scalable Java Applications on Windows Azure - JavaOne S313978
Building Highly Scalable Java Applications on Windows Azure - JavaOne S313978Building Highly Scalable Java Applications on Windows Azure - JavaOne S313978
Building Highly Scalable Java Applications on Windows Azure - JavaOne S313978
 
Kelley Blue Book and Cloud Computing
Kelley Blue Book and Cloud ComputingKelley Blue Book and Cloud Computing
Kelley Blue Book and Cloud Computing
 
Windows Phone 7
Windows Phone 7Windows Phone 7
Windows Phone 7
 
Silverlight 4 Briefing
Silverlight 4 BriefingSilverlight 4 Briefing
Silverlight 4 Briefing
 
Architecting Solutions Leveraging The Cloud
Architecting Solutions Leveraging The CloudArchitecting Solutions Leveraging The Cloud
Architecting Solutions Leveraging The Cloud
 
SOA And Cloud Computing
SOA And Cloud ComputingSOA And Cloud Computing
SOA And Cloud Computing
 
Microsoft Cloud Computing - Windows Azure Platform
Microsoft Cloud Computing - Windows Azure PlatformMicrosoft Cloud Computing - Windows Azure Platform
Microsoft Cloud Computing - Windows Azure Platform
 
Microsoft Database Options
Microsoft Database OptionsMicrosoft Database Options
Microsoft Database Options
 
Microsoft Data Access Technologies
Microsoft Data Access TechnologiesMicrosoft Data Access Technologies
Microsoft Data Access Technologies
 
Microsoft Cloud Computing
Microsoft Cloud ComputingMicrosoft Cloud Computing
Microsoft Cloud Computing
 
Windows Azure Platform in 3 Minutes
Windows Azure Platform in 3 MinutesWindows Azure Platform in 3 Minutes
Windows Azure Platform in 3 Minutes
 
Architecting For The Windows Azure Platform
Architecting For The Windows Azure PlatformArchitecting For The Windows Azure Platform
Architecting For The Windows Azure Platform
 
Windows Azure Platform
Windows Azure PlatformWindows Azure Platform
Windows Azure Platform
 

Kürzlich hochgeladen

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Kürzlich hochgeladen (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Security in the Cloud

