introduction to the azure security …note.microsoft.com/rs/578-uyy-044/images/consalta... · azure...

PA

GE

2

AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.WWW.CONSALTA.SI

INTRODUCTION TO THE AZURE SECURITY SCENARIOS

AZURE SALES STAR PROGRAM IN CEE

IGOR SHASTITKO

FEB 2017

http://img1.wikia.nocookie.net/__cb20130225111158/elderscrolls/es/images/3/36/Microsoft.svg.png

PA

GE

3

AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.

Every business deserves an opportunity to grow! We support IT companies at growing their business

in the Cloud. We are the Cloud Business Enablers!

About Consalta

1000+ CLIENTS

200+ ONSITE ENGAGEMENTS

180+ WEBINARS

40+ COUNTRIES

4,84 RATING

CONSALTA


http://www.consalta.si/

PA

GE

4


• Senior Infrastructure/

Security Consultant

• Microsoft Partners

• Microsoft Learning

Centers

• Microsoft MCS

• Computer Science

• MCSE/MCT

• Geek

• Family

• Video Blogging

• Gadgets & technologies

ROLE WORK

BACKGROUND PLEASURE

IGOR SHASTITKO


https://sk.linkedin.com/in/iwalker2000

PA

GE

5


Azure Sales Star program – Sessions – 11AM (CET)

FEB 6, 2017

AZURE SECURITY

SCENARIOS -

OVERVIEW OF MAIN

SCENARIOS FOR

SECURITY PROJECTS

FEB 9, 2017

NEW PARTNER

OPPORTUNITIES TO

PLAN CLOUD/HYBRID

IDENTITY PROJECTS

FEB 13, 2017

FINE-TUNE THE

DETAILS OF PLANNING

HYBRID IDENTITY

PROTECTION

FEB 16, 2017

PROVIDE A FULL

MANAGEMENT

EXPERIENCE FOR

HYBRID

INFRASTRUCTURE

FEB 20, 2017

SECURE MOBILE USERS

PLANNING: MOBILE

DEVICE MANAGEMENT

(MDM) SCENARIOS

COMPARISON

FEB 23, 2017

IMPLEMENTING

MICROSOFT INTUNE

TO MDM

FEB 27, 2017

PLANNING DATA

ACCESS &

PROTECTION IN

HYBRID

INFRASTRUCTURE

MAR 2, 2017

PLANNING HYBRID

DATA PROTECTION AT

THE FILE LEVEL

MAR 6, 2017

PLANNING AZURE

INFRASTRUCTURE

SECURITY

MAR 9, 2017

PLANNING AZURE

INFRASTRUCTURE

SECURITY – DATA

PROTECTION IN

AZURE


PA

GE

6


Agenda for the following 45’

Customer Case Studies

& Good Practices

Cloud Security Solutions

& security projects’ pillars

What is next

Webinars and resources

Security Threats

overview


PA

GE

7


Modern Security Threats

1. THE RESEARCH

2. NEW IDEAS

3. THE GAP

4. THE PLAN

5. THE CHANGE

6. THE

EVALUATION


PA

GE

8


ARE CLOUD SOLUTIONS PROTECTED ?

THE MAIN QUESTION


PA

GE

9


Microsoft, Cloud Security Architecture


PA

GE

10


ATTACKS AGAINST CLOUD ADMINISTRATORS

Targeted attacks against on-premises and

cloud infrastructures alike often focus on IT

administrators. The intent is to take control

of an email account that has a high

probability of containing credentials that

can be used to gain access to the public

cloud administrator portal.

PIVOT BACK ATTACKS

A pivot back attack occurs when an

attacker compromises a public cloud

resource to obtain information that they

then use to attack the resource provider’s

on-premises environment. Public facing

endpoints in the cloud are often under

constant brute force attack through

protocols such as Remote Desktop

Protocol (RDP) and Secure Shell (SSH).

New types of threats can be related to characteristics of the public cloud only, or to issues introduced

by connectivity between on-premises environments and the public cloud.

