presentación de powerpoint -...
TRANSCRIPT
Microsoft Azure
IoT Connect 2017
¿Risky things? Con la seguridad no se juega
Juan Manuel Servera – IoT evangelist
#IoTconnect
https://bdtechtalks.com/2016/07/12/iot-botnets-might-be-the-cybersecurity-industrys-next-big-worry/
White, Gregory: Security+ Certification All-in-One Exam Guide, McGraw-Hill, 2003, p. 388.
What Securing the Internet of Things Means for CISOs 4/11/2014
• Best Practice: IT and OT engineers collaborate in making “cyberphysical” systems safe and secure.
OT engineers knows how to
make physical things safe
and secure• Standards, Procedures,
Training, Continuous
Improvement
• Physical access management
• Hazard and Risk Analysis
• Monitoring and Maintenance
• Fail Safe and Safety
Equipment
IT engineers know how to
make digital things secure.• Secure Development Lifecycle
• Secure Network Technologies
• Threat & Vulnerability
Mitigation
• Monitoring and Alerting
• Software/Firmware Auto-
Updates
• Privacy Models
Manageable Firmware• Hold while I reboot the elevator!
• Modern Asset Lifecycle• Corporate policies for IT assets do not apply in the same way to IoT devices
• Maintenance plans integrate with operational concerns
• Health and Vulnerability Assessment• Device health includes physical asset assessment
• Analyses must balance risk vs operational performance
Windows 10 Enterprise for IoT devices
Enterprise Manageability and Security
Rich user experience
Win32 & UWP
Windows 10 IoT Enterprise
2GB RAM, 16 GB Storage | X86
Windows 10 Mobile for IoT devices
Handheld devices
Modern Shell & UWP
Lockdown and multi-user support
ARM, UWP
Windows 10 IoT Mobile
1 GB RAM, 4 GB storage | ARM
Windows 10 for IoT devices
Optimized for small & low cost IoT devices
Single UWP App experience
Low cost silicon
Windows 10 IoT Core (Pro)
256MB RAM, 2GB storage | X86 or ARM
WINDOWS 10 IOT EDITIONS
TRUSTEDT R U S T E D P L AT F O R M F O R C L O U D - C O N N E C T E D D E V I C E S
• SECURE BOOT
• TRUSTED BOOT
• WINDOWS DEFENDER ATP
• DEVICE GUARD
• ADVANCED LOCKDOWN
P R O T E C T D E V I C E S
• BITLOCKER
• TPM
• WINDOWS INFORMATION PROTECTION (WIP)
P R O T E C T D A T A P R O T E C T I D E N T I T I E S
• CREDENTIAL GUARD
• WINDOWS HELLO
*Purple highlighted features are available in Windows 10 IoT Core (Pro)
Secure Key handling
• Windows 10 IoT uses TPM 2.0 to handle Azure IoT credentials
• Credential storage is platform independent and SW update
resistant
• Support for discrete TPMs and firmware TPMs
• Access key provisioning tools for rapid prototyping (IoT
Dashboard, Device Portal)
PLAN
PROVISION
CONFIGURE
MONITOR
RETIRE
Group devices and control access
according to your organization's
needs
Securely authenticate devices,
on-board for management
and provision for service
Provide updates, configuration & applications
to assign the purpose of each device
Monitor device inventory,
health & security while
providing proactive
remediation of issues
Replace or decommission devices after failure, upgrade cycle or service lifetime
IoT Device Lifecycle
IoT Hub
Device id
Field GW /
Cloud GW
Device
C2D receive
endpoint
D2C send
endpoint
Device …
Device…
IoT Hub
management
C2D
send endpoint,
receive delivery ack
Event processing
(hot and cold path)
D2C receive
endpoint
Receive file
notification
Device management, device business logic,
Connectivity monitoring
Methods
endpoint
Twin
endpoint
Device Twins
endpoint
Direct Methods
endpoint
File upload
endpoint
Device identity
management
Job
management
Device provisioning
and authorization
Create and delete IoT hubs, and update IoT
hub properties, export device identities
IoT platform – past, present and future
Blockchain Network with Smart Contracts deployed
Machines IoT Device
Machines IoT Device
Users send transactions to smart
contracts associated with machines
Blockchain enabled IoT platform can enhance the functionality of Cloud-based Manufacturing (CBM) platforms, by providing a decentralized, trustless, peer-to-peer
network for manufacturing applications
On-Demand
Manufacturing
Smart Diagnostics &
Machine
Maintenance
Supply Chain
Tracking of both
products & supplier
identity
Consumer-to-
Machine & Machine-
to-Machine
Transactions:
Registry of Assets &
Inventory; Product
Certification
Key use-cases of Blockchain IoT platform:
Blockchain integrated IoT platform
Inversiones enInfraestructura
En sectoresaltamente regulados
Requisitos globalesRequisitos decumplimiento
local y regional
Requisitosfuturos
• Resolución Agencia Española de Protección de Datos (Julio 2014)
• Certificación Real Decreto medidas Técnicas LOPD (Julio 2016)
Privacidad
Personal
Principales cambios con GDPR
Controles y
notificaciones
Políticas
transparentes
IT, formación y
contratos
Necesidad de invertir en:
• Formación a empleados
sobre privacidad
• Políticas de datos
• Data Protection Officer
(DPO) (si + de 250
empleados)
• Seguridad
• Contratos
Processor/Vendor
• Estrictos requisitos de
Seguridad
• Obligación de reportar
brechas de seguridad
• Consentimiento
apropiado para el
proceso de datos
• Confidencialidad
• Mantenimiento de
registros
Individuos con derechos a:
• Acceso a sus datos
personales
• Corrección de errores en sus
datos personales
• Borrar sus datos personales
• Oponerse al procesamiento
de sus datos personales
• Exportar sus datos
personales
Políticas transpàrentes y de
facil acceso sobre:
• Notificación sobre
recogida de datos
• Notificación sobre
procesamiento
• Detalles del
procesamiento
• Retención y borrado de
datos
Como comienzo?
