a deep dive into azure security: is azure really secure?
Post on 11-Apr-2017
51 Views
Preview:
TRANSCRIPT
www.expertpointsolutions.com
A Deep Dive into Azure Security: Is Azure really secure?
Brian Culver & Alvin Vaughn ● #HSPUG ●March 15, 2017
About Brian Culver
SharePoint Solutions Architect for Expert Point Solutions in
Houston, Texas.
Microsoft Certified Master (MCM) in SharePoint
Brian has worked in the Information Technology industry for
since 1998 and he has been working with SharePoint since
2005. His deep expertise includes Azure, Office365,
SharePoint, ASP.Net, SQL Server and Project Server. He
has been involved in many large SharePoint
implementations including Internet and Intranet sites, Partner
Portals, Enterprise Content Management and Governance,
and much custom application integration and development.
Author, Speaker and Blogger
Email : brian.culver(at)expertpointsolutions.com
Twitter : @spbrianculver
LinkedIn : https://www.linkedin.com/in/bculver
Blog : http://blog.expertpointsolutions.com
About Alvin Vaughn
Cloud Solutions Architect for Expert Point Solutions in Houston,
Texas.
CISSP, CCENT, MCITP Enterprise Server.
Alvin has worked in Information Technology industry since 2005,
where he begin initially has a system admin and progressing to
server administrator while in college. Alvin became a
commissioned officer into the military after college where
assigned as the lead IT project manager during the successful
implementation the DoD’s Field Health IT system in Iraq and later
in Afghanistan. Alvin has served as a technical consultant
traveling around the world to provide expertise in enterprise
Window’s server administration, open source interoperability, data
analytics and has certified in Linux Administration and Oracle
SQL. Alvin has led many multi-regional and global IT projects
leveraging enterprise platforms such as SharePoint, Oracle DB,
Windows RDS while leveraging cloud IaaS such as Azure to
securely deliver resources, business intelligence, and other
services to clients and their customers.
Email : alvin.vaughn(at)expertpointsolutions.com
Session Agenda
Cloud Growth
Digital Security Threat Today
Security Roadmap
“The Trusted Cloud”
Security & Compliance Tools and Resources
Other considerations
Cloud Growth
“Companies continued their adoption of cloud computing services at a rapid clip in 2016, with overall growth
expected to rise 25% year over year for that period, according to new numbers from Synergy Research Group. The
forecaster estimated aggregate annual revenue from all those cloud segments at nearly $150 billion. Synergy lumps two
key cloud categories, known by techies as infrastructure as a service and platform as a service, into one big
bucket, which together showed the most dramatic growth rate of 53%. Infrastructure as a service (aka
IaaS) is typically exemplified by offerings from Amazon Web Services (AWS),Microsoft and Google (GOOGL, +0.37%).”
“Torrid Cloud Growth Continues”, Barb Darrow, Jan 04, 2017, http://fortune.com/2017/01/04/robust-cloud-growth/
Operator and vendor revenue for six segments of cloud computing reached $148 billion during that
period, with spending on private clouds accounting for over half the total but spending on the public cloud growing much
more rapidly.
“Cloud computing revenues jumped 25% in 2016, with strong growth ahead, researcher says”, Dan Richman, January 4, 2017,
http://www.geekwire.com/2017/cloud-computing-revenues-jumped-25-2016-strong-growth-ahead-researcher-says/
Azure Cloud Growth
Microsoft’s cloud infrastructure by the numbers
1989: The year Microsoft opened its first datacenter on its Redmond, Washington campus.
90-plus: The number of marketplaces that our cloud services are available in today.
200-plus: The number of online services delivered by Microsoft’s datacenters 24x7x365.
$15 billion-plus: Microsoft’s investment in building our huge cloud infrastructure.
1 million-plus: The number of servers hosted in our datacenters.
100-plus: The number of datacenters Microsoft has in its global cloud infrastructure portfolio.