  • 2. Agenda Trusted Cloud (What Microsoft Does for You) Azure Security and Identity Capabilities (What You Can Do to Secure a Cloud Solution) Security Guidance (How You Can Secure a Cloud Solution) Questions What’s Next…
  • 4. We build security into Microsoft products and services from the start. That’s how we deliver a comprehensive, agile platform to better protect your endpoints, move faster to detect threats, and respond to security breaches across even the largest of organizations. Prevent identity compromise Expand device controls Secure apps and data Safeguard infrastructure Detect threats using the scale and intelligence of the cloud, machine learning and behavioral monitoring. Respond more quickly and comprehensively, and empower our customers with insights that are actionable and holistic. Protect all endpoints – from sensors and datacenters to identities and SaaS applications.
  • 5. TRANSPARENCY SECURITY COMPLIANCE PRIVACY & CONTROL RELIABILITY We’ll help you keep your data secure You know what we are doing with your data We manage your data in accordance with the law Your data is private and under your control We provide enterprise grade uptime for cloud services Microsoft is committed – to providing a cloud you can trust. We take very seriously our commitment to protect customers in a cloud-first world. We follow a set of standards and best practices to ensure that our cloud services are reliable and perform as you need them to. And we actively partner with a wide range of industry and government entities to establish confidence and trust in the wider cloud ecosystem. Platform PartnersIntelligence
  • 6. • Microsoft does not provide any government with direct, unfettered access to customers’ data • Microsoft does not provide any government with encryption keys or assist their efforts to break our encryption • Microsoft does not engineer back doors into our products • Microsoft has never provided business or government data in response to a national security order • Microsoft will contest any attempt by the US government to disclose customer content stored exclusively overseas
  • 7. The scope of Microsoft’s threat intelligence spans trillions of signals from billions of data points. 300 billion Authentications processed monthly 600,000 Known spam email addresses tracked 250 million Windows Defender users worldwide 600 million Computers reporting monthly 200 billion Messages scanned monthly 8.5+ billion Bing web-page scans per month 1 billion Enterprise and consumer customers 200+ Cloud services
  • 8. • Security Embedded in Planning, Design, Development, & Deployment • Cyber Defense Operations Center (CDOC) • Prevent & Assume Breach Strategy • Incident Response • Access Policy & Controls • Threat Detection • Forensics • Penetration Testing • Datacenter Security • Secure Multi-tenancy • Network Protection • DDoS Defense • Data Segregation • Data Protection Infrastructure security controls Operational security controls • Strategy • Certifications Compliance
  • 9. Microsoft is committed to the highest levels of trust, transparency, standards conformance, and regulatory compliance. Our broad suite of cloud products and services are all built from the ground up to address the most rigorous security and privacy demands of our customers. https://www.microsoft.com/en-us/TrustCenter/Compliance
  • 10. "Data [in the Microsoft Cloud] is housed in a bunker that's got the highest possible standards of security and encrypted transit of data." Murray Gardiner, Business Director, Temenos "We chose Microsoft because it has a strong commitment to the criminal justice and public security market." Frank Barret, Director of Cloud Services, MorphoTrak "UL trusts Microsoft to help create a future that is safe and to help us innovate at the speed of our customers." Bob Jamieson, Information Security Director, UL
  • 11. Azure Security and Identity Capabilities What You Can Do to Secure a Cloud Solution
  • 12. • Security Center • Key Vault • Anti-Malware • Log Analytics • Operations Management Suite • Disk Encryption • Storage Service Encryption • File Shares with SMB 3.0 Encryption • Storage Analytics • StorSimple Identity and Access Management DatabaseGeneral • Active Directory (AD) • AD B2C • AD B2B Collaboration • AD Domain Services • AD Conditional Access • AD Identity Protection • AD Privileged Identity • Role Based Access Control (RBAC) • Multi-Factor Authentication Storage • Authentication • Firewall • Cell Level Encryption • Column Level Encryption • Always Encryption • Transparent Data Encryption • Database Auditing Networking • Firewall • Virtual Networks • Network Security Groups • VPN • Application Gateway • ExpressRoute • Application Proxy Delivering experiences securely requires a partnership between our platform services and how you enact security policies and controls. Microsoft Azure has the tools empowering you to deliver secure experiences and services to your customers.
  • 13. A comprehensive identity and access management solution for the cloud that provides a robust set of capabilities to manage users and groups and help secure access to applications including Microsoft online services like Office 365 and a world of non-Microsoft SaaS applications. It combines core directory services, advanced identity governance and application access management.  Single sign-on to any cloud app  Works with multiple platforms and devices  Integrates with on-premises Active Directory  Enterprise scale and SLA  Enforce multi-factor authentication  Centrally manage users and access to Azure, O365, and thousands of pre-integrated SaaS solutions
  • 14. A highly available, global, identity management service for consumer-facing applications that scales to hundreds of millions of identities. Your consumers can log on to all your applications through fully customizable experiences by using their existing social accounts or by creating new credentials.  Improve connection with your consumers  Pay only for what you use  Scale to hundreds of millions of consumers  Help protect your consumers’ identities  Let consumers use their social media accounts  Customizable workflows for consumer interactions
  • 15. Provides a consolidated view into risk events and potential vulnerabilities affecting your organization’s identities. Based on risk events, Identity Protection calculates a user risk level for each user, enabling you to configure risk-based policies to automatically protect the identities of your organization. Brute force attacks Leaked credentials Infected devices Suspicious sign-in activities  Improve connection with your consumers  Pay only for what you use  Scale to hundreds of millions of consumers  Help protect your consumers’ identities  Let consumers use their social media accounts  Customizable workflows for consumer interactions