Identificar que datospersonales tiene y
donde residen.
Administrar el uso y el acceso a los datos
personales
Establecer controles de seguridad para prevenir , detectar y responder a las
vulnerabilidades e incidentes de seguridad de
los datos
Tramitar las solicitudes de
acceso a los datospor parte de los
interesados y conserver la
documentaciónnecesaria
Analizar los datos y Sistemas para asegurar
el cumplimiento y reducer riesgos
1 2 3 4 5
Detección Control Protección Notificación Revisión
Microsoft is meeting customer security needs with the industry's largest compliance portfolio
ISO
27001PCI DSS Level 1 * SOC 2 Type 2
ISO
27018
Cloud Controls
Matrix
Content Delivery and
Security Association *
Shared
AssessmentsSOC 1 Type 2W
orld
wid
e
Mayor portfolio de cumplimiento de la IndustriaG
ove
rnm
ent
FIPS 140-2 DISA Level 2FERPAFedRAMP
JAB P-ATO
FISMACJIS21 CFR
Part 11
IRS 1075Section 508
VPAT
United Kingdom
G-Cloud
NIST 800-
171
Natio
nal
European Union
Model Clauses
Singapore
MTCS Level 3
New Zealand
GCIO
Australian Signals
Directorate
Japan
Financial
Services
Spain ENSENISA
IAFHIPAA /
HITECH
EU-U.S.
Privacy Shield
China MLPS*,
TRUCS*, GB
18030*
https://www.microsoft.com/en-us/trustcenter/compliance/complianceofferings
• GDPR. • https://www.microsoft.com/es-xl/trustcenter/privacy/GDPR
• Secure Development Livecycle• https://www.microsoft.com/en-us/sdl/default.aspx
• IoT Security Architecture• https://docs.microsoft.com/en-us/azure/iot-suite/iot-security-architecture
• Protected Hardware Storage• https://developer.microsoft.com/en-us/windows/iot/win10/tpm
• https://developer.microsoft.com/en-us/windows/iot/Docs/SetupTPM.htm#sTPM
• Azure Trust Center• http://azure.microsoft.com/en-us/support/trust-center/
SECURITY
Security Software:
A
Active Response
Advanced Correlation Engine
Advanced Threat Defense
Application Data Monitor
C
Complete Data Protection
Complete Data Protection —
Advanced
Complete Data Protection —
Essential
Complete Endpoint Protection
— Business
Complete Endpoint Protection
— Enterprise
Configuration Control
D
Database Event Monitor for
SIEM
Data Center Security Suite for
Databases
Device Control
DLP Discover
DLP Endpoint
DLP Monitor
DLP Prevent
E
Endpoint Protection — Advanced
Suite
Endpoint Protection for Mac
Endpoint Protection for SMB
Endpoint Protection Suite
Enterprise Log Manager
Enterprise Security Manager
ePO Deep Command
ePolicy Orchestrator
Event Receiver
G
Global Threat Intelligence for ESM
H
Host Intrusion Prevention for Desktop
Host Intrusion Prevention for Server
I
Integrity Control
Intel Security Controller
M
MOVE AntiVirus
N
Network Security Platform
Network Threat Response
P
Policy Auditor
Public Cloud Server Security Suite
S
SaaS Web Protection
Security for Email Servers
Security for Microsoft SharePoint
Security Scanner for Databases
Security Suite for Virtual Desktop
Infrastructure
Server Security Suite Advanced
Server Security Suite Essentials
SiteAdvisor Enterprise
T
Threat Intelligence Exchange
Total Protection for Data Loss
Prevention
V
VirusScan Enterprise
VirusScan Enterprise for Linux
VirusScan Enterprise for Storage
Vulnerability Manager for
Databases
W
Web Gateway
Web Protection
Microsoft AZURE
IoT Connect 2017
#IoTconnect