www.expertpointsolutions.com

A Deep Dive into Azure Security: Is Azure really secure?

Brian Culver & Alvin Vaughn ● #HSPUG ●March 15, 2017

About Brian Culver

SharePoint Solutions Architect for Expert Point Solutions in

Houston, Texas.

Microsoft Certified Master (MCM) in SharePoint

Brian has worked in the Information Technology industry for

since 1998 and he has been working with SharePoint since

2005. His deep expertise includes Azure, Office365,

SharePoint, ASP.Net, SQL Server and Project Server. He

has been involved in many large SharePoint

implementations including Internet and Intranet sites, Partner

Portals, Enterprise Content Management and Governance,

and much custom application integration and development.

Author, Speaker and Blogger

Email : brian.culver(at)expertpointsolutions.com

Twitter : @spbrianculver

LinkedIn : https://www.linkedin.com/in/bculver

Blog : http://blog.expertpointsolutions.com

About Alvin Vaughn

Cloud Solutions Architect for Expert Point Solutions in Houston,

Texas.

CISSP, CCENT, MCITP Enterprise Server.

Alvin has worked in Information Technology industry since 2005,

where he begin initially has a system admin and progressing to

server administrator while in college. Alvin became a

commissioned officer into the military after college where

assigned as the lead IT project manager during the successful

implementation the DoD’s Field Health IT system in Iraq and later

in Afghanistan. Alvin has served as a technical consultant

traveling around the world to provide expertise in enterprise

Window’s server administration, open source interoperability, data

analytics and has certified in Linux Administration and Oracle

SQL. Alvin has led many multi-regional and global IT projects

leveraging enterprise platforms such as SharePoint, Oracle DB,

Windows RDS while leveraging cloud IaaS such as Azure to

securely deliver resources, business intelligence, and other

services to clients and their customers.

Email : alvin.vaughn(at)expertpointsolutions.com

Session Agenda

Cloud Growth

Digital Security Threat Today

Security Roadmap

“The Trusted Cloud”

Security & Compliance Tools and Resources

Other considerations

Cloud Growth

“Companies continued their adoption of cloud computing services at a rapid clip in 2016, with overall growth

expected to rise 25% year over year for that period, according to new numbers from Synergy Research Group. The

forecaster estimated aggregate annual revenue from all those cloud segments at nearly $150 billion. Synergy lumps two

key cloud categories, known by techies as infrastructure as a service and platform as a service, into one big

bucket, which together showed the most dramatic growth rate of 53%. Infrastructure as a service (aka

IaaS) is typically exemplified by offerings from Amazon Web Services (AWS),Microsoft and Google (GOOGL, +0.37%).”

“Torrid Cloud Growth Continues”, Barb Darrow, Jan 04, 2017, http://fortune.com/2017/01/04/robust-cloud-growth/

Operator and vendor revenue for six segments of cloud computing reached $148 billion during that

period, with spending on private clouds accounting for over half the total but spending on the public cloud growing much

more rapidly.

“Cloud computing revenues jumped 25% in 2016, with strong growth ahead, researcher says”, Dan Richman, January 4, 2017,

http://www.geekwire.com/2017/cloud-computing-revenues-jumped-25-2016-strong-growth-ahead-researcher-says/

Azure Cloud Growth

Microsoft’s cloud infrastructure by the numbers

1989: The year Microsoft opened its first datacenter on its Redmond, Washington campus.

90-plus: The number of marketplaces that our cloud services are available in today.

200-plus: The number of online services delivered by Microsoft’s datacenters 24x7x365.

$15 billion-plus: Microsoft’s investment in building our huge cloud infrastructure.

1 million-plus: The number of servers hosted in our datacenters.

100-plus: The number of datacenters Microsoft has in its global cloud infrastructure portfolio.

30 trillion-plus: The number of data objects we store in our datacenters.

1.5 million-plus: The average number of requests our networks process per second.

3: The number of times Microsoft’s fiber optic network, one of North America’s largest, could stretch to the moon and

back.

