transforming government with the microsoft trusted...

TransformingGovernmentWithTheMicrosoftTrustedCloud

ChrisNiehausSr.Director,Trusted&NationalCloudMicrosoft

Cloudmomentumcontinuestoaccelerate

“By2020,acorporate‘no-cloud’policywillbeasrare asa

‘no-internet’policyistoday”1

“Thequestionisnolonger:‘HowdoImovetothecloud?’Instead,it’s‘NowthatI’minthecloud,howdoImakesureI’ve

optimized my investmentandriskexposure?” 2

“By2020cloudswillstopbeingreferredtoas‘public’and

‘private’.Itwillsimplybethe way business is done andIT

isprovisioned.” 3

1Gartner:SmarterwithGartner,WhyaNo-CloudPolicyWillBecomeExtinct,February2,20162KPMG:2014CloudSurveyReport,Elevatingbusinessinthecloud,December10,20143IDC:IDCMarketSpotlight,CloudDefinitionsandOpportunity,April2015

2

cloudcloud

Security&management

Security&management

Data&intelligence

Data&intelligence

ApplicationinnovationProductivity

Productivity

Businessapps

Businessapps

Applicationinnovation

Security&management

Data&intelligence

Productivity

Businessapps

Applicationinnovation

MicrosoftCloud

MicrosoftCloud

JourneytotheCloud

Office365 Dynamics365 Azure EnterpriseMobility+Security

OperationsMgmt.+Security

CortanaIntelligence

Global|Trusted|Hybrid

3

TRANSPARENCY

SECURITY

OURCOMMITMENTTOYOU

COMPLIANCE

PRIVACY&CONTROL

AVAILABILITY

4

1

2

34 5

Top 5 Customer Requirements Related to Trust

Compliance&dataresidencyakeyfactorincloudadoption

Compliancewasrankedthesecondinregardstoimportancetocloudtrust

3000customerswereaskedtoranktheirtop20requirementsrelatedtocloudtrust

1 2 3

Securityandprivacyarestatedmostimportantconsiderationswhilecompliancedrivesbehavior

5

Source:PennSchoenBerland,TrustedCommercialCloud(CloudBDM,ITDM,DevDM),May2016

Aproviderthatusesstrongsecuritymeasuresandstate-of-the-arttechnologyandprocessestosafeguardyourdatafrom…

Aproviderthathasindustrystandardsecurityprotocolstosafeguardyourdatafromhackersandunauthorizedaccess...

Aproviderthatfollowsclearprivacyprinciplesresponsibly,andpreventsanyoneoutsideofyourorganizationfromview…

Aproviderthathelpsensurethatyourorganizationiscompliantwithapplicablelaws,regulationsandkeyinternational…

Aproviderthatensuresproperdatagovernancewithbackgroundchecks,citizenshipchecks,anddataresidency…

1 2 3 4 5

Top 5 Most Important Needs from a Cloud Service Provider

Inadditiontosecurityandprivacy,complianceanddataresidencywereinthetopfivemost

importantneeds

639USGovernmentcustomerswereaskedtoranktheirtop20mostimportantneedsfroma

cloudservicesprovider

1 2 3

Security&compliancetopUSGovernmentcustomerneeds

6

Source:PennSchoenBerland,TrustedUSGovernmentCloud(CloudBDM,ITDM,DIBs),May2016

Microsoftcloudmodels

7

Inadditiontoourglobalandsovereignofferings,Microsoftpartnersoffermanycloudservicesthattheyhostandoperate,Microsoftproductscanbedeployedincustomersowndatacenters,andhybridcloudoptionsprovidecustomerswiththeultimateflexibility.

Global

Offeredacrossallmajorgeographicregions*

Hyper-scale,globallyconnectedcloudservices.Includesmultiplegeographiesaddressingspecificdataresidencyandcompliance

requirements

Sovereign

ExamplesInclude:USGovernment,Germany,andChina*

Hyper-scalecloudservices,isolatedfromglobalcloudservices.Deployedfromlocaldatacenterstomeetuniquerequirements

ofaspecificmarket.

*Fordataresidencydetails,seehttp://azuredatacentermap.azurewebsites.net/.MicrosoftCloudGermanydatatrusteeservicesprovidedbyT-systems.Chinadatacentersoperatedby21Vianet.

