introduction to the azure security …note.microsoft.com/rs/578-uyy-044/images/consalta... · azure...
TRANSCRIPT
PA
GE
2
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.WWW.CONSALTA.SI
INTRODUCTION TO THE AZURE SECURITY SCENARIOS
AZURE SALES STAR PROGRAM IN CEE
IGOR SHASTITKO
FEB 2017
PA
GE
3
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Every business deserves an opportunity to grow! We support IT companies at growing their business
in the Cloud. We are the Cloud Business Enablers!
About Consalta
1000+ CLIENTS
200+ ONSITE ENGAGEMENTS
180+ WEBINARS
40+ COUNTRIES
4,84 RATING
CONSALTA
PA
GE
4
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
• Senior Infrastructure/
Security Consultant
• Microsoft Partners
• Microsoft Learning
Centers
• Microsoft MCS
• Computer Science
• MCSE/MCT
• Geek
• Family
• Video Blogging
• Gadgets & technologies
ROLE WORK
BACKGROUND PLEASURE
IGOR SHASTITKO
PA
GE
5
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Azure Sales Star program – Sessions – 11AM (CET)
FEB 6, 2017
AZURE SECURITY
SCENARIOS -
OVERVIEW OF MAIN
SCENARIOS FOR
SECURITY PROJECTS
FEB 9, 2017
NEW PARTNER
OPPORTUNITIES TO
PLAN CLOUD/HYBRID
IDENTITY PROJECTS
FEB 13, 2017
FINE-TUNE THE
DETAILS OF PLANNING
HYBRID IDENTITY
PROTECTION
FEB 16, 2017
PROVIDE A FULL
MANAGEMENT
EXPERIENCE FOR
HYBRID
INFRASTRUCTURE
FEB 20, 2017
SECURE MOBILE USERS
PLANNING: MOBILE
DEVICE MANAGEMENT
(MDM) SCENARIOS
COMPARISON
FEB 23, 2017
IMPLEMENTING
MICROSOFT INTUNE
TO MDM
FEB 27, 2017
PLANNING DATA
ACCESS &
PROTECTION IN
HYBRID
INFRASTRUCTURE
MAR 2, 2017
PLANNING HYBRID
DATA PROTECTION AT
THE FILE LEVEL
MAR 6, 2017
PLANNING AZURE
INFRASTRUCTURE
SECURITY
MAR 9, 2017
PLANNING AZURE
INFRASTRUCTURE
SECURITY – DATA
PROTECTION IN
AZURE
PA
GE
6
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Agenda for the following 45’
Customer Case Studies
& Good Practices
Cloud Security Solutions
& security projects’ pillars
What is next
Webinars and resources
Security Threats
overview
PA
GE
7
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Modern Security Threats
1. THE RESEARCH
2. NEW IDEAS
3. THE GAP
4. THE PLAN
5. THE CHANGE
6. THE
EVALUATION
PA
GE
8
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
ARE CLOUD SOLUTIONS PROTECTED ?
THE MAIN QUESTION
PA
GE
9
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Microsoft, Cloud Security Architecture
PA
GE
10
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
ATTACKS AGAINST CLOUD ADMINISTRATORS
Targeted attacks against on-premises and
cloud infrastructures alike often focus on IT
administrators. The intent is to take control
of an email account that has a high
probability of containing credentials that
can be used to gain access to the public
cloud administrator portal.
PIVOT BACK ATTACKS
A pivot back attack occurs when an
attacker compromises a public cloud
resource to obtain information that they
then use to attack the resource provider’s
on-premises environment. Public facing
endpoints in the cloud are often under
constant brute force attack through
protocols such as Remote Desktop
Protocol (RDP) and Secure Shell (SSH).
New types of threats can be related to characteristics of the public cloud only, or to issues introduced
by connectivity between on-premises environments and the public cloud.
Threats against cloud deployments and infrastructure
https://www.microsoft.com/security/sir/default.aspx
PA
GE
11
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
The cyber kill chain is a model defined by analysts at Lockheed Martin to aid decision making with
regard to detecting and responding to threats
The cyber kill chain: On-premises and in the cloud
https://www.microsoft.com/security/sir/default.aspx
PA
GE
12
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Cloud Security Solutions & security projects’ pillars
overview
1. THE RESEARCH
2. NEW IDEAS
3. THE GAP
4. THE PLAN
5. THE CHANGE
6. THE
EVALUATION
PA
GE
13
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Cloud Solutions’ weakness pillars/modern threats
• Azure IaaS is same to
customers local infra in
terms of vulnerabilities
• And it is not only about
VMs/LOBs protection, it is
also about new INFA
protection against modern
threats
INFRASTRUCTURE
• Get admin access/”gold
admin” is most used
hackers practice against
organisations
• “Cloud globalisation” of
identity systems and
accounts helps to use this
breach more effectively
• Requirements of the business demand more mobility from employees
• All confidential mobile data on user devices is potential threat for loss or disclosure
• BYOD/unmanaged devices is thread for customer infra and identity
IDENTITY MOBILITY
“IAAS” IS NOT MEAN SECURE MOST USED PRACTICE LOST DEVICES, BYOD
PA
GE
14
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
MANDATORY ACTIONS
Start to discuss this topics with customers in any hybrid/public cloud Azure IaaS project
Azure Security Infrastructure
• Admin access protection in Azure IaaS
• Azure IaaS virtual networks/network access
protection to Azure IaaS
• Data protection in Azure
• Antivirus/antimalware protection in Azure
IaaS
• Monitoring of security for Azure IaaS, VMs,
hybrid infra
PA
GE
15
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Admin access protection
• Hybrid Identity solution/project
• Modernization of existing local identity infrastructure with modern technologies, e.g. authentication silos, Microsoft ATA etc.