30 trillion-plus: The number of data objects we store in our datacenters.
1.5 million-plus: The average number of requests our networks process per second.
3: The number of times Microsoft’s fiber optic network, one of North America’s largest, could stretch to the moon and
back.
1.125: Microsoft’s average PUE for its new datacenters. Power usage effectiveness (PUE) is a metric of datacenter
energy efficiency and is the ratio of the power and cooling overhead required to support our server load. The industry
average is 1.8.
http://download.microsoft.com/download/8/2/9/8297F7C7-AE81-4E99-B1DB-
D65A01F7A8EF/Microsoft_Cloud_Infrastructure_Datacenter_and_Network_Fact_Sheet.pdf
Azure Cloud Growth
Microsoft’s cloud infrastructure by the numbers (Continued)
2.3 billion kWh: The amount of green power purchased by Microsoft as part of our carbon-neutral goal - ranking as the
third most purchased by any U.S. company, according to the U.S. Environmental Protection Agency.
16: The number of carbon offset projects Microsoft has invested in, including projects in Brazil, Cambodia, China,
Guatemala, India, Kenya, Mongolia, Peru, Turkey and the United States. (including Keechi Wind Power investment
announced November 4, 2013)
100 percent: The percentage of our servers and electronic equipment that we send to a third-party vendor for recycling
and/or reselling after it has been securely decommissioned.
2007: The year Microsoft began sharing its best practices for cloud infrastructure with the industry. Download our latest
Top Ten Best Business Practices for Environmentally Sustainable Datacenters white paper.
http://download.microsoft.com/download/8/2/9/8297F7C7-AE81-4E99-B1DB-
D65A01F7A8EF/Microsoft_Cloud_Infrastructure_Datacenter_and_Network_Fact_Sheet.pdf
Azure Cloud Growth
“[Microsoft] last week said its Azure revenue grew 93% year over year as it reported results for the quarter ended Dec.
31, 2016. The annualized revenue run rate for Microsoft's commercial cloud business, a segment that includes Azure, now
surpasses $14 billion, according to the company.”
“Azure partners benefit from Microsoft cloud growth”, John Moore and Spencer Smith, Jan 27, 2017,
http://searchitchannel.techtarget.com/news/450411909/Azure-partners-benefit-from-Microsoft-cloud-growth
Read Microsoft’s marketing about the cloud carefully
Microsoft purposely skews cloud statistics to drive adoption. Move when it is the right
time for your organization.
Microsoft enterprise
customers has Office 365
– Microsoft
There’s a rush at every major tech vendor to sign up customers for their own cloud offerings before their competitors nab them. They are trying to nab their share of a market that will grow —
conservatively — from $56.6 billion in 2014 to more than $127 billion in 2018, according to market research.
– ICD
1 in 480%of the Fortune 500 are
on the Microsoft
Cloud
– Microsoft
By 2018, Microsoft expects commercial
cloud revenues to exceed
Microsoft’s cloud-first, mobile-first strategy is paying off
and is now on an annualized revenue run rate of
$14 billion
$20Bdriven by Office 365, Azure, and Dynamic CRM Online
Commercial cloud growth of 80%
Azure cloud growth of 93%
Cloud customer base has doubled over the
past 12 monthsSource: Taft, Darryl K. “Microsoft Continues
to See Impact of Transition to Cloud.” eWeek.
Source: Todd, Deborah M. “Cloud business
boosts Microsoft’s quarterly revenue, shares
rise.” Reuters.
There are benefits to the cloud; examine common criteria when evaluating a move
• Once a year you will
have the ability to true up
or true down your
licenses. Historically,
only an annual true-up
was possible, adding to
cumulative SA costs.
• Corporations can lose
millions or hundreds of
millions of dollars in the
event of downtime.
• Microsoft has a 99.9%
uptime guarantee.
True Up or Down
99.9% Uptime
• Microsoft has increased
the number of devices
that can be used with
O365 licenses enabling
shared devices.