Threats against cloud deployments and infrastructure

https://www.microsoft.com/security/sir/default.aspx


PA

GE

11


The cyber kill chain is a model defined by analysts at Lockheed Martin to aid decision making with

regard to detecting and responding to threats

The cyber kill chain: On-premises and in the cloud

https://www.microsoft.com/security/sir/default.aspx


PA

GE

12


Cloud Security Solutions & security projects’ pillars

overview

1. THE RESEARCH

2. NEW IDEAS

3. THE GAP

4. THE PLAN

5. THE CHANGE

6. THE

EVALUATION


PA

GE

13


Cloud Solutions’ weakness pillars/modern threats

• Azure IaaS is same to

customers local infra in

terms of vulnerabilities

• And it is not only about

VMs/LOBs protection, it is

also about new INFA

protection against modern

threats

INFRASTRUCTURE

• Get admin access/”gold

admin” is most used

hackers practice against

organisations

• “Cloud globalisation” of

identity systems and

accounts helps to use this

breach more effectively

• Requirements of the business demand more mobility from employees

• All confidential mobile data on user devices is potential threat for loss or disclosure

• BYOD/unmanaged devices is thread for customer infra and identity

IDENTITY MOBILITY

“IAAS” IS NOT MEAN SECURE MOST USED PRACTICE LOST DEVICES, BYOD


PA

GE

14


MANDATORY ACTIONS

Start to discuss this topics with customers in any hybrid/public cloud Azure IaaS project

Azure Security Infrastructure

• Admin access protection in Azure IaaS

• Azure IaaS virtual networks/network access

protection to Azure IaaS

• Data protection in Azure

• Antivirus/antimalware protection in Azure

IaaS

• Monitoring of security for Azure IaaS, VMs,

hybrid infra


PA

GE

15


Admin access protection

• Hybrid Identity solution/project

• Modernization of existing local identity infrastructure with modern technologies, e.g. authentication silos, Microsoft ATA etc.

• Modernization of existing administration procedures, processes and on-premises admin account protection (PAW)

• Planning Role Based Access Control (RBAC) and procedures in general


PA

GE

16


Safe and extend your Network Engineers experience with Azure Projects

Virtual Networks protection in Azure

• Remote Access to

IaaS/VMs & hybrid

connections solutions

• Network architecture and

Network Security Groups

planning in Azure IaaS

• VM network security audit

• Virtual Network Security

Appliances – well known

network security solutions

in Azure Marketplace


PA

GE

17


Build the customer trust to store data in Azure

Data protection in Azure

• Help customer to understand data protection and encryption in Azure IaaS

• Azure Key Vault/BYOK discussion

• Plan, Design & Implement VMs/Storage/SQL encryption

• StorSimple as the part of solution


PA

GE

18


The Fundamental of any Cloud project

Hybrid Identity Protection

• Azure AD B2B/B2C solutions for easy connection

• Microsoft AD DS/Azure AD hybrid identity implementation

• Single sign-on, AD FS etc.

• Identity Infrastructure protection with Web App Proxy/Azure App Proxy

• Multifactor authentication with Azure AD Premium, Device registration and hardening

• Monitoring of Azure AD/Identity Protection


PA

GE

19


Unprotected/unmanaged mobile devices is high threat for any infrastructure

Mobile Device Management

• Help to select right MDM solution for customer – Office 365/Intune + hybrid identity

• Intune deployment design, planning and implementation

• Standard security policies for mobile devices implementation and audit

• Mobile devices’ “Hardening”, extend Intune functionality

• Deploy application to mobile devices

• Have SCCM specialist – let’s reuse their experience in hybrid MDM scenarios


PA

GE

20


Mitigate issues related to data leakage on mobile devices in on-premises an cloud infrastructure

Mobile Data Protection

• Modernization of existing local data

protection infrastructure with

Dynamic Access Control/

Conditional Access Control/ FCI

• Design, Planning and

Implementation mobile data

encryption and sync with Work

Folders

• Implementation of Windows

Information Protection for Windows

10 with Azure/Intune

• Mobile data protection with Azure

RMS/Information Protection

• Hybrid infrastructure data protection

project – RMS/Azure RMS Connector


PA

GE

21


Customer Case Studies

1. THE RESEARCH

2. NEW IDEAS

3. THE GAP

4. THE PLAN

5. THE CHANGE

6. THE

EVALUATION


PA

GE

22



PA

GE

23



PA

GE

24



PA

GE

25


What’s NEXT?