Microsoftinfrastructureinvestments36Cloudregionsworldwide

8

CentralUS

EastUS

NorthCentralUS

BrazilSouth

WestEurope

JapanEast

SouthIndia

SoutheastAsia

AustraliaSoutheast

AustraliaEast

CentralIndia

WestIndia

JapanWest

EastAsia

ChinaWest1

NorthEuropeGermanyNortheast2CanadaEast

CanadaCentral

SouthCentralUS

ChinaEast1

GermanyCentral2KoreaSouth3

EastUS2

KoreaCentral3

UnitedKingdomWest

UnitedKingdomSouth

WestCentralUSUSGov

USGov

USDoDEast3

USDoDWest3

France3

France3WestUS

WestUS2

100+datacentersOneof3largestnetworksintheworld1Chinadatacentersoperatedby21Vianet2GermandatatrusteeservicesprovidedbyT-systems3France,SouthKoreaandUSDoDdatacenterregionshavebeenannouncedbutarenotcurrentlyoperational

Sovereigndatacenters

Globaldatacenters

MicrosoftGlobalDatacenters&Infrastructure(video)

• Thisisahiddenslide.Thenextslideisanembeddedvideo.Innormalmodeitwillappearasjustablackslide.Wheninpresentationmode,thevideowillappearfullscreenin1080pHD.

• Forthisvideotobelinkedyoumusthaveclicked“enablecontent”ifyoureceivedasecuritywarningwheninitiallyopeningthispresentation.

• Youmayneedtowaitafewsecondsforthevideotoload.AsthevideoishostedonYouTube,YouTubemayseeadjusttheresolutionduetonetworklatency.Usuallythisresolvesitselfwithin15-20secondsasthevideoisabletocacheonyourlocalmachine.

• Werecommendyoutestthevideolinkonthesystemyouarepresentingonprioryouyourpresentation.

• ThedirectURLforthevideois:https://youtu.be/bqZrejosqWU

9

InvestmentstoaddressbusinessandregulatoryneedsCloudgeo-expansionhelpsaddresssomecommoncloud‘blockers’formanyindustriesandmarkets

Specificcompliancecertificationsunblockwhatwereonceonlyonpremisesapps/workloadsEx:FedRAMP HighCompliance

Localdatacentersallowcustomerdataatresttobekeptwithinageography,enablingcustomerstohelpmeetlocaldataresidencyrequirements

DataResidency

LocaldatacenterscanhelpreduceAzurelatencyfordevelopersandpartners,fuelinglocalinnovationPerformance

ForupdatedcomplianceinformationvisittheMicrosoftTrustCenter.Fordataresidencydetails,seehttp://azuredatacentermap.azurewebsites.net/.

11

Industry’slargestcomplianceportfolio

ArgentinaPDPA

CanadianPrivacyLaws

CDSA ChinaGB18030

ChinaMLPS ChinaTRUCS CRS CSACCM CSMark(Gold)

DIACAP DISA

ENISAIAF EUModelClauses

EU-U.S.PrivacyShield

FACT FDACFRTitle21Part11

FedRAMP FERPA FIPS140-2 FISC FISMA GxP

HIPAA/HITECH

IRAP(CCSL) IRS1075 ISO/IEC27001 ISO/IEC27017 ISO/IEC27018 ITAR JapanMyNumberAct

MARS-E MPAA MTCS

NIST800-171 NZCCFramework

Section508VPATs

SOC1 SOC2 SOC3 SpainENSPCI-DSS UKG-CloudSHAREDASSESSMENTS

Microsoftismeetingcustomerneedswiththeindustry'slargestcomplianceportfolio

12

CJISMicrosoftAzureGovernment,MicrosoftOffice365U.S.Government,andMicrosoftDynamicsCRMOnlineGovernmentadheretotheCJISSecurityPolicy,requiredtoaccesstheFBI'sCriminalJusticeInformationServices(CJIS)databasethroughthecloud.

DISABasedonFedRAMPauthorizations,theDefenseInformationSystemsAgencyCloudServiceSupporthasgrantedanImpactLevel4ProvisionalAuthorization(PA)foroneMicrosoftenterprisecloudservice,andanImpactLevel2PAforothers.

FDA CFR Title 21 Part 11MicrosofthelpscustomerscomplywithUSFoodandDrugAdministrationCodeofFederalRegulationsTitle21Part11,whichdetailssecurityrequirementsfortheelectronicrecordsofcompaniesthatsellfoodanddrugsintheUnitedStates

FedRAMPBasedonFedRAMPauthorizations,theDefenseInformationSystemsAgencyCloudServiceSupporthasgrantedanImpactLevel4ProvisionalAuthorization(PA)foroneMicrosoftenterprisecloudservice,andanImpactLevel2PAforothers.

