By 2020, a corporate no-cloud policy will be as rare as a no-internet policy is today. 1

Similar documents
U susret GDPR regulativi Dočekajmo spremni Maj 2018

This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.

Accelerate GDPR compliance with the Microsoft Cloud Ole Tom Seierstad National Security Officer Microsoft Norway

Morgan Independent Software Vendor Lead

Microsoft 365 Das modern Büro der Zukunft

Our Mission. Empower every person and every organization on the planet to achieve more.

Closing Keynote: Addressing Data Privacy and GDPR on Microsoft Data Platform Technologies. Ronit Reger, Senior Program Manager at Microsoft

Accelerate GDPR compliance with the Microsoft Cloud

QBS Talks. June GDPR a Microsoft perspective Ole Kjeldsen, CTO Microsoft DK

Avanade Zerouno : Cloud Experience. Version 1.0 May 16, 2017 Author(s): Ivan Loreti

Kimberly Nelson Executive Director Government Solutions US SLG. March 2017

Klaus Schwab, Founder & Executive Chairman

Today s top THREAT ACTORS pose unique challenges

What is Dell EMC Cloud for Microsoft Azure Stack?

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

COMPLIANCE IN THE CLOUD

Matt Holden-Milner Richard Willmott

Compliance & Security in Azure. April 21, 2018

Microsoft Azure. The cloud platform for digital transformation

Hyper scale Infrastructure is the enabler

Microsoft + SUSE This partnership gets stronger every day

Enterprise Mobility + Security

Amit Panchal Enterprise Technology Strategist

How do you decide what s best for you?

Accelerate GDPR compliance with the Microsoft Cloud

Azure: The Cloud On Your Terms. Herns Hermida Cloud and Enterprise Business Lead Microsoft Philippines

Microsoft Azure: Using the Public Cloud to solve the Big Questions

Die intelligente Cloud als Kernelement der IT Transformation. Dr. Bernd Kiupel Business Group Lead Cloud & Enterprise, Microsoft Schweiz

Your vision, your results, your cloud

Cloud Transformation and Significance of Security

What is Blockchain? Cryptographically Authentic Shared Distributed Ledger. Cryptographically Authentic Each transaction recorded in the database is

PostgreSQL & The Cloud

Introductie Intercept

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος

Dublin* Amsterdam. London

Security & Compliance in the AWS Cloud. Amazon Web Services

White Paper. How Organizations. Can Use The Cloud In Confidence. In business for people.

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

celerate GDPR compliance h the use of new technologies oni Papanikolaou orate, External & Legal Affairs Director soft Greece, Cyprus & Malta

Microsoft Azure Security, Privacy, & Compliance

Herausforderungen und Lösungen um Devices mit der Cloud zu verbinden. 14. Dezember 2017, München Oliver Niedung

Workday s Robust Privacy Program

Data Protection and GDPR

TRACKVIA SECURITY OVERVIEW

Microsoft Security Management

Cybersecurity Considerations for GDPR

Your vision. Your cloud.

GDPR - What does this mean for you? Accelerate GDPR compliance with the Microsoft Services. Konstantin Sviridov Andrey Ivanov.

Google Cloud & the General Data Protection Regulation (GDPR)

Protecting your data. EY s approach to data privacy and information security

The growing global data platform market

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

Data Security and Privacy at Handshake

General Data Protection Regulation (GDPR) The impact of doing business in Asia

Introduction to AWS GoldBase

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Intermedia s Private Cloud Exchange

EU General Data Protection Regulation (GDPR) Achieving compliance

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Identity & Access Management

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates

GDPR Compliance. Clauses

Altius IT Policy Collection Compliance and Standards Matrix

ISO in the world today

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

GDPR Update and ENISA guidelines

Layer Security White Paper

Data Protection. Code of Conduct for Cloud Infrastructure Service Providers

ProCloud An Overview

GDPR COMPLIANCE REPORT

General Data Protection Regulation (GDPR)

The Common Controls Framework BY ADOBE

Building Cloud Trust. Ioannis Stavrinides. Technical Evangelist MS Cyprus

Smart Software Licensing tools and Smart Account Management Privacy DataSheet

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

locuz.com SOC Services

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010

Security Information & Policies

Microsoft Professional Services And Support Data Protection

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Magento GDPR Frequently Asked Questions

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

Cybersecurity in Higher Ed

All Aboard the HIPAA Omnibus An Auditor s Perspective

Trusted Cloud: Microsoft Azure Security, Privacy, and Compliance. April 2015

Cyber Risks in the Boardroom Conference

Twilio cloud communications SECURITY

Changing times in Swiss Data Privacy: new opportunities? Microsoft Security Day 27 April 2017 Clara-Ann Gordon

AXCIENT FUSION: TECHNICAL WHITE PAPER

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Safeguards on Personal Data Privacy.

