Today s top THREAT ACTORS pose unique challenges

Size: px
Start display at page:

Download "Today s top THREAT ACTORS pose unique challenges"

Transcription

1

2 Today s top THREAT ACTORS pose unique challenges An effective strategy must respond to a broad range of continually evolving attack types CYBERCRIMINALS NATION-STATE HACKTIVISTS INSIDERS FINANCIAL Persistent presence Professional execution Ransomware ESPIONAGE Near-unlimited resources Sophistication Legal autonomy POLITICAL Shape/influence opinions Undermine trust OPPORTUNISTIC Access to IT environment Trusted to access sensitive info Attack Vectors SOCIAL ENGINEERING PHISHING IDENTITY SPOOFING MALWARE SUPPLY CHAIN INSERTION MAN-IN-THE- MIDDLE DENIAL OF SERVICE

3 46% 99.9% 23% 50%

4 PROTECT Defense-in-Depth Monitoring and controls Identity and Access management Proper hygiene Security Development Lifecycle Data encryption Microsoft Security posture DETECT Extensive signal fabric Cloud scale intelligence Machine learning Behavioral monitoring RESPOND Closing the gap between discovery and action

5

6 Responsibility SaaS PaaS IaaS On-prem Data governance & rights management Client endpoints Account & access management Identity & directory infrastructure Application Network controls Operating system Physical hosts Physical network Physical datacenter Microsoft Customer

7

8 Transparency Know where your data is stored. Understand who has access your data and under what circumstances. Monitor the state of your service, get historic view of uptime. Integrate security events feeds into your company security dashboard. Gain insight with access to service dashboards & operational reporting.

9 Privacy Customer is the owner of their data We do not mine customer data for advertising purposes Privacy controls enable you to configure your company privacy policies Microsoft advocates for data privacy on behalf of customers Microsoft safeguards customer data with strong contractual commitments

10 Operational security Physical security with 24-hour monitoring and multi-factor authentication Admin background checks Zero-standing access to data Data encryption at-rest and in-transit Red team / Blue team penetration testing and incident response practice Product development using Security Development Lifecycle Bug bounty program to identify vulnerabilities

11 Safeguarding your data Identify, label, classify, set policies to help protect information. Encrypt your data and restrict access using Azure Information Protection. Safeguard information with Data Loss Prevention. Get visibility into and improve your security position with Secure Score Restrict unauthorized data sharing across apps with MAM. Prevent data leaks with support for Windows Information Protection. Manage data on devices through built-in MDM. Securely communicate with customers using Message Encryption.

12 Compliance Meet compliance obligations for data access with Customer Lockbox. Monitor and investigate events related to your data with full audit tracking. Reduced cost and risk with in-place intelligent Advanced ediscovery. Efficiently perform risk assessment with Service Assurance. Manage data retention with Advanced Data Governance.

13 100+ datacenters One of 3 largest networks in the world 1 China datacenters operated by 21 Vianet 2 German data trustee services provided by T-systems 3 France, South Korea and US Gov datacenter regions have been announced but are not currently operational Global datacenters Sovereign datacenters

14 Operational security Strategy: Employ risk-based, multi-dimensional approach to safeguarding services and data Security Monitoring and Response Data & Keys User Application Host System Internal Network Network Perimeter Facility Data Protection Access control, encryption, key management Admin Access Identity management, dual-factor authentication, training and awareness, screening, Least and Temporary Privilege Application Security Access control, monitoring, antimalware, vulnerability scanning, patch and configuration management Host Protection Access control, monitoring, antimalware, vulnerability scanning, patch and configuration management Network Security Segmentation, intrusion detection, vulnerability scanning Network Security Edge ACLs, DOS, intrusion detection, vulnerability scanning Physical Security Physical controls, video surveillance, access control Threat Intelligence Feed 14

15 15 Physical security of datacenters Barriers Fencing Perimeter Seismic bracing Security operations center 24X7 security staff Days of backup power Building Cameras Alarms Two-factor access control: Biometric readers & card readers Computer room

16 Control: Encryption with customer control Data in transit between a user and the service Data in transit between data centers Data at rest End-to-end encryption of communications between users

17 Transparency and control: running the service Most operations are automated

18 Customer Lockbox Meet Compliance Needs Customer Lockbox can help customers meet compliance obligations by demonstrating that they have procedures in place for explicit data access authorization Extended access Control Use Customer Lockbox to control access to customer content for service operations Visibility into actions Actions taken by Microsoft engineers in response to Customer Lockbox requests are logged and accessible via the Management Activity API and the Security and Compliance Center Submits request Microsoft Approved Customer Approved Customer Microsoft Engineer Lockbox system Microsoft Manager Microsoft Customer Engineer