15 Devices
• Historically, licensing has
been device based, as
BYOD and multiple
devices weren’t
prominent.
• User licensing allows for
multiple devices and is
approximately 30% more
expensive than licensing
one device.
User-Based Licensing
• Microsoft has invested
hundreds of millions of
dollars into security for its
cloud. It knows that with a
single breach, many
organizations will be
searching for an
alternative.
Excellent Cloud Security
• If you want to reduce time
spent on providing
patches and updates,
Microsoft wants to
automate tasks leaving
you more time to work on
other areas of your
business.
Automatic Updates
• Microsoft is continuously
increasing integration and
collaboration capabilities
within its products.
Exchange, SharePoint,
Skype, and Office have all
seen changes in recent
years.
Enabled Collaboration
• Instead of having to
replace hardware every 3-
4 years, moving to
Microsoft’s cloud can
move you out of the
hardware management
space and help you focus
on performance.
Reduce Infra Costs
Fifty-six percent of enterprises consider cloud to be a strategic
differentiator, and approximately fifty-eight percent of enterprises spend
more than 10 percent of their annual budgets on cloud services. – ICD
Organizations are delaying a move to the cloud for the following reasons
• Certain organizations
have bylaws in place
because of proprietary
information or government
limitations on where data
can reside.
• Bandwidth and network
connectivity in remote
locations are large
concerns for
organizations who rely on
the Microsoft productivity
suite as their primary
communication tools.
Data Sovereignty
Performance
• The cost of moving to a
subscription-based model
is undoubtedly higher,
and in the long run when
your data is in the cloud,
software vendors know
switching to another
vendor will be difficult.
Cost
• While having updates
completed automatically
by Microsoft,
organizations with
aforementioned legacy
systems could face
unexpected issues.
Adaptability to Change
• Organizations that have
legacy systems or
integrations with current
software know that a
move to cloud will be
possible when similar
functionality is possible in
the cloud.
Legacy Systems
• If on-premise licenses or
storage were recently
purchased, moving to the
cloud would decrease the
planned usage life.
Historical Purchases
…the single biggest obstacle to cloud
adoption in general continues to be the fear of security breaches, closely
followed by issues with data sovereignty.
– Capgemini Consulting
Many organizations maintain hybrid environments when moving to the cloud. Microsoft has granted users who
are licensed with Office 365 Enterprise User Subscription Licenses (USLs) equivalent rights to on-premise
workloads. On-premise server licenses still need to be purchased. Small/mid-sized business and kiosk Office
365 plans do not contain the same rights.
Digital Security Threat Today
Security remains a concern
News of security breaches continues to dominate headlines, and the scale and scope of intrusions are growing. In 2014
alone, data breaches were up by 49% over the previous year, and cyber criminals compromised more than a billion data
records in more than 1500 breaches. In a 2014 report for the World Economic Forum, McKinsey & Company estimated
the risk of cyberattacks“ could materially slow the pace of technology and business innovation with as much as $3 trillion
in aggregate impact.” In any security attack, target organizations are only as safe as their weakest link; ifany component is
not secured then the entire system is at risk. While acknowledging that the cloud can provide increased data security and
administrative control, IT leaders are still concerned that migrating to the cloud will leave them more vulnerable to hackers
than their current in-house Solutions
http://download.microsoft.com/download/5/C/7/5C770A50-4FE4-4052-98E1-
562EBFE4F35A/Trusted_Cloud_White_paper_EN_US.pdf
Digital Security Threat Today
Russian Spies, Two Others,
Indicted in Yahoo Hack
Internet-Connected Sex Toy Maker
Settles Privacy Lawsuit
7 Facts: 'Vault 7' CIA Hacking Tool
Dump by WikiLeaks
Breach Tally: Hacking Incidents Still on the
Rise
Yahoo CEO Loses Bonus
Over Security Lapses
SHA-1 Has Fallen
Mobile Devices: What Could Go Wrong?