  • 16. Discover, restrict and monitor privileged identities and their access to resources but also enforce on-demand, just in time administrative access when needed. .  See which users are Azure AD administrators  Enable on-demand, "just in time" administrative access to Microsoft Online Services like Office 365 and Intune  Get reports about administrator access history and changes in administrator assignments  Get alerts about access to a privileged role
  • 17. Azure Multi-Factor Authentication (MFA) helps safeguard access to data and applications while meeting user demand for a simple sign-in process. It delivers strong authentication via a range of verification methods, including phone call, text message, or mobile app verification.  Protect sensitive data and applications both on-premises and in the cloud with Multi Factor Authentication  Can use Active Directory (on-premises) with Azure Active Directory (in cloud) to enable single sign-on, a single directory, and centralized identity management  Multi Factor Authentication can be implemented with Phone Factor or with AD on-premises Active Directory Microsoft Azure Active Directory
  • 18. Safeguard cryptographic keys and other secrets used by cloud apps and services. With Azure Key Vault, you can encrypt keys and small secrets like passwords using keys stored in hardware security modules (HSMs). Microsoft Azure IaaS SaaSPaaS Import keys HSM KeyVault  Increase security and control over keys and passwords  Create and import encryption keys in minutes  Applications have no direct access to keys  Use FIPS 140-2 Level 2 validated HSMs  Reduce latency with cloud scale and global redundancy  Simplify and automate tasks for SSL/TLS certificates
  • 19. Azure Security Center helps you prevent, detect and respond to threats with increased visibility and control over the security of all your Azure resources. It provides a central view of security across your subscriptions, and enables you to set policies and monitor security configurations. Visibility & Control Deploy & Detect Set Policy & Monitor Understand Current State Deploy Integrated Solutions Respond & recover faster Find threats that might go unnoticed Continue learning  Threat detection using advanced analytics  Asset discovery and ongoing security assessment (OS configurations, system updates, SQL Db configurations, virtual network configurations)  Actionable security recommendations with easy remediation  Security policy for IT governance  Integrated management and monitoring of partner security solutions
  • 20. Virtual machines • Kaspersky • Trend Micro Active Directory integrations • Symantec • McAfee Antimalware • aiScaler • Barracuda • Check Point • Riverbed • Cohesive Networks • F5 • Cisco • CloudFlare • Imperva • Fortinet • Stormshield • Palo Alto Networks • Brocade Networking security • CloudLink • Townsend Security Encryption • Alert Logic • Derdack • Nagios • Imperva • Dome9 • Trend Micro Monitoring and alerts • Kaspersky • Barracuda • Trend Micro • GreatHorn Messaging Security • Waratek • DataSunrise • Tinfoil Security • CipherPoint • Hewlett Packard Enterprise Application Security • Login People • Auth0 Authentication In addition to the robust security capabilities built into Azure, the Azure Marketplace offers a rich array of additional security products built by our partners for Azure.
  • 21. Security Guidance How You Can Secure a Cloud Solution
  • 22. Different types of workloads have varying security requirements. Your responsibility for security is based on the type of cloud service. Compute Security • Encrypt virtual disk & disk storage • OS hardening • Install antimalware • Software updates management Network Security • Implement network isolation • Deploy DMZ for network zoning • Control routing behavior • Control and limit endpoint access Identity Management • Centralize identity management • Use multi-factor authentication • Use a key management solution Data and Storage Security • Protect data in transit • Encrypt data at rest System Resiliency • Implement best practices for high availability • Implement disaster recovery plans • Establish backup strategies Operational Security • Secure administrative access • Use role-based access control • Implement credential lifecycle management policies • Centralize monitoring and systems management
  • 23. NSG NSG NSG We start with a typical web application deployed using Azure Virtual Machines – with a web/application server, a database server, and files stored in Azure Storage. Load Balancer Blob Storage Azure Portal Key VaultMulti-Factor Authentication Active Directory Security Center Operations Management Suite Application Insights Content Delivery Network Application Gateway Traffic Manager VPN Gateway ExpressRoute DNS 2. Add Virtual Machine as firewall appliance 3. Add Virtual networks, network security groups (NSG) 4. Add VM instances in Availability Sets 5. Store keys and secrets in Key Vault 6. Manage identities with Active Directory 7. Add Multi-Factor Authentication 8. Instrument application with Application Insights 9. Integrate application, diagnostics, and system logs with OMS 10. Use Security Center for centralized security management And other capabilities can also be used to further enhance the architecture Virtual Machine (web/app server) Virtual Machine (database server) Virtual Machine (firewall appliance) VMs in avail. set (firewall appliance) VMs in avail. set (web/app server) VMs in avail. set (database server) 1. Implement data encryption (in transit and at rest) • Virtual Machine Disk Encryption • SQL Server Transparent Data Encryption (TDE) • Blob Storage Service Encryption (SSE)
  • 24.  Learn more about our approach to security at www.microsoft.com/security  Discover more about our principled approach at www.microsoft.com/trustcenter  Explore our certifications at www.microsoft.com/TrustCenter/Compliance  Take an in-depth view of our global datacenters at www.microsoft.com/datacenters  Read about best practices from our Cyber Defense Operations Center at blogs.microsoft.com/microsoftsecure/2017/01/17/microsofts-cyber-defense-operations-center-shares-best-practices/  Read more about Azure as the Trusted Cloud at azure.microsoft.com/trustcenter  Learn about Azure security capabilities and best practices at docs.microsoft.com/en-us/azure/security/
  • 25. Q&A