1. THE RESEARCH

2. NEW IDEAS

3. THE GAP

4. THE PLAN

5. THE CHANGE

6. THE

EVALUATION


PA

GE

26


Azure Sales Star program – Sessions

FEB 6, 2017

AZURE SECURITY

SCENARIOS -

OVERVIEW OF MAIN

SCENARIOS FOR

SECURITY PROJECTS

FEB 9, 2017

NEW PARTNER

OPPORTUNITIES TO

PLAN CLOUD/HYBRID

IDENTITY PROJECTS

FEB 13, 2017

FINE-TUNE THE

DETAILS OF PLANNING

HYBRID IDENTITY

PROTECTION

FEB 16, 2017

PROVIDE A FULL

MANAGEMENT

EXPERIENCE FOR

HYBRID

INFRASTRUCTURE

FEB 20, 2017

SECURE MOBILE USERS

PLANNING: MOBILE

DEVICE MANAGEMENT

(MDM) SCENARIOS

COMPARISON

FEB 23, 2017

IMPLEMENTING

MICROSOFT INTUNE

TO MDM

FEB 27, 2017

PLANNING DATA

ACCESS &

PROTECTION IN

HYBRID

INFRASTRUCTURE

MAR 2, 2017

PLANNING HYBRID

DATA PROTECTION AT

THE FILE LEVEL

MAR 6, 2017

PLANNING AZURE

INFRASTRUCTURE

SECURITY

MAR 9, 2017

PLANNING AZURE

INFRASTRUCTURE

SECURITY – DATA

PROTECTION IN

AZURE

NEXT


PA

GE

27


Azure Sales Star program - Resources

CHECK ALL THE SESSIONS AND

ANNOUNCEMENTS

https://partner.microsoft.com/pl-

pl/training/AzureSalesStarProgram#kic

k_off-session

…AND REGISTER SOON!

CHECK OUR LATEST THINKING –

AZURE SALES STAR BLOG

https://partner.microsoft.com/pl-

pl/training/azuresalesstarprogram/secu

rity-can-be-the-primary-reason-for-

cloud-adoption

…AND MORE TO COME!


https://partner.microsoft.com/pl-pl/training/AzureSalesStarProgram#kick_off-session

https://partner.microsoft.com/pl-pl/training/azuresalesstarprogram/security-can-be-the-primary-reason-for-cloud-adoption

PA

GE

28


Brought to you by Consalta

1. THE RESEARCH

2. NEW IDEAS

3. THE GAP

4. THE CHANGE

5. THE PLAN

6. THE

EVALUATION


PA

GE

30


DAVID BALAZICe: [email protected]

m: +386 31 699 622

Skype: davidb-consalta

Thank you for your attention!

SAMO

KANELLOPULOSe: [email protected]

m: +386 41 781 761

Skype: samok-consalta

IGOR SHASTITKOe: [email protected]

m: +421 949 88 78 36

Skype: iwalker2000


https://www.facebook.com/Consalta

https://twitter.com/consaltaonline

http://www.linkedin.com/company/2097206

skype:davidb-consalta?call

https://plus.google.com/u/0/b/106526072772729705193/+ConsaltaSi

http://si.linkedin.com/in/davidbalazic/

http://si.linkedin.com/in/samokanellopulos/

https://sk.linkedin.com/in/iwalker2000

http://www.consalta.si/

introduction to the azure security …note.microsoft.com/rs/578-uyy-044/images/consalta... · azure...

Documents