Security in The Cloud Hardware assurances | Cloud-enabled visibility | Current Threat Prioritization

Marko Kavčič, CISA, preizkušeni revizor informacijskih sistemov

(makavcic@microsoft.com)

Committed to security

Microsoft spends $1B+ on security R&D every year

“By 2020, a corporate

‘no-cloud’ policy will be

as rare as a ‘no-internet’

policy is today.”1

“The question is no longer:

‘How do I move to the

cloud?’ Instead, it’s ‘Now

that I’m in the cloud, how

do I make sure I’ve

optimized my

investment and risk

exposure?”2

“By 2020 clouds will stop

being referred to as

‘public’ and ‘private’. It

will simply be the way

business is done and IT

is provisioned.”3

1Gartner: Smarter with Gartner, Why a No-Cloud Policy Will Become Extinct, February 2, 2016

2KPMG: 2014 Cloud Survey Report, Elevating business in the cloud, December 10, 2014

3IDC: IDC Market Spotlight, Cloud Definitions and Opportunity, April 2015

>90% of Fortune 500 use

Microsoft Cloud

Azure solutions

Dev/Test

SAP on Azure

Internet of Things

RedHat on Azure

BI + analytics

Big data & data

warehouse

Backup, Archive, DR

High performance computing

Internal business

apps

Customer facing apps

Dev/Test

Huge infrastructure scale is the enabler 24 Regions Worldwide, 22 ONLINE…huge capacity around the world…growing every year

30 Regions Worldwide, 22 Online

100+ datacenters

Top 3 networks in the world

2.5x AWS, 7x Google DC Regions

Operational

Announced/Not Operational

Central US

Iowa

West US

California

North Europe

Ireland

East US

Virginia

East US 2

Virginia US Gov

Virginia

North Central US

Illinois

US Gov

Iowa

South Central US

Texas

Brazil South

Sao Paulo

West Europe

Netherlands

China North *

Beijing

China South *

Shanghai

Japan East

Saitama

Japan West

Osaka

India South

Chennai

East Asia

Hong Kong

SE Asia

Singapore

Australia South East

Victoria

Australia East

New South Wales

* Operated by 21Vianet

India Central

Pune

Canada East

Quebec City

Canada Central

Toronto

India West

Mumbai

Broadly Applicable

United States

Government

Industry Specific

Region/Country

Specific

Microsoft Cloud Compliance Certifications and Attestations Sept 2016

"Microsoft’s comprehensive hybrid

story, which spans applications and

platforms as well as infrastructure, is

highly attractive to many companies,

drawing them towards the cloud in

general.”

LYDIA LEONG, GARTNER

Industry validation

Microsoft Leads Everywhere…

Public Cloud IaaS (May 2015) Cloud Storage (June 2015) Enterprise App PaaS (Jan 2014) Operational DBMS Systems (Oct 2015)

X86 Server Virt (July 2015)

!

EXPERIENCE

• 1M+ Corporate Machines protected by enterprise IT security

• Multi-platform Cloud-first hybrid enterprise

• Decades of experience as a global enterprise

• Runs on Azure same multi-tenant Azure environment as you

EXPERTISE

• Development Security Security Development Lifecycle (SDL) - ISO/IEC 27034-1

• Operational Security Hyper-scale cloud services

• Combatting Cybercrime partnering with law enforcement

• Incident Investigation and recovery for customers

Visibility

Expertise Experience

Context

VISIBILITY & CONTEXT

1 billion customers across enterprise and consumer segments

200+ cloud services

Apps and Data

SaaS

MICROSOFT PROTECTING YOU

Malware Protection

Center Hunting Teams Security Response Center

Device

CERTs and

other partners

Infrastructure

Antivirus Network

PaaS IaaS

Identity

INTELLIGENT SECURITY GRAPH

Cyber Defense

Operations Center Law Enforcement

Digital Crimes Unit

Active Cyber Threat Map

Slovenia Top 25 Cities by Threat, 9- 15 January, 2017

Best for my Organization Platform.

Microsoft Confidential

Microsoft manages

Customer manages (shared responsibility to protect)

Customer or Microsoft manages

Data Governance and Rights Management

Client End-points

Account and Access Management

Identity and Directory Infrastructure

Application

Network Controls

Operating System

Physical Hosts

Physical Network

Physical Datacenter

Security

Privacy and Control

Compliance

Transparency

SaaS

PaaS

IaaS

On-Prem

Reliability / Availability

Assurance

in Cloud

Enabled

World

Internet of Things Unmanaged & Mobile Clients

Sensitive Workloads

Cybersecurity Reference Architecture

Extranet

Azure Key Vault

Azure Security Center • Threat Protection • Threat Detection

System Center Configuration Manager + Intune

Microsoft Azure

On Premises Datacenter(s)

NGFW

Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR)

Colocation

$

EPP - Windows Defender

EDR - Windows Defender ATP Mac OS

Multi-Factor Authentication

MIM PAM Azure App Gateway

Network Security Groups

Azure AD PIM

Azure Antimalware

Disk & Storage Encryption

SQL Encryption & Firewall

Hello for Business

Windows Info Protection

Enterprise Servers

VPN

VPN

VMs VMs

Certification Authority (PKI)

Incident

Response

Vulnerability

Management

Enterprise Threat

Detection

Analytics Managed

Security Provider OMS

ATA

SIEM

Security Operations

Center (SOC)

Logs & Analytics Active Threat Detection

Hunting Teams

Investigation and Recovery

WEF

SIEM Integration

IoT

Identity &

Access UEBA

Windows 10 Windows 10 Security

• Secure Boot • Device Guard • Application Guard • Credential Guard • Windows Hello

Managed Clients

Windows Server 2016 Security Shielded VMs, Device Guard, Credential Guard, Just Enough Admin, Hyper-V Containers, Nano server, …

Software as a Service

ATA

Privileged Access Workstations (PAWs)

• Device Health

Attestation • Remote

Credential Guard

Intune MDM/MAM

Conditional Access

Cloud App Security

Azure Information

Protection (AIP) • Classify • Label • Protect • Report

Office 365 DLP

Endpoint DLP

Structured Data & 3rd party Apps

DDoS attack mitigation

Cla

ssif

icat

ion

Lab

els

ASM

Lockbox

Office 365

Information

Protection

Legacy Windows

Backup and Site Recovery

Shielded VMs

Domain Controllers

Office 365 ATP • Email Gateway • Anti-malware

Hold Your Own Key (HYOK)

ESAE Admin Forest

PADS

80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013)

IPS

Edge DLP

SSL Proxy

Security Development Lifecycle (SDL)

Azure AD Identity Protection

Security Appliances