cloudy weather: how secure is the cloud? dan stolts @itproguru technology evangelist microsoft...
TRANSCRIPT
Dan Stolts, MCT, MCSA, MCITP, MCSE…Microsoft – Technology Evangelist
http://[email protected]@itproguruCT, MA, ME, NH, VT, NY (upstate)http://blogs.technet.com/DanStolts
VirtualizationCloudSystem CenterManagementInfrastructureSecurity
Cloudy Weather: How Secure Is the Cloud?
More Jobs Owner - Bay State Integrated Technology, Inc. (www.BayStateTechnology.com)President - Boston User Groups (www.BostonUserGroups.org)Leader – Cub Scouts Pack 14, Lakeville, MA {LakevillePack14.com)Founder/Chairman - Virtualization Group Boston (www.VirtG.com)
@ITProGuru
f
inB
Cloudy Weather: How Secure Is the Cloud?
Dan Stolts, MCT, MCSA, MCITP, …CT, MA, ME, NH, VT, NY (upstate)IT Pro Technical EvangelistMicrosoft Corporation
@ITProGuru DanStolts
ITProGuru.com DanStolts
Calendar:
http://NEITPro.com
Lab Guides: http://ITProGuru.com/HOL
Free Evaluation http://aka.ms/iaas= Free Servers in the Cloud
Download 4 & Win
“Call-To-ACTION!” Challenge Win Xbox or Surface
Special Drawing for people that complete either event challenge will be registered to win a prize!
xBox Console OR Surface RT deviceOne entry per LiveID / per challenge. Limit one prize per event
Screenshot must be received by 3pm Tuesday May 21st. Winner will be contacted via email for their prize choice and shipping address. Do it today or put on your calendar. Don’t delay and miss out. Odds of winning are great!!!!
2) http://aka.ms/GetWin2012ISO
3) http://aka.ms/HyperV20121) http://aka.ms/SC2012Eval
Build 1 & Win
Start download of all of the above (System Center First) Pause Download and send a screenshot of download manager to [email protected] (subject: Call To Action B-Sides) NOTE: Please do not FINISH download at event, do it at home if you want!Are you social? Tweet @ITProGuru the message:Tweet : @ITProGuru I am ready for Windows Server 2012 http://aka.ms/GetWin2012; Call-To-Action http://aka.ms/cta Step 1 Success.
Activate a Free Azure Trial http://aka.ms/iaas Create your first Free Cloud Virtual Machine
Send a screenshot of Azure with VM created to [email protected] (subject: Call To Action) Are you social? tweet @ITProGuru the message:
Tweet: @ITProGuru I am ready for Windows Azure http://aka.ms/IaaS Call-To-Action http://aka.ms/cta Step 2 Success! NOTE: Requires Credit Card but you will NOT be billed if you
do not manually change your account to a Pay Account
Details: ITProGuru.com/ChallengeOR
4) http://aka.ms/GetWin2012VHDISO VHD
OR B-Sides Boston
f
inB
Windows Server 2012 “Early Experts” http://EarlyExperts.net
Dan Stolts, MCT, MCSA, MCITP, …CT, MA, ME, NH, VT, NY (upstate)IT Pro Technical EvangelistMicrosoft Corporation
@ITProGuru DanStolts
ITProGuru.com DanStolts
CloudVirtualizationSystem CenterManagementInfrastructure
Free Training: Get Certified on Windows Server 2012
Agenda
T ‹}h_¢±ìpÌŠ=a•óDw XµÒË&�´ç½a<ô‚;Yˈ™ÿÌZц2±ØøEÍÏrT–.ñ¼ˆý™¿‹X÷!�ð±,eH4dPy;–›¢±ìpÌŠ=a•óDw T ‹}h_ XµÒË&�´ç½a<ô‚;Yˈ™ÿÌZц2±ØøEÍÏrT–.ñ¼ˆý™¿‹X÷!�ð±,eH4dPy;–›‹&´ç½ T ‹}h_¢±ìpÌŠ=a•óDw XµÒà �a<ô‚;Yˈ™ÿÌZц2±ØøEÍÏrT–.ñ¼ˆý™¿‹X÷!�ð±,eH4dPy;–›CLASSIFIED
Questions
Does Windows Azure provide the rock-solid security required for the most sensitive data and applications?How do you ensure privacy of sensitive information?How do you secure access to applications?What if you have strict compliance requirements?
confidentiality
Cintegrity
Iavailability
Arisk management
compliance
moving to the cloudCustomer Accountability
Multi-tenancyDifferent ResponsibilitiesTrust
Multiple Sources
LAW INDUSTRY STANDARDS INTERNAL
ISO
Trust
Windows Azure Compliance (core services)
NOW
Caveat
LATER
ISO/IEC 27001:2005SSAE 16 (SOC 1 Type 2)EU-US Safe HarbourEU Model Clauses
HIPAA BAA – App matters (contract addendum)Scope: Only the following Windows Azure features are covered by the current HIPAA BAA: Virtual Machines, Cloud Services, Storage (Tables, Blobs, Queues, Drives), and Networking.
FISMA / FedRAMP…
Windows Azure Trust Center
PrivacyTransparentComplianceRelentless
http://www.windowsazure.com/en-us/support/trust-center/
Office 365 Compliance
NOW
ISO/IEC 27001:2005EU-US Safe HarbourEU Model ClausesHIPAA BAADPA
Office 365 Trust Center
PrivacyTransparentComplianceRelentless
http://www.microsoft.com/en-us/office365/trust-center.aspx
physical
Defense In Depth
network host
application
data user
Defense In Depth
Carrier Class Datacenters24 x 7 MonitoringBiometric Access Controls
physical
Defense In Depth
Automatic ConfigurationVPN SeparationFirewall & Packet Filters
network
Defense In Depth
Hyper-V IsolationSecure CommunicationsReduced OS footprint*
host
Defense In Depth
Trust LevelAutomatic ConfigurationAV Protection
application
Defense In Depth
SQL Server controlsStorage keysTrust Services
data
don’t put keys and data in the same place
Trust Services – define policy
Publisher
Name SSN
Smith, John123-45-
6789
Trust Server
SQL Azure
Name SSN
Smith, John 123-45-6789TrustServices
SDK
pub
Administrator
admin
Subscriber
Name SSN
Smith, John123-45-
6789
sub
TrustServices
SDK
Data Policy Authz List Cert Key
SSN pub, sub Pubsub
Pubpub
Encrypt data
Publisher
Name SSN
Smith, John123-45-
6789
Trust Server
SQL Azure
Name SSN
Smith, John 123-45-6789TrustServices
SDK
pubSubscriber
Name SSN
Smith, John123-45-
6789
sub
TrustServices
SDK
Data Policy Authz List Cert Key
SSN pub, sub Pubsub
PubpubK
KGuid
SSN E
Pubsub
WK
KGuid
Decrypt data
Publisher
Name SSN
Smith, John123-45-
6789
Trust Server
SQL Azure
Name SSN
Smith, John 123-45-6789TrustServices
SDK
pubSubscriber
Name SSN
Smith, John123-45-
6789
sub
TrustServices
SDK
Data Policy Authz List Cert Key
SSN pub, sub Pubsub
Pubpub
K
KGuid
SSN
E
Privsub
WK
KGuid
Defense In Depth
Access ControlFederationUser Education
user
physical
Defense In Depth
network host
application
data user
Summary
Windows Azure gives a Rock Solid Foundation
Responsibilities have changed
Managing Risk
Review the Windows Azure Trust Centerhttps://www.windowsazure.com/en-us/support/trust-center/
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.