1.125: Microsoft’s average PUE for its new datacenters. Power usage effectiveness (PUE) is a metric of datacenter

energy efficiency and is the ratio of the power and cooling overhead required to support our server load. The industry

average is 1.8.

http://download.microsoft.com/download/8/2/9/8297F7C7-AE81-4E99-B1DB-

D65A01F7A8EF/Microsoft_Cloud_Infrastructure_Datacenter_and_Network_Fact_Sheet.pdf

Azure Cloud Growth

Microsoft’s cloud infrastructure by the numbers (Continued)

2.3 billion kWh: The amount of green power purchased by Microsoft as part of our carbon-neutral goal - ranking as the

third most purchased by any U.S. company, according to the U.S. Environmental Protection Agency.

16: The number of carbon offset projects Microsoft has invested in, including projects in Brazil, Cambodia, China,

Guatemala, India, Kenya, Mongolia, Peru, Turkey and the United States. (including Keechi Wind Power investment

announced November 4, 2013)

100 percent: The percentage of our servers and electronic equipment that we send to a third-party vendor for recycling

and/or reselling after it has been securely decommissioned.

2007: The year Microsoft began sharing its best practices for cloud infrastructure with the industry. Download our latest

Top Ten Best Business Practices for Environmentally Sustainable Datacenters white paper.

http://download.microsoft.com/download/8/2/9/8297F7C7-AE81-4E99-B1DB-

D65A01F7A8EF/Microsoft_Cloud_Infrastructure_Datacenter_and_Network_Fact_Sheet.pdf

Azure Cloud Growth

“[Microsoft] last week said its Azure revenue grew 93% year over year as it reported results for the quarter ended Dec.

31, 2016. The annualized revenue run rate for Microsoft's commercial cloud business, a segment that includes Azure, now

surpasses $14 billion, according to the company.”

“Azure partners benefit from Microsoft cloud growth”, John Moore and Spencer Smith, Jan 27, 2017,

http://searchitchannel.techtarget.com/news/450411909/Azure-partners-benefit-from-Microsoft-cloud-growth

Read Microsoft’s marketing about the cloud carefully

Microsoft purposely skews cloud statistics to drive adoption. Move when it is the right

time for your organization.

Microsoft enterprise

customers has Office 365

– Microsoft

There’s a rush at every major tech vendor to sign up customers for their own cloud offerings before their competitors nab them. They are trying to nab their share of a market that will grow —

conservatively — from $56.6 billion in 2014 to more than $127 billion in 2018, according to market research.

– ICD

1 in 480%of the Fortune 500 are

on the Microsoft

Cloud

– Microsoft

By 2018, Microsoft expects commercial

cloud revenues to exceed

Microsoft’s cloud-first, mobile-first strategy is paying off

and is now on an annualized revenue run rate of

$14 billion

$20Bdriven by Office 365, Azure, and Dynamic CRM Online

Commercial cloud growth of 80%

Azure cloud growth of 93%

Cloud customer base has doubled over the

past 12 monthsSource: Taft, Darryl K. “Microsoft Continues

to See Impact of Transition to Cloud.” eWeek.

Source: Todd, Deborah M. “Cloud business

boosts Microsoft’s quarterly revenue, shares

rise.” Reuters.

There are benefits to the cloud; examine common criteria when evaluating a move

• Once a year you will

have the ability to true up

or true down your

licenses. Historically,

only an annual true-up

was possible, adding to

cumulative SA costs.

• Corporations can lose

millions or hundreds of

millions of dollars in the

event of downtime.

• Microsoft has a 99.9%

uptime guarantee.

True Up or Down

99.9% Uptime

• Microsoft has increased

the number of devices

that can be used with

O365 licenses enabling

shared devices.

15 Devices

• Historically, licensing has

been device based, as

BYOD and multiple

devices weren’t

prominent.

• User licensing allows for

multiple devices and is

approximately 30% more

expensive than licensing

one device.

User-Based Licensing

• Microsoft has invested

hundreds of millions of

dollars into security for its

cloud. It knows that with a

single breach, many

organizations will be

searching for an

alternative.

Excellent Cloud Security

• If you want to reduce time

spent on providing

patches and updates,

Microsoft wants to

automate tasks leaving

you more time to work on

other areas of your

business.

Automatic Updates

• Microsoft is continuously

increasing integration and

collaboration capabilities

within its products.