Yahoo Takes $350 Million Hit
in Verizon Deal
Digital Security Threat Today
The top reported breaches by state are:
California with 39 breaches
Florida with 28 breaches
Texas with 23 breaches
New York with 15 breaches
Illinois, Indiana and Washington with 12 breaches
Ohio and Pennsylvania with 11 breaches
Michigan with 10 breaches
Arizona and Arkansas with 9 breaches
Georgia and Minnesota with 8 breaches and
Colorado and Missouri with 7 breaches.
The report lists the worst data breaches per record
compromised as:
Arizona with 4,524,278 records
New York with 3,588,554 records
Florida with 2,872,912 records
California with 1,436,701 records and
Georgia with 782,956 records.
Report Lists Health Care Data Breaches by State
Digital Security Threat Today
Nearly 50 percent of organizations have been hit
with ransomware
56,000 ransomware infections in March 2016,
alone
$209 million was paid to ransomware criminals in
Q1 2016
The average ransom demand is now $679
Email is the #1 delivery vehicle for ransomware
600% growth in new ransomware families since
December 2015
4x jump in Android ransomware
230 percent jump in JavaScript ransomware
payloads
https://blog.barkly.com/ransomwar
e-statistics-2016http://www.symantec.com/content/en/us/enterprise/media/securi
ty_response/whitepapers/ISTR2016_Ransomware_and_Busine
Digital Security Threat Today
As of March 9, 50 major breaches impacting 424,286 individuals have been added to the Department of Health and
Human Services' Office for Civil Rights' "wall of shame" website of major breaches affecting 500 or more individuals.
Of those 2017 incidents, 20 are listed as unauthorized access/disclosure breaches; 14 are hacking incidents; and 14 are
breaches involving loss/theft of protected health information. Of the incidents involving loss or theft, eight involved
paper/film records, and six involved unencrypted desktop or laptop computers, or other portable devices.
As of March 9, more than 171.66 million individuals in total have been impacted by the 1,852 major breaches that have
been reported to HHS since September 2009.
In total so far in 2017, 14 hacking incidents affected nearly 262,000 individuals, or about 60 percent of all individuals
impacted by major HIPAA breaches.
The six breaches so far posted in 2017 involving lost or stolen unencrypted computing devices impacted a total of about
15,000 individuals.
http://www.databreachtoday.com/breach-tally-hacking-incidents-still-on-rise-a-9762
Digital Security Threat Today
Cybercrime is getting worse, far worse.
Three and a Half Crimeware Trends to Watch in 2017
New malware configurations and trends seen in 2016;
Trends from the mobile malware arena;
A look into the most prominent threats expected in 2017.
http://www.databreachtoday.com/webinars/three-half-crimeware-trends-to-watch-in-2017-w-1178?rf=promotional_webinar
Azure Security Roadmap
Microsoft is Transparent about security
Constantly Adapting and Making Changes as Trends Arise
Cloud Platform roadmap
https://www.microsoft.com/en-us/cloud-platform/roadmap-public-preview
White papers
Securing the Microsoft Cloud white paper
Azure Security, Privacy, and Compliance white paper
Security Management in Microsoft Azure white paper
Cloud Operations Excellence and Reliability strategy paper
Leveraging Stored Energy for Handling Power Emergencies white paper
Resilience by Design for Cloud Services white paper
Information Security Management white paper
Security Roadmap
Microsoft Cyber Defense Operations Center (CDOC) is a 24x7x365 state-of-the-art cybersecurity and defense
facility. The CDOC is part of the company’s initiative to continuously advance its efforts on cybersecurity, risk
management, and data protection. The CDOC is the physical hub for the company’s real-time security-focused experts,
leveraging technology and analytics that protect, detect, and respond to threats to Microsoft’s cloud infrastructure and
customer-facing resources and the services hosted within them, our products, devices, and the company’s internal
resources. The teams that come together in the CDOC manage intelligence collection and correlation from our global
threat landscape, real-time analysis and incident response, and provide ground zero security crisis management when
needed.