Hinweis der Redaktion

  1. Innovations in Windows 10, Office 365, Microsoft Azure, and Microsoft Enterprise Mobility Suite (EMS) work in tandem with each other, and with partner solutions from across the security ecosystem to deliver a holistic, agile, security platform. Combined with insights from the intelligent security graph, these security features are designed to help prevent the accidental or intentional loss of corporate data, prevent password related attacks, and prevent and respond to the installation of malware on a machine or in your environment. $1 billion is invested annually by Microsoft to advance our efforts on security, data protection and risk management 3,500+ security-focused professionals are employed by Microsoft. The Center brings together over 50 cybersecurity experts and data scientists in a centralized hub that is tightly connected to these globally-distributed security professionals.t
  2. We take seriously our commitment to safeguard our customers’ data, to protect their right to make decisions about that data, and to be transparent about what happens to that data. We are guided by a set of “Trusted Cloud Principles,” that articulate our vision of what enterprise organizations are entitled to expect from their cloud provider: Security: The confidentiality, integrity, and availability of your data is secured. Microsoft cloud services are designed, developed, and operated to help ensure that your data is secure. Privacy & Control: No one is able to use your data in a way that you do not approve. Microsoft prioritizes your data privacy; our commercial cloud customers own their data and we don’t use it to deliver targeted advertising Compliance: You can meet your regulatory obligations. This means we support you with certified compliance credentials, backed by third-party audits. Transparency: You understand how your data is being handled and used. This means we provide an appropriate level of transparency into security, privacy and compliance practices and actions to help protect your information. Reliability means more to Microsoft than just making dependable software and services. It also means investing in processes and technology to improve reliability, focusing on every customer’s experience, and maintaining active partnerships with a wide variety of software and hardware companies.   Here’s what we’re doing about it: Our datacenters and services are resilient by design: Our datacenters and services are designed to run 24x7x365, are architected for fast identification and testing of probable failures and have mechanisms that allow rapid recovery from such failures, based on industry standards and practices. We provide you with service health information, including planned maintenance. Microsoft provides a range of dashboards, feeds and notification mechanisms to help customers to get access to information in the event of a planned or unplanned service impacting event. We adhere to industry standard best practices and certifications to help ensure reliability. Microsoft leverages industry standard practices and processes to maintain the health of the services we provide, including as a component of compliance requirements. These include service level agreements that are financially backed. We offer our customers many tools to help build resiliency into applications hosted on Azure: High Availability: https://azure.microsoft.com/en-us/documentation/articles/resiliency-disaster-recovery-high-availability-azure-applications/ Disaster recovery: https://azure.microsoft.com/en-us/solutions/disaster-recovery Backup / archiving: https://azure.microsoft.com/en-us/solutions/backup-archive/ Monitoring and Management: https://www.microsoft.com/en-us/cloud-platform/operations-management-suite
  3. Strong security protects customer content from unauthorized access by using state-of-the-art industry technology, best practices and certifications. Secure cloud solutions are the result of comprehensive planning, intelligent design, and efficient operations. Microsoft makes security a priority at every step, from code development to incident response.
  4. At the end of the day, all of that is for this – empowering you to deliver secure experiences and services to your customers. Delivering experiences securely requires a partnership between our platform services and how you enact security policies and controls.
  5. Slide script: Azure Active Directory is a comprehensive identity and access management solution for the cloud that provides a robust set of capabilities to manage users and groups and help secure access to applications including Microsoft online services like Office 365 and a world of non-Microsoft SaaS applications. It combines core directory services, advanced identity governance and application access management. Azure Active Directory also offers a rich standards-based platform that enables developers to deliver access control to their applications, based on centralized policy and rules. AZURE: Uses Azure AD to govern access to the management portal with granular access controls for users and groups on subscription or resource groups Provides enterprise cloud identity and access management Enables single sign-on across cloud applications Offers Multi-Factor Authentication for enhanced security CUSTOMER: Centrally manages users and access to Azure, O365, and hundreds of pre-integrated cloud applications Builds Azure AD into their web and mobile applications Can extend on-premises directories to Azure AD through synchronization
  6. Slide script: Azure Active Directory (Azure AD) provides an easy way for your business to manage identity and access, both in the cloud and on-premises. Your users can use one work or school account for single sign-on to any cloud and on-premises web application, using their favorite device, including iOS, Mac OS X, Android, and Windows devices. Your organization can protect sensitive data and applications both on-premises and in the cloud with integrated multi-factor authentication ensuring secure local and remote access. Or extend your on-premises directories so that information workers can use a single organizational account to securely and consistently access their corporate resources. You can use Two Factor Authentication or DevOPs access to your production services. For Two Factor Authentication, you can implement it with Phone Factor or with AD on-premises.
  7. Azure Security Center helps you prevent, detect and respond to threats with increased visibility and control over the security of all your Azure resources. It provides a central view of security across your subscriptions, and enables you to set policies and monitor security configurations. Policy-driven recommendations guide resource owners through the process of implementing security controls and enable rapid deployment of integrated Microsoft and partner security solutions. Security-related events from across your Azure deployments are automatically collected and analyzed using Microsoft global threat intelligence and expertise to identify actual threats and reduce false alarms. The resulting real-time alerts offer insights into the attack campaign and suggest ways to remediate and recover quickly.
  8. Partner with peers, work with industry alliances, and work with governments