Exchange, SharePoint,

Skype, and Office have all

seen changes in recent

years.

Enabled Collaboration

• Instead of having to

replace hardware every 3-

4 years, moving to

Microsoft’s cloud can

move you out of the

hardware management

space and help you focus

on performance.

Reduce Infra Costs

Fifty-six percent of enterprises consider cloud to be a strategic

differentiator, and approximately fifty-eight percent of enterprises spend

more than 10 percent of their annual budgets on cloud services. – ICD

Organizations are delaying a move to the cloud for the following reasons

• Certain organizations

have bylaws in place

because of proprietary

information or government

limitations on where data

can reside.

• Bandwidth and network

connectivity in remote

locations are large

concerns for

organizations who rely on

the Microsoft productivity

suite as their primary

communication tools.

Data Sovereignty

Performance

• The cost of moving to a

subscription-based model

is undoubtedly higher,

and in the long run when

your data is in the cloud,

software vendors know

switching to another

vendor will be difficult.

Cost

• While having updates

completed automatically

by Microsoft,

organizations with

aforementioned legacy

systems could face

unexpected issues.

Adaptability to Change

• Organizations that have

legacy systems or

integrations with current

software know that a

move to cloud will be

possible when similar

functionality is possible in

the cloud.

Legacy Systems

• If on-premise licenses or

storage were recently

purchased, moving to the

cloud would decrease the

planned usage life.

Historical Purchases

…the single biggest obstacle to cloud

adoption in general continues to be the fear of security breaches, closely

followed by issues with data sovereignty.

– Capgemini Consulting

Many organizations maintain hybrid environments when moving to the cloud. Microsoft has granted users who

are licensed with Office 365 Enterprise User Subscription Licenses (USLs) equivalent rights to on-premise

workloads. On-premise server licenses still need to be purchased. Small/mid-sized business and kiosk Office

365 plans do not contain the same rights.

Digital Security Threat Today

Security remains a concern

News of security breaches continues to dominate headlines, and the scale and scope of intrusions are growing. In 2014

alone, data breaches were up by 49% over the previous year, and cyber criminals compromised more than a billion data

records in more than 1500 breaches. In a 2014 report for the World Economic Forum, McKinsey & Company estimated

the risk of cyberattacks“ could materially slow the pace of technology and business innovation with as much as $3 trillion

in aggregate impact.” In any security attack, target organizations are only as safe as their weakest link; ifany component is

not secured then the entire system is at risk. While acknowledging that the cloud can provide increased data security and

administrative control, IT leaders are still concerned that migrating to the cloud will leave them more vulnerable to hackers

than their current in-house Solutions

http://download.microsoft.com/download/5/C/7/5C770A50-4FE4-4052-98E1-

562EBFE4F35A/Trusted_Cloud_White_paper_EN_US.pdf

Digital Security Threat Today

Russian Spies, Two Others,

Indicted in Yahoo Hack

Internet-Connected Sex Toy Maker

Settles Privacy Lawsuit

7 Facts: 'Vault 7' CIA Hacking Tool

Dump by WikiLeaks

Breach Tally: Hacking Incidents Still on the

Rise

Yahoo CEO Loses Bonus

Over Security Lapses

SHA-1 Has Fallen

Mobile Devices: What Could Go Wrong?

Yahoo Takes $350 Million Hit

in Verizon Deal

Digital Security Threat Today

The top reported breaches by state are:

California with 39 breaches

Florida with 28 breaches

Texas with 23 breaches

New York with 15 breaches

Illinois, Indiana and Washington with 12 breaches

Ohio and Pennsylvania with 11 breaches

Michigan with 10 breaches

Arizona and Arkansas with 9 breaches

Georgia and Minnesota with 8 breaches and

Colorado and Missouri with 7 breaches.

The report lists the worst data breaches per record

compromised as:

Arizona with 4,524,278 records

New York with 3,588,554 records

Florida with 2,872,912 records

California with 1,436,701 records and

Georgia with 782,956 records.