Compliance with NIST

Microsoft 365 Business FAQs

EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS

Transcription:

By 2020, a corporate no-cloud policy will be as rare as a no-internet policy is today. 1 The question is no longer: How do I move to the cloud? Instead, it s Now that I m in the cloud, how do I make sure I ve optimized my investment and risk exposure? 2 By 2020 clouds will stop being referred to as public and private. It will simply be the way business is done and IT is provisioned. 3 1 Gartner: Smarter with Gartner, Why a No-Cloud Policy Will Become Extinct, February 2, 2016 2 KPMG: 2014 Cloud Survey Report, Elevating business in the cloud, December 10, 2014 3 IDC: IDC Market Spotlight, Cloud Definitions and Opportunity, April 2015

Old models no longer work (did they ever?).

ASSUME BREACH

38 Cloud regions worldwide North Central US United Kingdom South West US 2 West Central US West US US Gov Arizona 3 US Gov Texas 3 Central US US Gov Iowa US DoD West South Central US Canada Central US Gov Virginia Canada East US DoD East East US United Kingdom West East US 2 North Europe France 3 France 3 West Europe Germany Northeast 2 Germany Korea South 3 Central 2 China West 1 Japan East West India Central India South India Korea Central 3 China East 1 East Asia Japan West 100+ datacenters One of 3 largest networks in the world Southeast Asia 1 China datacenters operated by 21 Vianet 2 German data trustee services provided by T-systems 3 France, South Korea and US Gov datacenter regions have been announced but are not currently operational Brazil South Australia Southeast Australia East Global datacenters Sovereign datacenters

MICROSOFT DATACENTERS Microsoft invests heavily to help ensure that our datacenters are some of the most secure facilities on the planet

What separation exists between different consumers of the service? Are interfaces constrained to authenticated users only? What do you need to do to configure the service or your devices to access the service? What governance process is in place for the service? Are there processes for the operational security of the service? How does the supply chain support the security principles that the service implements? Is data in transit and at rest adequately protected? Are the service provider personnel with access to customer data subject to background checks? Do you have the tools available to securely manage the service? Are all external interfaces identified and have protections? How is the service protected from the administrators of the service? What is done to protect your data against, tampering, loss, damage or seizure? https://www.ncsc.gov.uk/guidance/ implementing-cloud-securityprinciples How is the service designed to identify and mitigate threats? What audit information is available to you to monitor access to the service?

HOLISTIC APPROACH TO SECURITY LEADERSHIP IN COMPLIANCE COMMITMENT TO TRANSPARENCY & PRIVACY

Platform Intelligence Partners

Customers expect Customer data will be safeguarded using state-of-the industry security technology and processes. Customer data will be encrypted in transit and at rest. What we re doing about it Our datacenters are equipped with state-of-the-art physical security measures. We operate a 24x7 incident response team to mitigate threats and attacks. We encrypt customer data transferred between our data centers. We protect your stored data with built-in tools and provide access to further encryption capabilities.

POWERED BY THE INTELLIGENT SECURITY GRAPH Unique insights, informed by trillions of signals. This signal is leveraged across all of Microsoft s security services 1.2B devices scanned each month Malware data from Windows Defender Shared threat data from partners, researchers and law Enforcement worldwide 400B emails analyzed 200+ global cloud consumer and Commercial services Botnet data from Microsoft Digital Crimes Unit Enterprise security for 90% of Fortune 500 750M+ Azure user accounts 18+B Bing web pages scanned 450B monthly authentications

PARTNERING TO IMPROVE CYBER SECURITY

Customers expect Cloud services to enable compliance by adhering to international standards, certifications and applicable regulatory requirements. Ability to see the certifications for each of their cloud provider s cloud service. What we re doing about it We lead the industry in pursuing compliance with the latest standards for data privacy and security, such as ISO 27018. Our global infrastructure investments enables us to meet unique data residency, sovereignty and compliance requirements. We regularly undergo independent audits to certify our compliance. We collaborate with our partners, when requested, to work with their customers and regulators to help them meet their compliance requirements.