Security Development Lifecycle (SDL) f
“The Trusted Cloud”
Most comprehensive compliance coverage of any cloud provider
More certifications than any other cloud provider
Industry leader for customer advocacy and privacy protection
Unique data residency guarantees
https://azure.microsoft.com/en-us/support/trust-center/
Commitment to compliance: “There are more compliance certifications with Azure than any other vendor out
there”
Scott Guthrie, Exec VP Cloud + Enterprise Group, Microsoft Corp, AZGroups Conference 2017 (March 2017)
https://youtu.be/_uW0N1Re_wk
Whether you are targeting government scenerios, healthcare, ecommerce, or a unique regulations in Australia, Ireland, or the UK its
services can be depended on and you can take advantage of them
ISO/IEC, CSA/CCM, ITAR, CJIS, HIPAA, IRS 1075
Microsoft understands that for you—our enterprise customer—to realize the benefits of the cloud, you must be willing to entrust your cloud provider with one of your most
Microsoft has invested hundreds of millions of dollars into
security, and has the most certifications of any cloud provider
Microsoft’s servers are the second most attacked datacenter in the world
with 30,000–40,000 threats per day. It has the experience and a proven track
record in keeping data safe, knowing it only takes one hacker to get through
for trust to be lost. Microsoft has the following certifications:
“The Trusted Cloud”
Whose using Azure in 2017
90% of the fortune 500 Use Microsoft Cloud:
BMW 2016
Concept to Production in less than a year to develop Azure connected vehicle dashboard sold in every vehicle today
Mobile companion app that allows you see stats of car and unlock the vehicle which is all running through Azure backend
Ford, Toyota, and others have integrated vehicles into Azure
AccuWeather (6 billion API weather calls per day from apps all over the weather)
GEICO, in very heavily regulated industry, has moved all of its customer facing and business processing systems to the cloud.
Walmart has Ecommerce and mobile based solutions are in the Azure cloud
Infrastructure
38 Regions and growing as of March 13 2017. Open a new region about every other month.
Datacenters implement multi-layer physical security
“The Trusted Cloud”
Security: We keep your customer data safe (https://azure.microsoft.com/en-us/support/trust-center/)
Managing and controlling identity and user access to your environments, data, and applications by federating user identities to
Azure Active Directory and enabling multi-factor authentication for more secure sign-in.
Encrypting communications and operation processes. For data in transit, Azure uses industry-standard transport protocols
between user devices and Microsoft datacenters, and within datacenters themselves. For data at rest, Azure offers a wide range of
encryption capabilities up to AES-256, giving you the flexibility to choose the solution that best meets your needs.
Securing networks. Azure provides the infrastructure necessary to securely connect virtual machines to one another and to connect
on-premises datacenters with Azure VMs. Azure blocks unauthorized traffic to and within Microsoft datacenters, using a variety of
technologies. Azure Virtual Network extends your on-premises network to the cloud through site-to-site VPN.
Managing threats. To protect against online threats, Azure offers Microsoft Antimalware for cloud services and virtual machines.
Microsoft also employs intrusion detection, denial-of-service (DDoS) attack prevention, regular penetration testing, and data analytics
and machine learning tools to help mitigate threats to the Azure platform.