Report Lists Health Care Data Breaches by State

Digital Security Threat Today

Ransonware

Digital Security Threat Today

Nearly 50 percent of organizations have been hit

with ransomware

56,000 ransomware infections in March 2016,

alone

$209 million was paid to ransomware criminals in

Q1 2016

The average ransom demand is now $679

Email is the #1 delivery vehicle for ransomware

600% growth in new ransomware families since

December 2015

4x jump in Android ransomware

230 percent jump in JavaScript ransomware

payloads

https://blog.barkly.com/ransomwar

e-statistics-2016http://www.symantec.com/content/en/us/enterprise/media/securi

ty_response/whitepapers/ISTR2016_Ransomware_and_Busine

Digital Security Threat Today

As of March 9, 50 major breaches impacting 424,286 individuals have been added to the Department of Health and

Human Services' Office for Civil Rights' "wall of shame" website of major breaches affecting 500 or more individuals.

Of those 2017 incidents, 20 are listed as unauthorized access/disclosure breaches; 14 are hacking incidents; and 14 are

breaches involving loss/theft of protected health information. Of the incidents involving loss or theft, eight involved

paper/film records, and six involved unencrypted desktop or laptop computers, or other portable devices.

As of March 9, more than 171.66 million individuals in total have been impacted by the 1,852 major breaches that have

been reported to HHS since September 2009.

In total so far in 2017, 14 hacking incidents affected nearly 262,000 individuals, or about 60 percent of all individuals

impacted by major HIPAA breaches.

The six breaches so far posted in 2017 involving lost or stolen unencrypted computing devices impacted a total of about

15,000 individuals.

http://www.databreachtoday.com/breach-tally-hacking-incidents-still-on-rise-a-9762

Digital Security Threat Today

Cybercrime is getting worse, far worse.

Three and a Half Crimeware Trends to Watch in 2017

New malware configurations and trends seen in 2016;

Trends from the mobile malware arena;

A look into the most prominent threats expected in 2017.

http://www.databreachtoday.com/webinars/three-half-crimeware-trends-to-watch-in-2017-w-1178?rf=promotional_webinar

Azure Security Roadmap

Microsoft is Transparent about security

Constantly Adapting and Making Changes as Trends Arise

Cloud Platform roadmap

https://www.microsoft.com/en-us/cloud-platform/roadmap-public-preview

White papers

Securing the Microsoft Cloud white paper

Azure Security, Privacy, and Compliance white paper

Security Management in Microsoft Azure white paper

Cloud Operations Excellence and Reliability strategy paper

Leveraging Stored Energy for Handling Power Emergencies white paper

Resilience by Design for Cloud Services white paper

Information Security Management white paper

Security Roadmap

Microsoft Cyber Defense Operations Center (CDOC) is a 24x7x365 state-of-the-art cybersecurity and defense

facility. The CDOC is part of the company’s initiative to continuously advance its efforts on cybersecurity, risk

management, and data protection. The CDOC is the physical hub for the company’s real-time security-focused experts,

leveraging technology and analytics that protect, detect, and respond to threats to Microsoft’s cloud infrastructure and

customer-facing resources and the services hosted within them, our products, devices, and the company’s internal

resources. The teams that come together in the CDOC manage intelligence collection and correlation from our global

threat landscape, real-time analysis and incident response, and provide ground zero security crisis management when

needed.

Security Development Lifecycle (SDL) f

“The Trusted Cloud”

Most comprehensive compliance coverage of any cloud provider

More certifications than any other cloud provider

Industry leader for customer advocacy and privacy protection

Unique data residency guarantees

https://azure.microsoft.com/en-us/support/trust-center/

Commitment to compliance: “There are more compliance certifications with Azure than any other vendor out

there”

Scott Guthrie, Exec VP Cloud + Enterprise Group, Microsoft Corp, AZGroups Conference 2017 (March 2017)

https://youtu.be/_uW0N1Re_wk

Whether you are targeting government scenerios, healthcare, ecommerce, or a unique regulations in Australia, Ireland, or the UK its

services can be depended on and you can take advantage of them

ISO/IEC, CSA/CCM, ITAR, CJIS, HIPAA, IRS 1075

Microsoft understands that for you—our enterprise customer—to realize the benefits of the cloud, you must be willing to entrust your cloud provider with one of your most

