cloud - aber sicher
TRANSCRIPT
![Page 1: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/1.jpg)
BASEL BERN BRUGG DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. GENEVA HAMBURG COPENHAGEN LAUSANNE MUNICH STUTTGART VIENNA ZURICH
Cloud – aber „Sicher“
Florian van KeulenSenior Consultant Cloud & Security
![Page 2: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/2.jpg)
Cloud - Aber "Sicher"2 Dec 2015
Florian van KeulenSenior ConsultantBDS
Since 2014 at Trivadis
Security Infrastructure
– Identity & Access Management
– Cloud Infrastructure & Security
– Office 365 & SharePoint
Security Officer
– Information Security Management
![Page 3: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/3.jpg)
Security Opportunities
Cloud - Aber "Sicher"3 Dec 2015
![Page 4: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/4.jpg)
Datacenter & Storage Location
Cloud - Aber "Sicher"4 Dec 2015
Ireland & Netherlands
– Azure
– Office 365
– Dynamics CRM Online
Finland & Austria NEW
– Office 365
Germany NEW
– Data Trustee Telekom
http://www.microsoft.com/online/legal/v2/?docid=25
![Page 5: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/5.jpg)
Datacenter & Storage Location
Cloud - Aber "Sicher"5 Dec 2015
Storage Replication
– Locally Redundant Storage (LRS)
– Zone Redundant Storage (ZRS)
– Geo Redundant Storage (GRS)
– Read Access Geo Redundant Storage (RA-GRS)
![Page 6: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/6.jpg)
Cloud - Aber "Sicher"6 Dec 2015
![Page 7: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/7.jpg)
Identity & Access Management
Cloud - Aber "Sicher"7 Dec 2015
![Page 8: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/8.jpg)
Multi Factor Authentication (MFA)
Cloud - Aber "Sicher"8 Dec 2015
Extra Authentication Factor
– Automated Call / Token (SMS)Authenticator App
– For Cloud Services
– Also for On-Premise
– Rules can be Applied
– Administrators and Users
![Page 9: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/9.jpg)
Conditional Access
Cloud - Aber "Sicher"9 Dec 2015
![Page 10: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/10.jpg)
Comprehensive Reports & Notifications
Cloud - Aber "Sicher"10 Dec 2015
• Microsoft Threat Intelligence
• Credentials found in Dark web
• Botnet activity
• Authentication Context Analysis
![Page 11: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/11.jpg)
Unified Device Management
Cloud - Aber "Sicher"11 Dec 2015
![Page 12: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/12.jpg)
Azure RMS
Cloud - Aber "Sicher"
Encrypts and protects Documents and Mails
Access through Authorization by Azure AD
Policies • Edit• Copy• Print• Retention Time
Also with External Users
Dec 201512
![Page 13: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/13.jpg)
Azure RMS
Cloud - Aber "Sicher"
uses encryption, identity, andauthorization policies to secureMails and Files
protected both within and outside your organization
protection remains with the data
Encryption:
– 2048-bit RSA asymmetric key withSHA- 256 hash algorithm
– AES 128-bit symmetric (CBC mode with PKCS#7 padding)
Azure RMS
Dec 201513
![Page 14: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/14.jpg)
Azure RMS
Cloud - Aber "Sicher"
Keys are Stored in Azure Keyvault
– Geo-location specific
– Stored in HSM module
Full Audit und Logging of Key usage
BYOK support available Azure RMS
Dec 201514
![Page 15: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/15.jpg)
Azure RMS – Bring your Own Key (BYOK)
Cloud - Aber "Sicher"Dec 201515
![Page 16: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/16.jpg)
Enterprise Mobility Suite
Cloud - Aber "Sicher"16 Dec 2015
Identity Management Authentication & Authorization
MFA Conditional Access
Unified Mobile Device ManagementAccess Management Apps DeploymentSelective Wipe
Microsoft AzureActive Directory Premium
Microsoft Intune
Microsoft AzureRights Management
++
Document Level SecurityEncryption
PoliciesSecure Access