19

20 THE MICROSOFT DIGITAL CRIMES UNIT International team of attorneys, investigators, data scientists, engineers, analysts and business professionals Combines novel legal strategies, cutting-edge forensics, cloud and big data to transform the ongoing fight against digital crime Investigates Technical Support Scams internationally, building evidence to drive civil actions and criminal referrals PhotoDNA tool detects millions of illegal child exploitation images online Drives malware disruptions in partnership with law enforcement and the private sector resulting in intelligence leveraged to notify and clean victim devices Leads strategic enforcement targeting criminal organizations distributing stolen products keys and unlicensed software to protect customers

21 These challenges require a UNIFIED RESPONSE

22 Microsoft CYBER DEFENSE OPERATIONS CENTER Centralized hub for cybersecurity and defense; uniting personnel, technology, and analytics 24 x 7 x 365 protection of Microsoft s cloud infrastructure, customer-facing cloud services, products and devices, and internal resources 50+ Security experts and Data scientists Connected to security professionals across Microsoft Closed-loop engineering: discoveries inform Security Development Lifecycle (SDL), Microsoft Research and drives better protection in products and cloud services

23

24

25 Intelligent Security Graph Industry Partners Antivirus Network INTELLIGENT SECURITY GRAPH CERTs Cyber Defense Operations Center Malware Protection Center Cyber Hunting Teams Security Response Center Digital Crimes Unit PaaS IaaS SaaS Identity Apps and Data Infrastructure Device

26 IF THEN Privileged user? Credentials found in public? Accessing sensitive app? Unmanaged device? Malware detected? IP detected in Botnet? Impossible travel? Anonymous client? User risk High Medium Low Session risk High Medium Low Allow access Require MFA ****** Limit access Force password reset Deny access

27 Common Identity Integrated Management and Security Consistent Data Platform Unified Development and DevOps

28 Common Identity Integrated Management and Security Consistent Data Platform Unified Development and DevOps

29 Platform Services Security & Management Portal Active Directory Cloud Services Batch Service Fabric Remote App Web Apps Mobile Apps API Apps Logic Apps API Management Notification Hubs Visual Studio Team Project Azure SDK Application Insights Hybrid Operations Azure AD Connect Health AD Privileged Identity Management Multi-Factor Authentication Backup Automation Storage Queues Biztalk Services HDInsight Machine Learning SQL Database SQL Data Warehouse Operational Insights Key Vault Hybrid Connections Service Bus Data Factory Event Hubs Redis Cache Search Import/Export Store / Marketplace VM Image Gallery & VM Depot Media Services Content Delivery Network (CDN) Stream Analytics Mobile Engagement DocumentDB Tables Site Recovery StorSimple Infrastructure Services

30 Azure has the deepest and most comprehensive compliance coverage in the industry GLOBAL ISO ISO ISO ISO ISO 9001 SOC 1 Type 2 SOC 2 Type 2 SOC 3 CSA STAR Self-Assessment CSA STAR Certification CSA STAR Attestation US GOV Moderate JAB P-ATO High JAB P-ATO DoD DISA SRG Level 2 DoD DISA SRG Level 4 DoD DISA SRG Level 5 SP FIPS Section 508 VPAT ITAR CJIS IRS 1075 INDUSTRY PCI DSS Level 1 CDSA MPAA FACT UK Shared Assessments FISC Japan HIPAA / HITECH Act HITRUST GxP 21 CFR Part 11 MARS-E IG Toolkit UK FERPA GLBA FFIEC REGIONAL Argentina PDPA EU Model Clauses UK G-Cloud China DJCP China GB China TRUCS Singapore MTCS Australia IRAP/CCSL New Zealand GCIO Japan My Number Act ENISA IAF Japan CS Mark Gold Spain ENS Spain DPA India MeitY Canada Privacy Laws Privacy Shield Germany IT Grundschutz workbook

31

32 Thank You!

Accelerate GDPR compliance with the Microsoft Cloud Ole Tom Seierstad National Security Officer Microsoft Norway

Accelerate GDPR compliance with the Microsoft Cloud Ole Tom Seierstad National Security Officer Microsoft Norway Accelerate GDPR compliance with the Microsoft Cloud Ole Tom Seierstad National Security Officer Microsoft Norway This presentation is intended to provide an overview of GDPR and is not a definitive statement

More information

Morgan Independent Software Vendor Lead

Morgan Independent Software Vendor Lead Morgan Webb @morgan_msft Independent Software Vendor Lead Digital transformation Hybrid Cloud Platform Choice Global: Hyper-scale, globally connected cloud services deployed from regional Microsoft datacenters.

