390 likes | 796 Views
Windows Azure Security, Privacy, & Compliance. Your name goes here Your title goes here. Technology trends: driving cloud adoption. BENEFITS. 2 weeks to deliver new services vs. 6-12 months with traditional solution ( Case Study: HarperCollins Publishers ). $25,000
E N D
Windows Azure Security, Privacy, & Compliance • Your name goes here • Your title goes here
Technology trends: driving cloud adoption • BENEFITS 2weeks to deliver new services vs. 6-12 months with traditional solution (Case Study: HarperCollins Publishers) $25,000 in the cloud would cost $100,000 on premises (Microsoft Azure BI Team, STMG Proof Points Central) Speed Scale Economics Scale from Cloud Trend: • 70% • 30,000to 250,000 • site visitors instantly • (Case Study: Autocosmos) 430B+ Windows Azure AD authentications 280% year-over-year database growth in Windows Azure 50% of Fortune 500 use Windows Azure • of CIOs will embrace a cloud-first strategy in 2016 • (IDC CIO Agenda webinar) • WINDOWS AZURE ADOPTION
Cloud innovation OPPORTUNITY for Security & Compliance BENEFITS Pre-adoption concern Benefitsrealized • SECURTIY • Design/Operation • Infrastructure • Network • Identity/access • Data • PRIVACY • COMPLIANCE 60% 94% 62% 45% • cited concerns around data security as a barrier to adoption • experienced security benefits they didn’t previously have on-premise • concerned that the cloud would result in a lack of data control • said privacy protection increased as a result of moving to the cloud
Trustworthy foundation Built on Microsoft experience and innovation Trustworthy ComputingInitiative 1st Microsoft Data Center FedRAMP/FISMA UK G-Cloud Level 2 Malware Protection Center ActiveDirectory SOC 1 SOC 2 1989 1995 2000 2005 2010 Windows Update E.U. Data Protection Directive Security Development Lifecycle CSA Cloud Controls Matrix Digital Crimes Unit HIPAA/HITECH ISO/IEC 27001:2005 Global Data Center Services PCI DSS Level 1 Microsoft SecurityResponse Center
Shared responsibility reduce security costs + Maintain Flexibility, access, & control • On-Premises • IaaS • PaaS • SaaS Applications Data Runtime Middleware O/S Virtualization Servers Storage Networking • Customer • Microsoft
Transparency & independent verification AID CUSTOMERS in meeting security & Compliance Obligations • Third-party verification • Best practices and guidance • Access to audit reports • Compliance packages • Security intelligence report • Security Response Center progress report Trust Center • Cloud Security Alliance
Microsoft approach in action Security Privacy Compliance
Security We chose Azure because all things being equal, it is the easiest cloud platform to work with. Security and patching is already taken care of, so it is less labour-intensive.”
Security at the core Software Development Lifecycle (SDL) • Operational security controls • Assume breach Incident response
Infrastructure protection • 24 hour monitored physical security • System monitoring and logging • Patch management • Anti-Virus/Anti-Malware protection • Intrusion detection/DDoS • Penetration testing • Dedicated US government cloud
Network protection Network isolation • Encrypted connections • Virtual Networks • ExpressRoute
Identity & access Enterprise cloud identity – Windows Azure AD Access monitoring Single sign-on Multi-Factor Authentication Role based access controls
Data protection • Encrypted data transfer • Encryption options for stored data • Data segregation • Choice of data location • Data redundancy • Data destruction
Privacy Our vision is to be the national leader in patient-centered e-healthcare.… Using Windows Azure as our delivery system provides us with a level of trust and reliability that makes this possible.”
Privacy by design Privacy by Design • Contractual • commitments • Restricted data access and use • No use for advertising 10101010101010101010101010101010 1010101010101010101010101010101010101010101010101010 1010101010101010101010101010
Compliance Windows Azure was attractive because it has built-in capabilities for compliance with a wide range of regulations and privacy mandates.”
Simplified compliance • Information security standards Effective controls Government & industry certifications ISO 27001 SOC 1 Type 2 SOC 2 Type 2 FedRAMP/FISMA PCI DSS Level 1 UK G-Cloud HIPAA/HITECH
Microsoft commitment Enhance Security Protect Privacy Simplify Compliance Unified platform for modern business
Get started today! • Talk to a Microsoft security expert • Explore additional resources: • Microsoft Trust Center for Windows Azure: http://www.windowsazure.com/en-us/support/trust-center • Trustworthy Computing Cloud Services: www.microsoft.com/trustedcloud