Global requirements Local & regional compliance requirements Infrastructure investments Highly-regulated industries Future requirements

REGIONAL INDUSTRY US GOV GLOBAL Azure has the deepest and most comprehensive compliance coverage in the industry July 2017 ISO 27001 ISO 27018 ISO 27017 ISO 22301 ISO 9001 SOC 1 Type 2 SOC 2 Type 2 SOC 3 CSA STAR Self-Assessment CSA STAR Certification CSA STAR Attestation Moderate JAB P-ATO High JAB P-ATO DoD DISA SRG Level 2 DoD DISA SRG Level 4 DoD DISA SRG Level 5 SP 800-171 FIPS 140-2 Section 508 VPAT ITAR CJIS IRS 1075 PCI DSS Level 1 CDSA MPAA FACT UK Shared Assessments FISC Japan HIPAA / HITECH Act HITRUST GxP 21 CFR Part 11 MARS-E IG Toolkit UK FERPA GLBA FFIEC Argentina PDPA EU Model Clauses UK G-Cloud China DJCP China GB 18030 China TRUCS Singapore MTCS Australia IRAP/CCSL New Zealand GCIO Japan My Number Act ENISA IAF Japan CS Mark Gold Spain ENS Spain DPA India MeitY Canada Privacy Laws Privacy Shield Germany IT Grundschutz workbook

Providing clarity and consistency for the protection of personal data The General Data Protection Regulation (GDPR) imposes new rules on organizations in the European Union (EU) and those that offer goods and services to people in the EU, or that collect and analyze data tied to EU residents, no matter where they are located. Enhanced personal privacy rights Increased duty for protecting data Mandatory breach reporting Significant penalties for non-compliance Microsoft believes the GDPR is an important step forward for clarifying and enabling individual privacy rights

What are the key changes to address the GDPR? Personal privacy Controls and notifications Transparent policies IT and training Individuals have the right to: Access their personal data Correct errors in their personal data Erase their personal data Object to processing of their personal data Export personal data Organizations will need to: Protect personal data using appropriate security Notify authorities of personal data breaches Obtain appropriate consents for processing data Keep records detailing data processing Organizations are required to: Provide clear notice of data collection Outline processing purposes and use cases Define data retention and deletion policies Organizations will need to: Train privacy personnel & employee Audit and update data policies Employ a Data Protection Officer (if required) Create & manage compliant vendor contracts

Protecting customer privacy Supporting modern laws and treaties Increasing transparency

Customers expect Control over who has access to customer data. Data access will require permission from the customer before their cloud vendor s personnel or its subcontractors can obtain access. Their data can be permanently deleted or taken with them if they leave. What we re doing about it Your customers will have flexibility, choice and transparency on where customer data is stored. We will not use your customer s data for advertising or commercial purposes. We will not disclose your customer s information outside of Microsoft except with your customer s consent or when required by law. We can provide your customer with a variety of tools to extract their customer data. We delete your customer data after your service is terminated or expires.

PROTECTING CUSTOMER DATA PRIVACY

Customers expect Clear, plain-language explanation of how their cloud provider uses, manages and protects customer data. Proactive transparency in requests for customer data from law enforcement. What we re doing about it We provide understandable and strict policy of what we will and will NOT use customer data for. When responding to law enforcement requests, we strive to defend customer rights and privacy, and ensure due process is followed. For each of our services, we provide information on where customer data may be stored and processed.

Learn more at microsoft.com/transparency MICROSOFT TRANSPARENCY HUB Microsoft provides a number of disclosures to help stakeholders evaluate how we are meeting our commitments

GET ANSWERS TO COMMON ENTERPRISE QUESTIONS AT THE MICROSOFT TRUST CENTER AND SERVICE TRUST PREVIEW

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback