David Aiken Windows Azure Microsoft Corporation SIA204 Agenda T h ìpÌŠ aóDw XµÒÃampç½alt ôYË ˆ ÿÌZ Ñ2ØøEÍÏrTñ¼ˆýXðeH4dPy ID: 717031
Download Presentation The PPT/PDF document "Cloudy Weather: How Secure Is the Clo..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Cloudy Weather: How Secure Is the Cloud?
David AikenWindows AzureMicrosoft Corporation
SIA204Slide2
Agenda T ‹}h_¢±
ìpÌŠ=a•óDw XµÒË&´ç½a<ô‚;Yˈ™ÿÌZ
ц2±ØøEÍÏrT–.ñ¼ˆý™¿‹X÷!ð±,eH4dPy;–›¢±ìpÌŠ=a•óDw T ‹}h_ XµÒË&´ç½a<ô‚;Yˈ™ÿÌZц2±ØøEÍÏrT–.ñ¼ˆý™¿‹X÷!ð±,eH4dPy;–›‹&´ç
½
T ‹}h_¢±
ìpÌŠ=a•óDw XµÒà a<ô‚;Yˈ™ÿÌZц2±ØøEÍÏrT–.ñ¼ˆý™¿‹X÷!ð±,eH4dPy;–›
CLASSIFIEDSlide3
QuestionsDoes Windows Azure provide the rock-solid security required for the most sensitive data and applications?
How do you ensure privacy of sensitive information?How do you secure access to applications?What if you have strict compliance requirements?Slide4
c
onfidentiality
C
integrity
I
availability
A
risk management
complianceSlide5
m
oving to the cloud
Customer Accountability Multi-tenancyDifferent ResponsibilitiesTrustSlide6
Multiple Sources
LAW
INDUSTRY
STANDARDS
INTERNAL
ISOSlide7
FISMA
ISO 27001
SSAE 16
SAS 70
EU PII
PCI DSS
HIPAA
SOX
GLBA
CFR Title 21 Part 11Slide8
Windows Azure Compliance (core services)
NOW
NEXT
LATER
ISO/IEC 27001:2005
SSAE 16 (SOC 1 Type 2)
EU-US
Safe
Harbour
EU Model Clauses
HIPAA BAA
FISMA /
FedRAMP
…Slide9
Windows Azure Trust CenterPrivacy
TransparentComplianceRelentless
http://www.windowsazure.com/en-us/support/trust-center/Slide10
Office 365 Compliance
NOW
ISO/IEC
27001:2005
EU-US
Safe
Harbour
EU Model
Clauses
HIPAA BAA
DPASlide11
Office 365 Trust CenterPrivacy
TransparentComplianceRelentless
http://www.microsoft.com/en-us/office365/trust-center.aspxSlide12
physical
Defense In Depth
network
host
application
data
userSlide13
Defense In DepthCarrier Class Datacenters
24 x 7 MonitoringBiometric Access Controls
physicalSlide14
Defense In DepthAutomatic Configuration
VPN SeparationFirewall & Packet Filters
networkSlide15
Defense In DepthHyper-V Isolation
Secure CommunicationsReduced OS footprint*
hostSlide16
Defense In DepthTrust Level
Automatic ConfigurationAV Protection
applicationSlide17
Defense In DepthSQL Server controls
Storage keysTrust Services
dataSlide18
d
on’t put keys and data in the same placeSlide19
Trust Services – define policy
Publisher
Name
SSN
Smith, John
123-45-6789
Trust Server
SQL Azure
Name
SSN
Smith, John
123-45-6789
Trust
Services
SDK
pub
Administrator
admin
Subscriber
Name
SSN
Smith, John
123-45-6789
sub
Trust
Services
SDK
Data Policy
Authz
List
Cert
Key
SSN
pub, sub
Pub
sub
Pub
pubSlide20
Encrypt data
Publisher
Name
SSN
Smith, John
123-45-6789
Trust Server
SQL Azure
Name
SSN
Smith, John
123-45-6789
Trust
Services
SDK
pub
Subscriber
Name
SSN
Smith, John
123-45-6789
sub
Trust
Services
SDK
Data Policy
Authz
List
Cert
Key
SSN
pub, sub
Pub
sub
Pub
pub
K
KGuid
SSN
E
Pub
sub
WK
KGuidSlide21
Decrypt data
Publisher
Name
SSN
Smith, John
123-45-6789
Trust Server
SQL Azure
Name
SSN
Smith, John
123-45-6789
Trust
Services
SDK
pub
Subscriber
Name
SSN
Smith, John
123-45-6789
sub
Trust
Services
SDK
Data Policy
Authz
List
Cert
Key
SSN
pub, sub
Pub
sub
Pub
pub
K
KGuid
SSN
E
Priv
sub
WK
KGuidSlide22
Defense In DepthAccess Control
FederationUser Education
userSlide23
physical
Defense In Depth
network
host
application
data
userSlide24Slide25
Securing
ServicesSlide26
QuestionsDoes Windows Azure provide the rock-solid security required for the most sensitive data and applications?
How do you ensure privacy of sensitive information?How do you secure access to applications?What if you have strict compliance requirements?Slide27
Does Windows Azure provide the rock-solid security required for the most sensitive data and applications?
You DecideSlide28
How do you ensure privacy of sensitive information?
Encryption
Key ManagementTrust ServicesSlide29
How do you secure access to applications?Identity
Integrate with enterprise identityEnable single sign-on within your appsEnterprise Graph REST APISlide30
What if you have strict compliance requirements?
Industry standards
RiskNot everything fitsSlide31
SummaryWindows Azure gives a Rock Solid Foundation
Responsibilities have changedManaging RiskReview the Windows Azure Trust Center
https://www.windowsazure.com/en-us/support/trust-center/Slide32
Related Content
Windows Azure Trust Center
Find Me Later
At The Windows Azure BoothSlide33
SIA, WSV, and VIR Track Resources
Talk to our Experts at the TLC
#TE(
sessioncode
)
DOWNLOAD Windows Server 2012 Release Candidate
microsoft.com/
windowsserver
Hands-On Labs
DOWNLOAD Windows Azure
Windowsazure.com/
techedSlide34
Resources
Connect. Share. Discuss.
http://northamerica.msteched.com
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Resources for Developers
http://microsoft.com/msdn Slide35
Required Slide
Complete an evaluation on CommNet and enter to win!Slide36
MS Tag
Scan the Tag
to evaluate this
session now on
myTechEd
MobileSlide37
©
2012 Microsoft
Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the
part
of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT
MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.Slide38