Trustworthy foundation
BUILT ON MICROSOFT EXPERIENCE AND INNOVATION
20+ Data Centers
Trustworthy Computing
Initiative
Security Development
LifecycleGlobal Data Center
Services
Malware Protection
Center
Microsoft SecurityResponse Center
Windows Update
1st
Microsoft Data
CenterActive
DirectorySOC 1
CSA Cloud Controls Matrix
PCI DSS Level 1
FedRAMP/FISMAUK G-Cloud
Level 2
ISO/IEC 27001:2005
HIPAA/HITECH
Digital Crimes
Unit
SOC 2
E.U. Data Protection Directive
Operations Security
Assurance
Trustworthy foundation
BUILT ON MICROSOFT EXPERIENCE AND INNOVATION
Trustworthy Computing
Initiative
Security Development
LifecycleGlobal Data Center
Services
Malware Protection
Center
Microsoft SecurityResponse Center
Microsoft Update
ActiveDirectory
SOC 1
CSA Cloud Controls Matrix
PCI DSS Level 1
FedRAMP/FISMAUK G-Cloud
Level 2
ISO/IEC 27001:2005
HIPAA/HITECH
Digital Crimes
Unit
SOC 2
E.U. Data Protection Directive
Operations Security
Assurance
1st
Microsoft Data
Center
20+ Data Centers:
Operating Microsoft Azure in 8
data centers around the world
20+ Data Centers
20+ Data Centers
Trustworthy foundation
BUILT ON MICROSOFT EXPERIENCE AND INNOVATION
Trustworthy Computing
Initiative
Security Development
LifecycleGlobal Data Center
Services
Windows Update
1st
Microsoft Data
CenterActive
DirectorySOC 1
CSA Cloud Controls Matrix
PCI DSS Level 1
FedRAMP/FISMAUK G-Cloud
Level 2
ISO/IEC 27001:2005
HIPAA/HITECH
Digital Crimes
Unit
SOC 2
E.U. Data Protection Directive
Operations Security
Assurance
Malware Protection
Center
Microsoft SecurityResponse Center
Security Centers
of Excellence:
Protecting Microsoft
customers by combatting
evolving threats
20+ Data Centers
Trustworthy foundation
BUILT ON MICROSOFT EXPERIENCE AND INNOVATION
Trustworthy Computing
Initiative
Security Development
LifecycleGlobal Data Center
Services
Malware Protection
Center
Microsoft SecurityResponse Center
Windows Update
1st
Microsoft Data
CenterActive
DirectorySOC 1
CSA Cloud Controls Matrix
PCI DSS Level 1
FedRAMP/FISMAUK G-Cloud
Level 2
ISO/IEC 27001:2005
HIPAA/HITECH
SOC 2
E.U. Data Protection Directive
Operations Security
Assurance
Digital Crimes
Unit
Digital Crimes Unit:
Using legal and
technical expertise
to disrupt the way
cybercriminals operate
20+ Data Centers
Trustworthy foundation
BUILT ON MICROSOFT EXPERIENCE AND INNOVATION
Trustworthy Computing
Initiative
Security Development
LifecycleGlobal Data Center
Services
Malware Protection
Center
Microsoft SecurityResponse Center
Windows Update
1st
Microsoft Data
CenterActive
Directory
Digital Crimes
Unit
SOC 1
CSA Cloud Controls Matrix
PCI DSS Level 1
FedRAMP/FISMAUK G-Cloud
Level 2
ISO/IEC 27001:2005
HIPAA/HITECH
SOC 2
E.U. Data Protection Directive
Compliance Standards:
Investing heavily in robust
compliance processes, including
ISO 27001, FedRAMP, and
HIPAA
Operations Security
Assurance
Microsoft Azure
31
Automated
Managed
Resources
Elastic
Usage Based
UNIFIED PLATFORM FOR MODERN BUSINESS
ISO 27001:5
NIST 800-53
SOC 1 Type 2
SOC 2 Type 2
FedRAMP/FISMA
PCI DSS Level 1
UK G-Cloud
US-EU Safe
Harbor
Information
security
standards
Effective controls
Government & industry certifications
Simplified compliance
34
Security compliance strategy
Security
analytics
Risk management
best practices
Security
benchmark
analysis
Test
and
audit
Security
Compliance
Framework
• Security goals set in context of business and industry requirements
• Security analytics & best practices deployed to detect and respond to threats
• Benchmarked to a high bar of certifications and accreditations to ensure compliance
• Continual monitoring, test and audit
35
Program Description
ISO/IEC 27001 Internationally recognized information security standard, broadly accepted outside U.S.