More information

U susret GDPR regulativi Dočekajmo spremni Maj 2018

U susret GDPR regulativi Dočekajmo spremni Maj 2018 U susret GDPR regulativi Dočekajmo spremni Maj 2018 Dragan Tasić Technology Solutions Professional This presentation is intended to provide an overview of GDPR and is not a definitive statement of the

More information

By 2020, a corporate no-cloud policy will be as rare as a no-internet policy is today. 1

By 2020, a corporate no-cloud policy will be as rare as a no-internet policy is today. 1 By 2020, a corporate no-cloud policy will be as rare as a no-internet policy is today. 1 The question is no longer: How do I move to the cloud? Instead, it s Now that I m in the cloud, how do I make sure

More information

This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.

This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law. Privacy, Trust, and the General Data Protection Regulation (GDPR) Robertas Tamosaitis Microsoft Business Solution Sales Specialist E-mail: rtamosa@microsoft.com This presentation is intended to provide

More information

Microsoft 365 Das modern Büro der Zukunft

Microsoft 365 Das modern Büro der Zukunft Microsoft 365 Das modern Büro der Zukunft DI. Harald Leitenmüller Chief Technology Officer 3. Digital Business Forum, 14. Sept. 2017 Microsoft Österreich GmbH. Cloud Principles Standardisierung Automatisierung

More information

Closing Keynote: Addressing Data Privacy and GDPR on Microsoft Data Platform Technologies. Ronit Reger, Senior Program Manager at Microsoft

Closing Keynote: Addressing Data Privacy and GDPR on Microsoft Data Platform Technologies. Ronit Reger, Senior Program Manager at Microsoft Closing Keynote: Addressing Data Privacy and GDPR on Microsoft Data Platform Technologies Ronit Reger, Senior Program Manager at Microsoft Session goals 1. Data Privacy and the GDPR - Data privacy as a

More information

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law. Businesses and users are

More information

Our Mission. Empower every person and every organization on the planet to achieve more.

Our Mission. Empower every person and every organization on the planet to achieve more. #techsummitch Our Mission Empower every person and every organization on the planet to achieve more. Innovation, Security, and Education Microsoft s investment in Switzerland David Kurth Cloud + Enterprise

More information

Kimberly Nelson Executive Director Government Solutions US SLG. March 2017

Kimberly Nelson Executive Director Government Solutions US SLG. March 2017 Kimberly Nelson Executive Director Government Solutions US SLG March 2017 We will always be partner led. Satya Nadella Fourth industrial revolution Gartner s Digital Maturity Model for Government

More information

What is Dell EMC Cloud for Microsoft Azure Stack?

What is Dell EMC Cloud for Microsoft Azure Stack? What is Dell EMC Cloud for Microsoft Azure Stack? Harry Meier GLOBAL SPONSORS Why Hybrid Cloud? The Trend Toward Hybrid Cloud Larger circles = most cost and complexity IDC 2016 Hybrid cloud is now % 9

More information

Avanade Zerouno : Cloud Experience. Version 1.0 May 16, 2017 Author(s): Ivan Loreti

Avanade Zerouno : Cloud Experience. Version 1.0 May 16, 2017 Author(s): Ivan Loreti Avanade Zerouno : Cloud Experience Version 1.0 May 16, 2017 Author(s): Ivan Loreti Cloud s opportunities range beyond IT The Intelligent Business Cloud enables the digital business Smartly connects infrastructure,

More information

Microsoft Azure. The cloud platform for digital transformation

Microsoft Azure. The cloud platform for digital transformation Microsoft Azure The cloud platform for digital transformation What is Microsoft Azure Microsoft Azure is Microsoft s cloud computing platform Azure is a comprehensive set of cloud services that developers

More information

Klaus Schwab, Founder & Executive Chairman

Klaus Schwab, Founder & Executive Chairman "We stand on the brink of a technological revolution that will fundamentally alter the way we live, work, and relate to one another. In its scale, scope, and complexity, the transformation will be unlike

More information

Accelerate GDPR compliance with the Microsoft Cloud

Accelerate GDPR compliance with the Microsoft Cloud Accelerate GDPR compliance with the Microsoft Cloud Michal Jaworski National Technology Officer Microsoft Poland This presentation is intended to provide an overview of GDPR and is not a definitive statement

More information

Compliance & Security in Azure. April 21, 2018

Compliance & Security in Azure. April 21, 2018 Compliance & Security in Azure April 21, 2018 Presenter Bio Jeff Gainer, CISSP Senior Information Security & Risk Management Consultant Senior Security Architect Have conducted multiple Third-Party risk

More information

QBS Talks. June GDPR a Microsoft perspective Ole Kjeldsen, CTO Microsoft DK

QBS Talks. June GDPR a Microsoft perspective Ole Kjeldsen, CTO Microsoft DK QBS Talks June 26 2017 GDPR a Microsoft perspective Ole Kjeldsen, CTO Microsoft DK House rules: All participants are on mute Use the chat window for questions during presentation moderator will collect

More information

Hyper scale Infrastructure is the enabler

Hyper scale Infrastructure is the enabler Hyper scale Infrastructure is the enabler 100+ Datacenters across 34 Regions Worldwide US DoD West TBD US Gov Iowa West US California Central US Iowa South Central US Texas North Central US Illinois Canada

More information

COMPLIANCE IN THE CLOUD

COMPLIANCE IN THE CLOUD COMPLIANCE IN THE CLOUD 3:45-4:30PM Scott Edwards, President, Summit 7 Dave Harris Society for International Affairs COMPLIANCE IN THE CLOUD Scott Edwards scott.edwards@summit7systems.com 256-541-9638

More information

Dublin* Amsterdam. London

Dublin* Amsterdam. London Onur Dogruoz Chicago Dublin* Amsterdam Korea Central Silicon Valley US DoD West Dallas Atlanta New York Washington DC US DoD East London Korea South Osaka Tokyo Chennai Hong Kong Mumbai* Singapore Sydney

More information

Die intelligente Cloud als Kernelement der IT Transformation. Dr. Bernd Kiupel Business Group Lead Cloud & Enterprise, Microsoft Schweiz

Die intelligente Cloud als Kernelement der IT Transformation. Dr. Bernd Kiupel Business Group Lead Cloud & Enterprise, Microsoft Schweiz Die intelligente Cloud als Kernelement der IT Transformation Dr. Bernd Kiupel Business Group Lead Cloud & Enterprise, Microsoft Schweiz The next strategic opportunity is here Cloud Mobile Social How do

More information

Microsoft + SUSE This partnership gets stronger every day

Microsoft + SUSE This partnership gets stronger every day Microsoft + SUSE This partnership gets stronger every day Johan Sollbe Business Manager, Open Source Azure Microsoft WE THE WORLD HAS CHANGED Forrester: open source will lie at the heart of the applications

More information

Azure: The Cloud On Your Terms. Herns Hermida Cloud and Enterprise Business Lead Microsoft Philippines

Azure: The Cloud On Your Terms. Herns Hermida Cloud and Enterprise Business Lead Microsoft Philippines Azure: The Cloud On Your Terms Herns Hermida Cloud and Enterprise Business Lead Microsoft Philippines hhermida@microsoft.com Business & Government are powered by the cloud Cloud is a given. CIOs no longer

More information

Your vision, your results, your cloud

Your vision, your results, your cloud Your vision, your results, your cloud Engage your customers Transform your products Digital transformation Empower your employees Optimize your operations 1 million/hour new devices coming online by 2020

More information

PostgreSQL & The Cloud

PostgreSQL & The Cloud PostgreSQL & The Cloud Deploying PostgreSQL on Azure Ali Sufyan Butt Microsoft Most Valuable Professional for Visual Studio & Development Technologies Agenda Agenda for the meetup session Introduction

More information

What is Blockchain? Cryptographically Authentic Shared Distributed Ledger. Cryptographically Authentic Each transaction recorded in the database is

What is Blockchain? Cryptographically Authentic Shared Distributed Ledger. Cryptographically Authentic Each transaction recorded in the database is R3 What is Blockchain? Cryptographically Authentic Shared Distributed Ledger. Cryptographically Authentic Each transaction recorded in the database is digitally signed and mathematically guaranteed to

More information

Matt Holden-Milner Richard Willmott

Matt Holden-Milner Richard Willmott Matt Holden-Milner Richard Willmott 1780s 1870s 2015+ 1969-70 s Astonishing Pace of Change Drones 2007 $100,000 2013 $700 Typical Fortune 500 20 3D Printing 2007 $40,000 2014 $100 Google Facebook 6 8

More information

Enterprise Mobility + Security

Enterprise Mobility + Security Enterprise Mobility + Security Assume Breach Identity Data Flexible Workforce 250 million Millions Billions 700 million 40 billion 18+ billion 420 million Millions 35 billion messages/month United Kingdom

More information

Cyber Defense Operations Center

Cyber Defense Operations Center Cyber Defense Operations Center Providing world-class security protection, detection, and response Marek Jedrzejewicz Principal Security Engineering Manager Microsoft Corporation 1 Cybersecurity. In the

More information

Agenda. Future Sessions: Azure VMs, Backup/DR Strategies, Azure Networking, Storage, How to move

Agenda. Future Sessions: Azure VMs, Backup/DR Strategies, Azure Networking, Storage, How to move Onur Dogruoz Agenda Provide an introduction to Azure Infrastructure as a Service (IaaS) Walk through the Azure portal Help you understand role-based access control Engage in an overview of the calculator

More information

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa Evolution of Cyber Security Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa Nasser.Kettani@microsoft.com @nkettani MODERN SECURITY THREATS THERE ARE TWO KINDS OF BIG COMPANIES:

More information

Azure Everywhere. Brandon Murray, Cami Williams, David Haver, Kevin Carter, Russ Henderson

Azure Everywhere. Brandon Murray, Cami Williams, David Haver, Kevin Carter, Russ Henderson Azure Everywhere Brandon Murray, Cami Williams, David Haver, Kevin Carter, Russ Henderson Agenda Azure Everywhere Workshop Brief Overview of Azure Azure Infrastructure Azure DevOps SQL in Azure SharePoint

More information

Your vision. Your cloud.

Your vision. Your cloud. Your vision. Your cloud. John F. Schaller Azure Solutions Specialist Optimized Data Center Cloud Attributes Consolidated Managed Virtualized Cost Efficient Pooled resources Automation + Self-service Elasticity

More information

Security & Compliance in the AWS Cloud. Amazon Web Services

Security & Compliance in the AWS Cloud. Amazon Web Services Security & Compliance in the AWS Cloud Amazon Web Services Our Culture Simple Security Controls Job Zero AWS Pace of Innovation AWS has been continually expanding its services to support virtually any

More information

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web Security & Compliance in the AWS Cloud Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web Services @awscloud www.cloudsec.com #CLOUDSEC Security & Compliance in the AWS Cloud TECHNICAL & BUSINESS

More information

CAN MICROSOFT HELP MEET THE GDPR

CAN MICROSOFT HELP MEET THE GDPR CAN MICROSOFT HELP MEET THE GDPR REQUIREMENTS? Danny Uytgeerts Microsoft 365 TSP / P-Seller Privacy Consultant (certified DPO) Member of DPO-Pro (Professional association of Belgian DPOs) danny.uytgeerts@realdolmen.com

More information

Amit Panchal Enterprise Technology Strategist

Amit Panchal Enterprise Technology Strategist Amit Panchal Enterprise Technology Strategist amitp@microsoft.com Who is Amit Panchal IT Industry Personal Education Executive Experience MORE DEVICES I love my PC, my phone, and my slate. MORE MOBILE

More information

About vlad.tomsa@microsoft.com Features: Safeguards Against: Hardcoded Locations Hardcoded storage endpoints API versions available on Azure Stack Resource types unsupported on Azure Stack Referenced

More information

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below

More information

Building Cloud Trust. Ioannis Stavrinides. Technical Evangelist MS Cyprus

Building Cloud Trust. Ioannis Stavrinides. Technical Evangelist MS Cyprus Building Cloud Trust Ioannis Stavrinides Technical Evangelist MS Cyprus If you re resisting the cloud because of security concerns, you re running out of excuses. The question is no longer: How do I move

More information

locuz.com SOC Services

locuz.com SOC Services locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security

More information

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops. George Gerchow, Sumo Logic Chief Information Security Officer Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops. Agenda Sumo Security

More information

Verasys Enterprise Security and IT Guide

Verasys Enterprise Security and IT Guide Verasys Enterprise Johnson Controls Milwaukee WI, USA www.verasyscontrols.com LIT-12013026 March 2018 Contents Introduction... 3 Microsoft Azure security and privacy... 5 Security... 5 Privacy...5 Compliance...5

More information

Open Source Tools as a platform for research on Microsoft Azure

Open Source Tools as a platform for research on Microsoft Azure Open Source Tools as a platform for research on Microsoft Azure Alessandro Jannuzi Open Source Lead Microsoft Brasil Jaime Puente Director Microsoft Research Azure, Microsoft Cloud Platform 24 Regions

More information

#techsummitch

#techsummitch www.thomasmaurer.ch #techsummitch Justin Incarnato Justin Incarnato Microsoft Principal PM - Azure Stack Hyper-scale Hybrid Power of Azure in your datacenter Azure Stack Enterprise-proven On-premises

More information

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES To Secure Azure and Hybrid Cloud Environments Introduction Cloud is at the core of every successful digital transformation initiative. With cloud comes new

More information

Cybersecurity The Evolving Landscape

Cybersecurity The Evolving Landscape Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG

More information

No Country for Old Security Compliance in the Cloud. Joel Sloss, CDSA Board of Directors May 2017

No Country for Old Security Compliance in the Cloud. Joel Sloss, CDSA Board of Directors May 2017 No Country for Old Security Compliance in the Cloud Joel Sloss, CDSA Board of Directors May 2017 Emerging Threats Specific/sequential targeting Effective reconnaissance Practiced tool usage Sophisticated

More information

SECURITY & PRIVACY DOCUMENTATION

SECURITY & PRIVACY DOCUMENTATION Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive

More information

TRACKVIA SECURITY OVERVIEW

TRACKVIA SECURITY OVERVIEW TRACKVIA SECURITY OVERVIEW TrackVia s customers rely on our service for many mission-critical applications, as well as for applications that have various compliance and regulatory obligations. At all times

More information

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing

More information

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος Providing clarity and consistency for the protection of personal data The General

More information

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being

More information

Microsoft Azure: Using the Public Cloud to solve the Big Questions

Microsoft Azure: Using the Public Cloud to solve the Big Questions Microsoft Azure: Using the Public Cloud to solve the Big Questions Kent Altena Global Black Belt TSP, Big Compute Microsoft kaltena@microsoft.com http://microsoft.com/hpc Introduction to Azure Hyper-scale

More information

Google Cloud & the General Data Protection Regulation (GDPR)

Google Cloud & the General Data Protection Regulation (GDPR) Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to

More information

Sage Data Security Services Directory

Sage Data Security Services Directory Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time

More information

Cloud Customer Architecture for Securing Workloads on Cloud Services

Cloud Customer Architecture for Securing Workloads on Cloud Services Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,

More information

Hosted Azure for your business. Build virtual servers, deploy with flexibility, and reduce your hardware costs with a managed cloud solution.

Hosted Azure for your business. Build virtual servers, deploy with flexibility, and reduce your hardware costs with a managed cloud solution. Hosted Azure for your business Build virtual servers, deploy with flexibility, and reduce your hardware costs with a managed cloud solution. Azure is approximately 50 percent cheaper than other cloud services

More information

Microsoft Azure Security, Privacy, & Compliance

Microsoft Azure Security, Privacy, & Compliance Security, Privacy, & Compliance Andreas Grigull Geschäftsentwicklung Assekuranz Installation von 2000 Servern in 3 Stunden Technology trends: driving cloud adoption BENEFITS Speed Scale Economics Cloud

More information

QuickBooks Online Security White Paper July 2017

QuickBooks Online Security White Paper July 2017 QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a

More information

App Service Overview. Rand Pagels Azure Technical Specialist - Application Development US Great Lakes Region

App Service Overview. Rand Pagels Azure Technical Specialist - Application Development US Great Lakes Region App Service Overview Quickly create powerful cloud apps using a fully-managed platform Rand Pagels Azure Technical Specialist - Application Development US Great Lakes Region Security & Management Platform

More information

Kontejneri u Azureu uz pomoć Kubernetesa što i kako? Tomislav Tipurić Partner Technology Strategist Microsoft

Kontejneri u Azureu uz pomoć Kubernetesa što i kako? Tomislav Tipurić Partner Technology Strategist Microsoft Kontejneri u Azureu uz pomoć Kubernetesa što i kako? Tomislav Tipurić Partner Technology Strategist Microsoft Source: Softpedia Credits: James Niccolai A decade ago no one could have seen this coming.

