security in the cloud - siemens d.o.o. beograd · 2017-09-24 · system center configuration...
TRANSCRIPT
Security in The Cloud Hardware assurances | Cloud-enabled visibility | Current Threat Prioritization
Marko Kavčič, CISA, preizkušeni revizor informacijskih sistemov
Committed to security
Microsoft spends $1B+ on security R&D every year
“By 2020, a corporate
‘no-cloud’ policy will be
as rare as a ‘no-internet’
policy is today.”1
“The question is no longer:
‘How do I move to the
cloud?’ Instead, it’s ‘Now
that I’m in the cloud, how
do I make sure I’ve
optimized my
investment and risk
exposure?”2
“By 2020 clouds will stop
being referred to as
‘public’ and ‘private’. It
will simply be the way
business is done and IT
is provisioned.”3
1Gartner: Smarter with Gartner, Why a No-Cloud Policy Will Become Extinct, February 2, 2016
2KPMG: 2014 Cloud Survey Report, Elevating business in the cloud, December 10, 2014
3IDC: IDC Market Spotlight, Cloud Definitions and Opportunity, April 2015
>90% of Fortune 500 use
Microsoft Cloud
Azure solutions
Dev/Test
SAP on Azure
Internet of Things
RedHat on Azure
BI + analytics
Big data & data
warehouse
Backup, Archive, DR
High performance computing
Internal business
apps
Customer facing apps
Dev/Test
Huge infrastructure scale is the enabler 24 Regions Worldwide, 22 ONLINE…huge capacity around the world…growing every year
30 Regions Worldwide, 22 Online
100+ datacenters
Top 3 networks in the world
2.5x AWS, 7x Google DC Regions
Operational
Announced/Not Operational
Central US
Iowa
West US
California
North Europe
Ireland
East US
Virginia
East US 2
Virginia US Gov
Virginia
North Central US
Illinois
US Gov
Iowa
South Central US
Texas
Brazil South
Sao Paulo
West Europe
Netherlands
China North *
Beijing
China South *
Shanghai
Japan East
Saitama
Japan West
Osaka
India South
Chennai
East Asia
Hong Kong
SE Asia
Singapore
Australia South East
Victoria
Australia East
New South Wales
* Operated by 21Vianet
India Central
Pune
Canada East
Quebec City
Canada Central
Toronto
India West
Mumbai
Broadly Applicable
United States
Government
Industry Specific
Region/Country
Specific
Microsoft Cloud Compliance Certifications and Attestations Sept 2016
"Microsoft’s comprehensive hybrid
story, which spans applications and
platforms as well as infrastructure, is
highly attractive to many companies,
drawing them towards the cloud in
general.”
LYDIA LEONG, GARTNER
Industry validation
Microsoft Leads Everywhere…
Public Cloud IaaS (May 2015) Cloud Storage (June 2015) Enterprise App PaaS (Jan 2014) Operational DBMS Systems (Oct 2015)
X86 Server Virt (July 2015)
!
EXPERIENCE
• 1M+ Corporate Machines protected by enterprise IT security
• Multi-platform Cloud-first hybrid enterprise
• Decades of experience as a global enterprise
• Runs on Azure same multi-tenant Azure environment as you
EXPERTISE
• Development Security Security Development Lifecycle (SDL) - ISO/IEC 27034-1
• Operational Security Hyper-scale cloud services
• Combatting Cybercrime partnering with law enforcement
• Incident Investigation and recovery for customers
Visibility
Expertise Experience
Context
VISIBILITY & CONTEXT
1 billion customers across enterprise and consumer segments
200+ cloud services
Apps and Data
SaaS
MICROSOFT PROTECTING YOU
Malware Protection
Center Hunting Teams Security Response Center
Device
CERTs and
other partners
Infrastructure
Antivirus Network
PaaS IaaS
Identity
INTELLIGENT SECURITY GRAPH
Cyber Defense
Operations Center Law Enforcement
Digital Crimes Unit
Active Cyber Threat Map
Slovenia Top 25 Cities by Threat, 9- 15 January, 2017
Best for my Organization Platform.
Microsoft Confidential
Microsoft manages
Customer manages (shared responsibility to protect)
Customer or Microsoft manages
Data Governance and Rights Management
Client End-points
Account and Access Management
Identity and Directory Infrastructure
Application
Network Controls
Operating System
Physical Hosts
Physical Network
Physical Datacenter
Security
Privacy and Control
Compliance
Transparency
SaaS
PaaS
IaaS
On-Prem
Reliability / Availability
Assurance
in Cloud
Enabled
World
Internet of Things Unmanaged & Mobile Clients
Sensitive Workloads
Cybersecurity Reference Architecture
Extranet
Azure Key Vault
Azure Security Center • Threat Protection • Threat Detection
System Center Configuration Manager + Intune
Microsoft Azure
On Premises Datacenter(s)
NGFW
Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR)
Colocation
$
EPP - Windows Defender
EDR - Windows Defender ATP Mac OS
Multi-Factor Authentication
MIM PAM Azure App Gateway
Network Security Groups
Azure AD PIM
Azure Antimalware
Disk & Storage Encryption
SQL Encryption & Firewall
Hello for Business
Windows Info Protection
Enterprise Servers
VPN
VPN
VMs VMs
Certification Authority (PKI)
Incident
Response
Vulnerability
Management
Enterprise Threat
Detection
Analytics Managed
Security Provider OMS
ATA
SIEM
Security Operations
Center (SOC)
Logs & Analytics Active Threat Detection
Hunting Teams
Investigation and Recovery
WEF
SIEM Integration
IoT
Identity &
Access UEBA
Windows 10 Windows 10 Security
• Secure Boot • Device Guard • Application Guard • Credential Guard • Windows Hello
Managed Clients
Windows Server 2016 Security Shielded VMs, Device Guard, Credential Guard, Just Enough Admin, Hyper-V Containers, Nano server, …
Software as a Service
ATA
Privileged Access Workstations (PAWs)
• Device Health
Attestation • Remote
Credential Guard
Intune MDM/MAM
Conditional Access
Cloud App Security
Azure Information
Protection (AIP) • Classify • Label • Protect • Report
Office 365 DLP
Endpoint DLP
Structured Data & 3rd party Apps
DDoS attack mitigation
Cla
ssif
icat
ion
Lab
els
ASM
Lockbox
Office 365
Information
Protection
Legacy Windows
Backup and Site Recovery
Shielded VMs
Domain Controllers
Office 365 ATP • Email Gateway • Anti-malware
Hold Your Own Key (HYOK)
ESAE Admin Forest
PADS
80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013)
IPS
Edge DLP
SSL Proxy
Security Development Lifecycle (SDL)
Azure AD Identity Protection
Security Appliances