Security, Privacy, & Compliance Andreas Grigull Geschäftsentwicklung Assekuranz
Installation von 2000 Servern in 3 Stunden
Technology trends: driving cloud adoption BENEFITS Speed Scale Economics Cloud Trend: 70% 2 weeks to deliver new services vs. 6-12 months with traditional solution Scale from 30,000 to 250,000 site visitors instantly $25,000 in the cloud would cost $100,000 on premises of CIOs will embrace a cloud-first strategy in 2016 (IDC CIO Agenda webinar) 430B+ AD authentications 280% year-over-year database growth in 50% of Fortune 500 use AZURE ADOPTION 3
Cloud innovation OPPORTUNITY FOR SECURITY & COMPLIANCE BENEFITS Pre-adoption Benefits realized concern 94% 60% cited concerns around experienced security benefits data security they as didn t a barrier previously to adoption have on-premise 62% 45% concerned that the said privacy protection increased cloud would as a result in of a moving lack of data to the control cloud SECURTIY Design/Operation Infrastructure Network Identity/access Data PRIVACY COMPLIANCE
Trustworthy foundation BUILT ON MICROSOFT EXPERIENCE AND INNOVATION 1 st Microsoft Data Center Active Directory Trustworthy Computing Initiative Malware Protection Center SOC 1 UK G-Cloud Level 2 SOC 2 FedRAMP/ FISMA Operations Security Assurance 20+ Data Centers Microsoft Security Response Center Windows Update Global Data Center Services Security Development Lifecycle Digital Crimes Unit ISO/IEC 27001:2005 E.U. Data Protection Directive HIPAA/ HITECH CSA Cloud Controls Matrix PCI DSS Level 1
Transparency & independent verification AID CUSTOMERS IN MEETING SECURITY & COMPLIANCE OBLIGATIONS Third-party verification Access to audit reports Compliance packages Best practices and guidance Trust Center Cloud Security Alliance Security Response Center progress report Security intelligence report 6
Data location and redundancy AZURE: Creates three copies of data in each datacenter Offers geo-replication in a datacenter 400+ miles away Does not transfer Customer Data outside of a geo (ex: from US to Europe or from Asia to US) CUSTOMER: Chooses where data resides Configures data replication options Note: data centers, Australia Q2 FY15
Privacy by design Privacy by Design Restricted data access & use Contractual commitments Privacy controls built into Azure design and operations Customer data is only used to provide the service and is never used for advertising Data Processing Agreements, EU Model Clauses, HIPAA BAA 10101010101010101010101010101010 1010101010101010101010101010101010101010101010101010
Contractual commitments EU Data Privacy Approval Microsoft meets high bar for protecting privacy of EU customer data Microsoft offers customers EU Model Clauses for transfer of personal data across international borders Microsoft s approach was approved by the Article 29 committee of EU data protection authorities the first company to obtain this Broad contractual scope Microsoft makes strong contractual commitments to safeguard customer data covered by HIPAA BAA, Data Processing Agreement, & E.U. Model Clauses Enterprise cloud-service specific privacy protections benefit every industry & region
Simplified compliance Information security standards Effective controls Government & industry certifications ISO 27001 SOC 1 Type 2 SOC 2 Type 2 FedRAMP/FISMA PCI DSS Level 1 UK G-Cloud
Security compliance strategy Security goals set in context of business and industry requirements Security analytics & best practices deployed to detect and respond to threats Benchmarked to a high bar of certifications and accreditations to ensure compliance Continual monitoring, test and audit Test and audit Security benchmark analysis Security Compliance Framework Security analytics Risk management best practices Ongoing update of certifications for new services 11
Microsoft commitment Unified platform for modern business
Talk to a Microsoft security expert Explore additional resources: Trustworthy Computing Cloud Services: www.microsoft.com/trustedcloud Microsoft Trust Center for : http://www.windowsazure.com/en-us/support/trust-center