More information

Twilio cloud communications SECURITY

Twilio cloud communications SECURITY WHITEPAPER Twilio cloud communications SECURITY From the world s largest public companies to early-stage startups, people rely on Twilio s cloud communications platform to exchange millions of calls and

More information

Watson Developer Cloud Security Overview

Watson Developer Cloud Security Overview Watson Developer Cloud Security Overview Introduction This document provides a high-level overview of the measures and safeguards that IBM implements to protect and separate data between customers for

More information

The growing global data platform market

The growing global data platform market OSS DB on Azure The growing global data platform market Global Data Platform Market is growing at 11.2% CAGR 120.0 106.9 Growth is expected to exceed $100B in FY22 Primary growth is driven by relational

More information

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction Cybersecurity Risk Mitigation: Protect Your Member Data Presented by Matt Mitchell, CISSP Knowledge Consulting Group Introduction Matt Mitchell- Director Risk Assurance 17 years information security experience

More information

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government

More information

the SWIFT Customer Security

the SWIFT Customer Security TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This

More information

Herausforderungen und Lösungen um Devices mit der Cloud zu verbinden. 14. Dezember 2017, München Oliver Niedung

Herausforderungen und Lösungen um Devices mit der Cloud zu verbinden. 14. Dezember 2017, München Oliver Niedung Herausforderungen und Lösungen um Devices mit der Cloud zu verbinden 14. Dezember 2017, München Oliver Niedung olivern@microsoft.com Herausforderungen - Gerätekonnektivität Geschäftsmodell Referenzarchitektur

More information

Vishesh Oberoi Seth Reid Technical Evangelist, Microsoft Software Developer, Intergen

Vishesh Oberoi Seth Reid Technical Evangelist, Microsoft Software Developer, Intergen Vishesh Oberoi Technical Evangelist, Microsoft VishO@microsoft.com @ovishesh Seth Reid Software Developer, Intergen contact@sethreid.co.nz @sethreidnz Vishesh Oberoi Technical Evangelist, Microsoft VishO@microsoft.com

More information

How do you decide what s best for you?

How do you decide what s best for you? How do you decide what s best for you? Experience Transparency Leadership Commitment Cost reduction Security Trustworthiness Credibility Confidence Reliability Compliance Privacy Expertise Flexibility

More information

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches

More information

The Common Controls Framework BY ADOBE

The Common Controls Framework BY ADOBE The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.

More information

Identity & Access Management

Identity & Access Management Identity & Access Management THE PROBLEM: HOW DO WE ENABLE PRODUCTIVITY WITHOUT COMPROMISING SECURITY? S E C U R I T Y OR P R O D U C T I V I T Y On-premises THE PROBLEM: HOW DO WE ENABLE PRODUCTIVITY

More information

Targeted Attacks. Identitycentric. Compliance. Cloud BYOD

Targeted Attacks. Identitycentric. Compliance. Cloud BYOD BYOD Cloud Compliance Targeted Attacks Identitycentric The privacy and security environment is becoming more complicated, more risky and more regulated every day, and is having a substantial impact on

More information

Riverbed Xirrus Cloud Processes and Data Privacy June 19, 2018

Riverbed Xirrus Cloud Processes and Data Privacy June 19, 2018 Riverbed Xirrus Cloud Processes and Data Privacy June 19, 2018 PURPOSE OF THIS DOCUMENT... 2 DATA CENTER PROCESSES... 2 Physical and Environmental Security... 2 Resiliency and Redundancy... 2 Network Security...

More information

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS 10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND

More information

Managing SaaS risks for cloud customers

Managing SaaS risks for cloud customers Managing SaaS risks for cloud customers Information Security Summit 2016 September 13, 2016 Ronald Tse Founder & CEO, Ribose For every IaaS/PaaS, there are 100s of SaaS PROBLEM SaaS spending is almost

More information

Architecting Microsoft Azure Solutions (proposed exam 535)

Architecting Microsoft Azure Solutions (proposed exam 535) Architecting Microsoft Azure Solutions (proposed exam 535) IMPORTANT: Significant changes are in progress for exam 534 and its content. As a result, we are retiring this exam on December 31, 2017, and

More information

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview IBM Watson on the IBM Cloud Security Overview Introduction IBM Watson on the IBM Cloud helps to transform businesses, enhancing competitive advantage and disrupting industries by unlocking the potential

More information

OFFICE 365 GOVERNANCE: Top FAQ s & Best Practices. Internal Audit, Risk, Business & Technology Consulting

OFFICE 365 GOVERNANCE: Top FAQ s & Best Practices. Internal Audit, Risk, Business & Technology Consulting OFFICE 365 GOVERNANCE: Top FAQ s & Best Practices Internal Audit, Risk, Business & Technology Consulting CLOUD ADOPTION Business demands faster, more agile and less costly solutions to achieve digital