PCI DSS Level 1 Information security standard designed to prevent fraud through controls around credit card data
UK G-Cloud IL2‘Protect' level of security for data processing, storage and transmission by UK public sector organization
including local and regional government
SSAE 16 / ISAE
3402
Accounting standard relied upon as the authoritative guidance for reporting on service organizations
(SOC 1, SOC 2, SOC 3)
FedRAMP/FISMAU.S. Federal law enacted in 2002, based on NIST 800 series, 18 control domains, with in-depth audit,
and applies to all U.S. Federal agencies
Certifications & programs
Contractual commitments
EU Data Privacy Approval
• Microsoft makes strong contractual commitments to safeguard customer data
covered by HIPAA BAA, Data Processing Agreement, & E.U. Model Clauses
• Enterprise cloud-service specific privacy protections benefit every industry &
region
• Microsoft meets high bar for protecting privacy of EU customer data
• EU Data Privacy approval allows Microsoft to transfer personal data across
international borders
• Only Microsoft is jointly approved from EU Article 29
Broad contractual scope
Security & Compliance Tools and Resources
Microsoft has taken on the responsibility to provide tools and information that will enable our customers to
deploy our cloud services with the highest confidence that they are safe and compliant. Dervish Tayyip, General
Counsel, Microsoft Corp https://blogs.microsoft.com/eupolicy/2016/11/10/microsoft-cloud-assurance-legal-
regulatory-compliance-for-cloud-computing/#pmD5xEGu7XcQCa15.99
Cloud Computing Compliance Tools Central Repo: Microsoft Trust Center
Cloud Service Due Diligence Checklist: In anticipation for your organization’s move to the cloud, please review ISO/IEC
19086-1 and the Cloud Services Due Diligence Checklist.
Auditing Logging tools
Built into the cloud from the ground up. Wasn’t an after thought
Auditing and logging Overview
Examples:
How to: Monitor Apps in Azure App Service
Storage Analytics Logging
Creating alerts in Azure Monitor for Azure services
Azure AD Privileged Identity Management
Security & Compliance Tools and Resources
Well-Defined System Configuration Models
Azure’s recent transition from Service Manager to Resource Manager model
Security and Data Encryption Services
Azure Key Vault: Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications
and services.
Client-Side Encryption and Azure Key Vault for Microsoft Azure Storage: Supports encrypting data within client
applications before uploading to Azure Storage, and decrypting data while downloading to the client. The library
also supports integration with Azure Key Vault for storage account key management
Tutorials: Encrypt and decrypt blobs in Microsoft Azure Storage using Azure Key Vault
Closing Comments
Azure is more secure than your data center
The bigger the IT spend, the more Azure makes sense
Conduct an accurate and thorough risk analysis that incorporates all
information technology equipment, applications and data systems
storing PII, PCI;
Create and maintain a risk management plan;
Implement policies and procedures and retain for six years;
Reasonably safeguard the electronic PII and PCI using prevailing
practices;
Encrypt computing devices and storage media;
Obtain satisfactory assurances in the form of a written business
associate agreement;
Monitor and maintain user provisioning, such as not removing user
access in a timely manner.
Top 12 Recommendations for Your Security Strategy
Constructive Feedback Is Appreciated
Great information,
but would like to
have learned more
about [Insert Topic]Brian – Your
presentation
was …
Good
Demos!
Thanks!
Thank you!
Brian Culver, MCM
Twitter:
@spbrianculver
E-mail:
brian.culver(at)expertpointsolutions.com
Blog:
http://blog.expertpointsolutions.com/
Slides:
http://www.slideshare.net/bculver
Alvin Vaughn, CISSP
E-mail:
Alvin.Vaughn(at)expertpointsolutions.com
top related