![Page 17: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/17.jpg)
Enterprise Mobility Suite
Cloud - Aber "Sicher"17 Dec 2015
Microsoft AzureActive Directory Premium
Microsoft Intune
Microsoft AzureRights Management
++
![Page 18: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/18.jpg)
Office 365 Security
Cloud - Aber "Sicher"18 Dec 2015
Data Retention Policies / Legal Hold
Encryption
Data Loss Prevention (DLP)
Exchange Online Advance Threat Protection
(essential RMS & MDM Features)
![Page 19: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/19.jpg)
Data Retention Policies / Legal Hold
Cloud - Aber "Sicher"19 Dec 2015
![Page 20: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/20.jpg)
Office 365 Encryption
Cloud - Aber "Sicher"
Azure RMS Office365MessageEncryption S/MIME
Dec 201520
![Page 21: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/21.jpg)
Office 365 Message Encyption (OME)
Cloud - Aber "Sicher"
apply encryption on emails that originate from Office 365
inside or outside Office 365
External users can decrypt the received email by either:
– an Office 365 account (from their company)
– a Microsoft account
– a one-time passcode
Azure RMS used for encryption
Office365MessageEncryption
Dec 201521
![Page 22: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/22.jpg)
S/MIME
Cloud - Aber "Sicher"
standard for
– public key encryption
– digital signing of MIME data
Public / Private Key Infrastructure
Works with Outlook, Outlook Web App, and Exchange ActiveSync clients (mobile)
S/MIME
Dec 201522
![Page 23: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/23.jpg)
Encryption
Cloud - Aber "Sicher"23 Dec 2015
• AES265 encryption at Rest and in Motion
• Two types of encryption for Data at Rest:
• Disk encryption (using Bitlocker)
• File encryptionEach file is encrypted with its own key
• Data in Motion
• SSL (TLS 1.0 & 1.2)
• New cipher suite order
• Discovered vulnerabilities are taken serious:
• SSLv3 Support withdrawn
• RC4 cipher support withdrawn
![Page 24: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/24.jpg)
Encryption of Files in OneDrive & SharePoint
Cloud - Aber "Sicher"24 Dec 2015
Encrypted Files and File Chunksstored randomly accross
Encrypted Storage Containers
Keys of theContainer &Content DB
Keys of the Files andFile Chunks
Keys and content are stored in 3 different locations, so you need authorization in all 3 areas to reveal data
![Page 25: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/25.jpg)
Data Lost Prevention (DLP)
Cloud - Aber "Sicher"25 Dec 2015
Prevents Sensitive Data From Leaving Organization
Provides an Alert when data such as Social Security & Credit Card Number is emailed
Alerts can be customized by Admin to catch Intellectual Property from being emailed out
• Email, OneDrive & Office
• For Based On Policies
• File Content Patterns
• Built-in templates based on common regulations
• Import DLP policy templates from security partners or build your own
![Page 26: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/26.jpg)
Exchange Online Advance Threat Protection
Cloud - Aber "Sicher"26 Dec 2015
• Multiple Anti Malware Engines
• URL Link
• Rich Reporting & Tracing
![Page 27: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/27.jpg)
Office365 Lock Box
Cloud - Aber "Sicher"Dec 201527
![Page 28: Cloud - aber sicher](https://reader034.vdocuments.mx/reader034/viewer/2022052705/588620351a28ab8f2c8b4ef3/html5/thumbnails/28.jpg)
Does your Datacenter Support these features?
Cloud - Aber "Sicher"28 Dec 2015
• High Availability & Geo Redundancy of your data
• Full Featured Identity and Access management Cross Premises and with 3rd Party
• MFA and Conditional access
• Enhanced Security Reports and Notifications (Threat Intelligenz)
• Unified Device Management
• Rights Management on Document Level wherever stored
• E-Mail & Multi Level File Encryption
• Retention time, Archiving and Legal Hold
• Advanced Threat Protection
And most of it is already in an Office365 Subscription included !!!