Angela McKay Director, Government Security Policy and Strategy Microsoft

Transcription

1 Angela McKay Director, Government Security Policy and Strategy Microsoft

2

3 Demographic Trends: Internet Users in 2005.ru.ca.is.uk.nl.be.no.de.pl.ua.us.fr.es.ch.it.eg.il.sa.jo.tr.qa.ae.kz.cn.tw.kr.jp.mx.co.br.pk.th.ph.ng.in.sg.my.ar.id.au

4 .vn.ve.uz.us.uy.uk.ua.tr.tn.th.tw.ch.se.es.kr.za.si.sk.sg.rs.sa.ru.ro.pt.pl.ph.pe.pk.no.ng.nz.nl.ma.mx.my.mk.lt.lv.ke.kz.jp.it.il.ie.ir.id.in.hu.hk.gt.gr.de.ge.fr.fi.ee.eg.ed.do.dk.cz.hr.cr.co.cn.cl.ca.cm.bg.br.ba.bo.be.by.az.at.au.ar.dz.ae.vn.ve.uz.us.uy.uk.ua.tr.tn.th.tw.ch.se.es.kr.za.si.sk.sg.rs.sa.ru.ro.pt.pl.ph.pe.pk.no.ng.nz.nl.ma.mx.my.mk.lt.lv.ke.kz.jp.it.il.ie.ir.id.in.hu.hk.gt.gr.de.ge.fr.fi.ee.eg.ed.do.dk.cz.hr.cr.co.cn.cl.ca.cm.bg.br.ba.bo.be.by.az.at.au.ar.dz.ae Demographic Trends: Internet Users in 2025

5 Technology Trends 70% of CIOs will embrace a cloud-first strategy in bn Mobile and IoT connected devices become ubiquitous Platform diversity 50x Data volumes surge

6 Third Era of Enterprise IT Every single industry will be digitally remastered. Mark Raskino, VP & Gartner Fellow Era 1: IT Craftsmanship Technology focus Era 2: Industrialization Process focus Era 3: Digitalization Business model focus Today Mobility Social Platform Insights Sporadic automation and innovation; frequent issues Services and solutions; efficiency and effectiveness Digital business innovation; new types of service

7 Cloud as Enabler of Digital Transformation Redesigning business processes Acquiring new customers through new channels Boosting business agility with instant-on capacity Delighting customers with personalized experiences and service Speed 2 weeks to deliver new services vs months with traditional solution Increasing employee productivity with ubiquitous access Instantly scale business for global reach Productivity Social Platform Insights Entering new markets by innovating with digital products and services Instantly scaling to meet demand Case Study: HarperCollins Publishers Scale Scale from 30,000 to 250,000 site visitors instantly Case Study: Autocosmos Converting capital expenses to operating expenses Redeploying IT talent onto more strategic projects Speeding application development Economics 75% less cost compared to on-premises Microsoft Azure BI Team, STMG Proof Points Central

8 Government Transformation Start with a trusted & resilient foundation Leverage economies of scale and expertise Use the cloud to drive future technology uptake Reshape how you engage with citizens Enable more productive work Enable domestic IoT economy 8

9 Economic and Societal Transformation Job Creation through Innovation Democratization of Computing Social Inclusion Increased Agility Cost Savings Security

10

11 Cyber Risk Environment Actors Objectives Actions Impacts Many methods of attack Permissive environment Increasing consequences

12 Escalating Conflict

13 Dependence and Risks Drive Public Policy

14 Governments Roles and Regulatory Pressures 42 Countries with Defensive Capabilities 95 Countries Developing Legislative Initiatives PROTECTOR USER 37 Countries with Declared Offensive Capabilities 54 Countries with National Cybersecurity Strategies Rising International Insecurity Increasing Regulatory Pressure EXPLOITER MONITOR Innovation at Risk

15 Policy Topics at Play

16 Policy Principles Innovative Flexible Data aware Risk based Standards based Transparent

17 Beyond Regulation 243 median # of days attackers are present on a victim network before detection Security Impact of cyber attacks could be as much as $3 trillion in lost productivity and growth is a CEO $3.5M Average cost of a data breach to a company 15 % increase YoY level issue Job security Customer loyalty Implications Brand reputation Intellectual property Civil liability

18 Complexities for the Private Sector in the Digital Age Loss of trust in products and services Complicated response cycles and operational uncertainties Distorted threat models Reciprocity costs from state actions Regulatory costs from dynamic compliance environment

19 Enterprise Risk Management Continuous risk management is the key to advancing persistent security. Innovating in response to attacks and incidents develops and grows sustained capabilities. Cultural adaptation is required in the face of rapidly changing threats.

20 Due Diligence for Cybersecurity Integrated, holistic approach beyond just IT Dedicated staff and budget Governance

21

22 Microsoft Commitment to Cybersecurity We have built a culture of strong privacy principles and leading security practices We invest deeply in building a trustworthy computing platform and security expertise We proactively fight cybercrime and advocate extensively for policies and action that enhance cybersecurity Compliance Risk management Cybersecurity Transparency Governance Advocacy

23 Risk Informed Choice private hybrid public CHOICE Environment operated solely for a single organization; it may be managed by that organization or by a cloud service provider. Public or private environments remain unique entities but are bound together with onpremises ICT by common technology that enables data and application portability. Multi-tenant environments in which cloud service providers own and make available to the general public their cloud infrastructure, including storage and applications. Infrastructure as a Service (IaaS) Platform as a Service (PaaS) Software as a Service (SaaS)

24 Trusted Cloud Principles

25 Synergistic Roles Private Sector ü Manage risks to systems and data ü Exchange information to enable ecosystem risk management ü Enable greater control, demonstrate compliance, be transparent ü Coordinate vulnerability handling ü Provide technical expertise to governments on cybersecurity challenges ü Help identify critical infrastructure functions that would create unacceptable impacts, and should not be subject to offensive actions ü Catalyze action to define cybersecurity norms Public Sector ü Harmonize risk management requirements ü Exchange information to enable ecosystem risk management ü Create agile regimes for compliance that leverage existing standards ü Publish a vulnerability handling policy ü Engage with private sector to understand technical challenges, esp. potential consequences of actions ü Increase transparency on defensive and offensive capabilities and criteria for use ü Define and implement cybersecurity norms

26 Efficient and Effective Partnership ü Develop new engagement models to be both agile and appropriately inclusive ü Clearly scope to defensive cybersecurity purposes ü Focus on what is truly critical for cyberspace ü Define more specific outcomes ü Deliver, implement, iterate

27 Advancing Persistent Security Together / Big data Investigations Legal action Commitment to Evolved Partnership Risk management, information sharing, vulnerability handling, critical infrastructure protection, norms Synergistic roles Timely, demonstrable results Transparency Multi-stakeholder Converging Interests Innovative

28