FERPAMicrosoftenterprisecloudservicesalignwiththerequirementsoftheFamilyEducationalRightsandPrivacyAct,aUSfederallawthatprotectstheprivacyofstudents’educationrecords.

FIPS 140-2MicrosoftcertifiesthattheunderlyingcryptographicmodulesusedinMicrosoftproducts,includingMicrosoftenterprisecloudservices,complywiththeFederalInformationProcessingStandardPublication140-2,aUSgovernmentstandard.

HIPAAMicrosoftenterprisecloudservicesoffercustomersaHealthInsurancePortabilityandAccountabilityActBusinessAssociateAgreementthatstipulatesadherencetoHIPAA,whichregulatespatientProtectedHealthInformationintheUS.

IRS 1075MicrosoftAzureGovernmentandMicrosoftOffice365GovernmentcloudservicesprovideacontractualcommitmentthattheyhavetheappropriatecontrolsinplacetomeettherequirementsofUSInternalRevenueServicePublication1075.

ITARAzureGovernmentsupportscustomersbuildingITAR-capablesystemsonAzureGovernment.

Section 508 VPATMicrosoftcloudservicesofferVoluntaryProductAccessibilityTemplates,astandardizedformdocumentingwhetheraproductmeetstheaccessibilityrequirementsofSection508,anamendmenttotheRehabilitationActof1973.

CommitmenttogovernmentcompliancestandardsMorethanjustadheringtocompliancestandards,Microsofthasbeenactivelyengagedindesigningandtestingcompliancestandards,establishingitselfasanintegralpartofthegovernmentassuranceandsecurityecosystem.Microsoftmaintainsacontinuousand rigorouscomplianceroadmap

Note:Tolearnmoreaboutin-scopeservicesandadditionalrequirements,pleasevisitMicrosoftAzureTrustCentercompliancebyservice

13

17

3 6

0

MQ

lea

der

quad

rant

s

Competitor1 Competitor2 Competitor3

Themosttrustedcloudformission-criticalgovernmentworkloadsAfewexamplesofhowtheMicrosoftcloudisenablinggovernment

15

“BoththeCOPappandthecloud-basedbody-worncamerasenableustoengagewithpeopleinamoretransparentway.Theyarehelpingusbuildtrustwhilealsosupportingtheworkwedoinpreventingandsolvingcrime.”

JuanJPerezDirectorMiamiDadePoliceDepartment

16

“ForMemphisPoliceDepartmentwedeliveredthefastandscalableGetacVeretosEvidenceManagementSystemthatsupportsCJISsecuritypolicies.Inmanycases,datamovesseamlesslyfromtheofficerandthevehicledirectlytotheAzureGovernmentCloud.Thisstreamlined,securehostedmodeleliminatesmanyofthehiddencostsandprocessesassociatedwithrunninganinternalnetworkinfrastructure.”

ScottShainmanPresident– NorthAmericaGetac

17

“MicrosoftAzureiswellknownforitsindustry-leadingsecurityandreliabilityand,withit,wecanprovidethemostsecureandcompliantcloudcapabilitytoourcustomers.”

RickSmithFounderandCEOTASER

18

“Microsoft’s secureandtransparentcloudserviceintheUKfitsperfectlywiththeMoD’s digitaltransformationagenda,”.....“Thisagreement,whichis basedonMicrosoft’sworld-classreliabilityandperformance,willallowustodelivercost-effective,modernandflexibleinformationcapabilities.Itwillensurewearebetter-placedinourever-changing,digital-firstworld.”

MikeStoneChiefDigitalandInformationOfficerUKMinistryofDefence

19

“HavingtheoptiontostoredatalocallywillallowustotakeadvantageofnewopportunitiestoutilizetheMicrosoftUKAzurePlatform anditisreassuringtoknowthatourTrust’scoredata,thatwecreateandmanage,staysintheUK.Forus,theMicrosoft’sUKcloudregionmeansthatdemonstratingregulatoryandlegalcomplianceissimpler.ThebottomlineiswetrustMicrosoft.”

StephenDochertyCIOSouthLondonandMaudsleyNHSFoundationTrust

20

LosAngelesPoliceDepartment

“MicrosofthasexceededtheLAPD'sexpectationsinthisregardbytakingonthedifficultrequirementsoftheCJISregulatoryregimeandmeetingthemhead-on.”

Sanjoy Datta, Information Security Officer