Upload
farid-yandouz
View
216
Download
0
Embed Size (px)
Citation preview
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 1/31
Stéphane ConsalviServers & Tools Business Group Lead
Microsoft North Africa, East Med & Pakistan
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 2/31
Global Foundation Services
Security GlobalInfrastructure
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 3/31
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 4/31
Security Privacy Reliability
! Secureagainst attacks
! Protects confidentiality,integrity & availability of data& systems
! Manageable
! Protects from unwantedcommunication
! Controls for informationalprivacy
! Products, online servicesadhere to fair informationprinciples
! Dependable, Available
! Predictable,consistentresponsive service
! Maintainable
! Resilient, worksdespite changes
! Recoverable,easily restored
! Proven, ready
! CommIntero
! Finan
! OngoServi
! Strong
! Open
Pillars for Trust
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 5/31
How should an entevaluate cloud provid
it comes to securityand complianc
What industry audit asecurity certifications co
Microsoft Platform
If I run my service in your cloud, can I meet mycompliance needs
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 6/31
SecurFoun
Proven Track Record Scale
History of meeting
obligations associated
with the delivery of over
200 cloud services
Spreading cost of robust
security and compliance
across large number of
customers provides a
trusted cloud at lower cost
Years of
through ou
Comput
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 7/31
Portal Era Online App Era Web Services Era
1989 1994-95 1997 2002 2004 2006 2008
Cloud Com
2010
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 8/31
200+ CLOUD SERVICES
59 markets and 36 languages
76 markets and 48 languages
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 9/31
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 10/31
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 11/31
Aligned with ISO/IEC 18044 andNIST SP800-61
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 12/31
Why should I trust
Microsoft’s Cloud?
How should an entevaluate cloud provid
it comes to securitcompliance?
What industry audit asecurity certifications co
Microsoft Platform
If I run my service in your cloud, can I meet mycompliance needs?
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 13/31
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 14/31
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 15/31
threat and vulnerabilities to the environment
risk
risks across Microsoft cloud environment
risks based on impact assessment and a busin
remediation effectiveness and residual risk
risks on an ongoing basis
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 16/31
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 17/31
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 18/31
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 19/31
ISO 27001 √
SAS 70 Type II √
HIPAA/HITECH √
Various State, Federal, and International Privacy Laws(95/46/EC—aka EU Data Protection Directive;California SB1386; etc.)
√
PCI Data Security Standard √
FISMA Certification & Accreditation √
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 20/31
Why should I trust
Microsoft’s Cloud?
How should an entevaluate cloud provid
it comes to security,and complianc
What industry audit asecurity certifications co
Microsoft Platform
If I run my service in your cloud, can I meet mycompliance needs
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 21/31
• You are ultimately responsible for ensuring you meet
your compliance obligations
• Microsoft will share its certifications and audit reports
to help you design your compliance program
Responsibility:
Data Classification and Accountability Application Level Controls
Operating System Controls
Host Level Controls
Identity and Access Management
Network Controls
Physical Security
Cloud P
Cloud Customer
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 22/31
Why should I trust
Microsoft’s Cloud?
How should an entevaluate cloud provid
it comes to security,and complianc
What industry audit asecurity certifications co
Windows Azure Platfo
If I run my service in your cloud, can I meet mycompliance needs?
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 23/31
ü Know the value of your data and processes and thesecurity and compliance obligations you need to meet
ü Consider the ability of vendors to accommodatechanging security and compliance requirements
ü Ensure a clear understanding of security andcompliance roles and responsibilities for delivered
services
ü Ensure data and services can be brought backif necessary
Consult guidance from organizations such as the Cloud Security Alliance
ü Require that the provider has attained third-partycertifications and audits, e.g. ISO/IEC 27001:2005
ü Require transparency in security poli
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 24/31
Itron, Inc
SDL
NIST
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 25/31
MidAmerican Energy
350 days after implementing the Microso
no security vulnerabilitiesproductivity gain of up to 20%
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 26/31
BITS Software Assurance Framework
guidelines financial serviceskey elements f
Microsoft’s SDLeducation, integration of security in design using standards an
modeling, best practices for coding, focused and comprehensivefollowed with important implementation and response practices.
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 27/31
www.globalfoundationservices.com
http://blogs.technet.com/msdatacenters
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 28/31
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 29/31
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 30/31
7/30/2019 Avoir Confiance en Les Services Cloud Microsoft - Comment s'y Prendre - Stephane Consalvi - iCompetences RSI2012
http://slidepdf.com/reader/full/avoir-confiance-en-les-services-cloud-microsoft-comment-sy-prendre- 31/31