Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012

7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012

http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 1/31

Stéphane ConsalviServers & Tools Business Group Lead

Microsoft North Africa, East Med & Pakistan



Global Foundation Services

Security GlobalInfrastructure





Security Privacy Reliability

! Secureagainst attacks

! Protects confidentiality,integrity & availability of data& systems

! Manageable

! Protects from unwantedcommunication

! Controls for informationalprivacy

! Products, online servicesadhere to fair informationprinciples

! Dependable, Available

! Predictable,consistentresponsive service

! Maintainable

! Resilient, worksdespite changes

! Recoverable,easily restored

! Proven, ready

! CommIntero

! Finan

! OngoServi

! Strong

! Open

Pillars for Trust



How should an entevaluate cloud provid

it comes to securityand complianc

What industry audit asecurity certifications co

Microsoft Platform

If I run my service in your cloud, can I meet mycompliance needs



SecurFoun

Proven Track Record Scale

History of meeting

obligations associated

with the delivery of over

200 cloud services

Spreading cost of robust

security and compliance

across large number of

customers provides a

trusted cloud at lower cost

Years of

through ou

Comput



Portal Era Online App Era Web Services Era

1989 1994-95 1997 2002 2004 2006 2008

Cloud Com

2010



200+ CLOUD SERVICES

59 markets and 36 languages

76 markets and 48 languages







Aligned with ISO/IEC 18044 andNIST SP800-61



Why should I trust

Microsoft’s Cloud?


it comes to securitcompliance?


Microsoft Platform

If I run my service in your cloud, can I meet mycompliance needs?







threat and vulnerabilities to the environment

risk

risks across Microsoft cloud environment

risks based on impact assessment and a busin

remediation effectiveness and residual risk

risks on an ongoing basis









ISO 27001 √

SAS 70 Type II √

HIPAA/HITECH √

Various State, Federal, and International Privacy Laws(95/46/EC—aka EU Data Protection Directive;California SB1386; etc.)

√

PCI Data Security Standard √

FISMA Certification & Accreditation √



Why should I trust



it comes to security,and complianc


Microsoft Platform

If I run my service in your cloud, can I meet mycompliance needs



• You are ultimately responsible for ensuring you meet

your compliance obligations

• Microsoft will share its certifications and audit reports

to help you design your compliance program

Responsibility:

Data Classification and Accountability Application Level Controls

Operating System Controls

Host Level Controls

Identity and Access Management

Network Controls

Physical Security

Cloud P

Cloud Customer



Why should I trust



it comes to security,and complianc


Windows Azure Platfo

If I run my service in your cloud, can I meet mycompliance needs?



ü Know the value of your data and processes and thesecurity and compliance obligations you need to meet

ü Consider the ability of vendors to accommodatechanging security and compliance requirements

ü Ensure a clear understanding of security andcompliance roles and responsibilities for delivered

services

ü Ensure data and services can be brought backif necessary

Consult guidance from organizations such as the Cloud Security Alliance

ü Require that the provider has attained third-partycertifications and audits, e.g. ISO/IEC 27001:2005

ü Require transparency in security poli



Itron, Inc

SDL

NIST



MidAmerican Energy

350 days after implementing the Microso

no security vulnerabilitiesproductivity gain of up to 20%



BITS Software Assurance Framework

guidelines financial serviceskey elements f

Microsoft’s SDLeducation, integration of security in design using standards an

modeling, best practices for coding, focused and comprehensivefollowed with important implementation and response practices.



www.globalfoundationservices.com

http://blogs.technet.com/msdatacenters









Documents

Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012