More information

Altius IT Policy Collection Compliance and Standards Matrix

Altius IT Policy Collection Compliance and Standards Matrix Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions

More information

Microsoft Azure Stack Hybrid Cloud. The Modern System Architecture

Microsoft Azure Stack Hybrid Cloud. The Modern System Architecture Microsoft & itnetx 2017 Microsoft Azure Stack Hybrid Cloud. The Modern System Architecture Uwe Lüthy PTS at Microsoft www.microsoft.com Thomas Maurer Solution Architect at itnetx Microsoft MVP / P-TSP

More information

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1 Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com

More information

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City 1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the

More information

Azure Webinar. Resilient Solutions March Sander van den Hoven Principal Technical Evangelist Microsoft

Azure Webinar. Resilient Solutions March Sander van den Hoven Principal Technical Evangelist Microsoft Azure Webinar Resilient Solutions March 2017 Sander van den Hoven Principal Technical Evangelist Microsoft DX @svandenhoven 1 What is resilience? Client Client API FrontEnd Client Client Client Loadbalancer

More information

Cloud Models. SaaS. PaaS. IaaS. Traditional. You Manage. You Manage. Managed by Microsoft. Managed by Microsoft. You Manage. Managed by Microsoft

Cloud Models. SaaS. PaaS. IaaS. Traditional. You Manage. You Manage. Managed by Microsoft. Managed by Microsoft. You Manage. Managed by Microsoft You Manage You Manage You Manage Cloud Models Traditional IaaS PaaS SaaS Applications Applications Applications Applications Data Data Data Data Runtime Middleware Operating System Virtualization Servers

More information

Critical Hygiene for Preventing Major Breaches

Critical Hygiene for Preventing Major Breaches SESSION ID: CXO-F02 Critical Hygiene for Preventing Major Breaches Jonathan Trull Microsoft Enterprise Cybersecurity Group @jonathantrull Tony Sager Center for Internet Security @CISecurity Mark Simos

More information

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW: SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,

More information

Microsoft 365. A complete, intelligent, secure solution to empower employees. Integrated for simplicity. Built for teamwork. Unlocks creativity

Microsoft 365. A complete, intelligent, secure solution to empower employees. Integrated for simplicity. Built for teamwork. Unlocks creativity 2x 50% 5x Microsoft 365 A complete, intelligent, secure solution to empower employees Unlocks creativity Built for teamwork Integrated for simplicity Intelligent security Inner Loop Files Sites Content

More information

Keys to a more secure data environment

Keys to a more secure data environment Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting

More information

Cyber Security Technologies

Cyber Security Technologies 1 / Cyber Security Technologies International Seminar on Cyber Security: An Action to Establish the National Cyber Security Center Lisbon, 12 th September 2013 23 / Key highlights - Thales Group Thales

More information

Altius IT Policy Collection Compliance and Standards Matrix

Altius IT Policy Collection Compliance and Standards Matrix Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions

More information

Cloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com

Cloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com Cloud Computing Faculty of Information Systems Duc.NHM nhmduc.wordpress.com Evaluating Cloud Security: An Information Security Framework Chapter 6 Cloud Computing Duc.NHM 2 1 Evaluating Cloud Security

More information

Cloud-Based Data Security

Cloud-Based Data Security White Paper Cloud-Based Data Security SaaS-built Galileo collects and analyzes customized performance data efficiently, on-demand, via a secure Internet connection. About Galileo Created by the ATS Group,

More information

Azure File Sync. Webinaari

Azure File Sync. Webinaari Azure File Sync Webinaari 12.3.2018 Agenda Why use Azure? Moving to the Cloud Azure Storage Backup and Recovery Azure File Sync Demo Q&A What is Azure? A collection of cloud services from Microsoft that

More information

Carbon Black PCI Compliance Mapping Checklist

Carbon Black PCI Compliance Mapping Checklist Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and

More information

Data Security and Privacy at Handshake

Data Security and Privacy at Handshake Data Security and Privacy at Handshake Introduction 3 A Culture of Security 3 Employee Background Checks 3 Dedicated Security and Privacy Teams 3 Ongoing Team Training 4 Compliance 4 FERPA 4 GDPR 4 Security

More information

Security+ SY0-501 Study Guide Table of Contents

Security+ SY0-501 Study Guide Table of Contents Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators

More information

University of Pittsburgh Security Assessment Questionnaire (v1.7)

University of Pittsburgh Security Assessment Questionnaire (v1.7) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided

More information