• Modernization of existing administration procedures, processes and on-premises admin account protection (PAW)
• Planning Role Based Access Control (RBAC) and procedures in general
PA
GE
16
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Safe and extend your Network Engineers experience with Azure Projects
Virtual Networks protection in Azure
• Remote Access to
IaaS/VMs & hybrid
connections solutions
• Network architecture and
Network Security Groups
planning in Azure IaaS
• VM network security audit
• Virtual Network Security
Appliances – well known
network security solutions
in Azure Marketplace
PA
GE
17
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Build the customer trust to store data in Azure
Data protection in Azure
• Help customer to understand data protection and encryption in Azure IaaS
• Azure Key Vault/BYOK discussion
• Plan, Design & Implement VMs/Storage/SQL encryption
• StorSimple as the part of solution
PA
GE
18
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
The Fundamental of any Cloud project
Hybrid Identity Protection
• Azure AD B2B/B2C solutions for easy connection
• Microsoft AD DS/Azure AD hybrid identity implementation
• Single sign-on, AD FS etc.
• Identity Infrastructure protection with Web App Proxy/Azure App Proxy
• Multifactor authentication with Azure AD Premium, Device registration and hardening
• Monitoring of Azure AD/Identity Protection
PA
GE
19
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Unprotected/unmanaged mobile devices is high threat for any infrastructure
Mobile Device Management
• Help to select right MDM solution for customer – Office 365/Intune + hybrid identity
• Intune deployment design, planning and implementation
• Standard security policies for mobile devices implementation and audit
• Mobile devices’ “Hardening”, extend Intune functionality
• Deploy application to mobile devices
• Have SCCM specialist – let’s reuse their experience in hybrid MDM scenarios
PA
GE
20
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Mitigate issues related to data leakage on mobile devices in on-premises an cloud infrastructure
Mobile Data Protection
• Modernization of existing local data
protection infrastructure with
Dynamic Access Control/
Conditional Access Control/ FCI
• Design, Planning and
Implementation mobile data
encryption and sync with Work
Folders
• Implementation of Windows
Information Protection for Windows
10 with Azure/Intune
• Mobile data protection with Azure
RMS/Information Protection
• Hybrid infrastructure data protection
project – RMS/Azure RMS Connector
PA
GE
21
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Customer Case Studies
1. THE RESEARCH
2. NEW IDEAS
3. THE GAP
4. THE PLAN
5. THE CHANGE
6. THE
EVALUATION
PA
GE
22
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
PA
GE
23
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
PA
GE
24
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
PA
GE
25
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
What’s NEXT?
1. THE RESEARCH
2. NEW IDEAS
3. THE GAP
4. THE PLAN
5. THE CHANGE
6. THE
EVALUATION
PA
GE
26
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Azure Sales Star program – Sessions
FEB 6, 2017
AZURE SECURITY
SCENARIOS -
OVERVIEW OF MAIN
SCENARIOS FOR
SECURITY PROJECTS
FEB 9, 2017
NEW PARTNER
OPPORTUNITIES TO
PLAN CLOUD/HYBRID
IDENTITY PROJECTS
FEB 13, 2017
FINE-TUNE THE
DETAILS OF PLANNING
HYBRID IDENTITY
PROTECTION
FEB 16, 2017
PROVIDE A FULL
MANAGEMENT
EXPERIENCE FOR
HYBRID
INFRASTRUCTURE
FEB 20, 2017
SECURE MOBILE USERS
PLANNING: MOBILE
DEVICE MANAGEMENT
(MDM) SCENARIOS
COMPARISON
FEB 23, 2017
IMPLEMENTING
MICROSOFT INTUNE
TO MDM
FEB 27, 2017
PLANNING DATA
ACCESS &
PROTECTION IN
HYBRID
INFRASTRUCTURE
MAR 2, 2017
PLANNING HYBRID
DATA PROTECTION AT
THE FILE LEVEL
MAR 6, 2017
PLANNING AZURE
INFRASTRUCTURE
SECURITY
MAR 9, 2017
PLANNING AZURE
INFRASTRUCTURE
SECURITY – DATA
PROTECTION IN
AZURE
NEXT
PA
GE
27
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Azure Sales Star program - Resources
CHECK ALL THE SESSIONS AND
ANNOUNCEMENTS
https://partner.microsoft.com/pl-
pl/training/AzureSalesStarProgram#kic
k_off-session
…AND REGISTER SOON!
CHECK OUR LATEST THINKING –
AZURE SALES STAR BLOG
https://partner.microsoft.com/pl-
pl/training/azuresalesstarprogram/secu
rity-can-be-the-primary-reason-for-
cloud-adoption
…AND MORE TO COME!
PA
GE
28
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Brought to you by Consalta
1. THE RESEARCH
2. NEW IDEAS
3. THE GAP
4. THE CHANGE
5. THE PLAN
6. THE
EVALUATION
PA
GE
30
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
DAVID BALAZICe: [email protected]
m: +386 31 699 622
Skype: davidb-consalta
Thank you for your attention!
SAMO
KANELLOPULOSe: [email protected]
m: +386 41 781 761
Skype: samok-consalta
IGOR SHASTITKOe: [email protected]
m: +421 949 88 78 36
Skype: iwalker2000