Microsoft has invested hundreds of millions of dollars into

security, and has the most certifications of any cloud provider

Microsoft’s servers are the second most attacked datacenter in the world

with 30,000–40,000 threats per day. It has the experience and a proven track

record in keeping data safe, knowing it only takes one hacker to get through

for trust to be lost. Microsoft has the following certifications:

“The Trusted Cloud”

Whose using Azure in 2017

90% of the fortune 500 Use Microsoft Cloud:

BMW 2016

Concept to Production in less than a year to develop Azure connected vehicle dashboard sold in every vehicle today

Mobile companion app that allows you see stats of car and unlock the vehicle which is all running through Azure backend

Ford, Toyota, and others have integrated vehicles into Azure

AccuWeather (6 billion API weather calls per day from apps all over the weather)

GEICO, in very heavily regulated industry, has moved all of its customer facing and business processing systems to the cloud.

Walmart has Ecommerce and mobile based solutions are in the Azure cloud

Infrastructure

38 Regions and growing as of March 13 2017. Open a new region about every other month.

Datacenters implement multi-layer physical security

“The Trusted Cloud”

Security: We keep your customer data safe (https://azure.microsoft.com/en-us/support/trust-center/)

Managing and controlling identity and user access to your environments, data, and applications by federating user identities to

Azure Active Directory and enabling multi-factor authentication for more secure sign-in.

Encrypting communications and operation processes. For data in transit, Azure uses industry-standard transport protocols

between user devices and Microsoft datacenters, and within datacenters themselves. For data at rest, Azure offers a wide range of

encryption capabilities up to AES-256, giving you the flexibility to choose the solution that best meets your needs.

Securing networks. Azure provides the infrastructure necessary to securely connect virtual machines to one another and to connect

on-premises datacenters with Azure VMs. Azure blocks unauthorized traffic to and within Microsoft datacenters, using a variety of

technologies. Azure Virtual Network extends your on-premises network to the cloud through site-to-site VPN.

Managing threats. To protect against online threats, Azure offers Microsoft Antimalware for cloud services and virtual machines.

Microsoft also employs intrusion detection, denial-of-service (DDoS) attack prevention, regular penetration testing, and data analytics

and machine learning tools to help mitigate threats to the Azure platform.

Trustworthy foundation

BUILT ON MICROSOFT EXPERIENCE AND INNOVATION

20+ Data Centers

Trustworthy Computing

Initiative

Security Development

LifecycleGlobal Data Center

Services

Malware Protection

Center

Microsoft SecurityResponse Center

Windows Update

1st

Microsoft Data

CenterActive

DirectorySOC 1

CSA Cloud Controls Matrix

PCI DSS Level 1

FedRAMP/FISMAUK G-Cloud

Level 2

ISO/IEC 27001:2005

HIPAA/HITECH

Digital Crimes

Unit

SOC 2

E.U. Data Protection Directive

Operations Security

Assurance

Trustworthy foundation

BUILT ON MICROSOFT EXPERIENCE AND INNOVATION

Trustworthy Computing

Initiative

Security Development

LifecycleGlobal Data Center

Services

Malware Protection

Center

Microsoft SecurityResponse Center

Microsoft Update

ActiveDirectory

SOC 1

CSA Cloud Controls Matrix

PCI DSS Level 1

FedRAMP/FISMAUK G-Cloud

Level 2

ISO/IEC 27001:2005

HIPAA/HITECH

Digital Crimes

Unit

SOC 2

E.U. Data Protection Directive

Operations Security

Assurance

1st

Microsoft Data

Center

20+ Data Centers:

Operating Microsoft Azure in 8

data centers around the world

20+ Data Centers

Microsoft Azure

27

UNIFIED PLATFORM FOR MODERN BUSINESS

20+ Data Centers

Trustworthy foundation

BUILT ON MICROSOFT EXPERIENCE AND INNOVATION

Trustworthy Computing

Initiative

Security Development

LifecycleGlobal Data Center

Services

Windows Update

1st

Microsoft Data

CenterActive

DirectorySOC 1

CSA Cloud Controls Matrix

PCI DSS Level 1

FedRAMP/FISMAUK G-Cloud

Level 2

ISO/IEC 27001:2005

HIPAA/HITECH

Digital Crimes

Unit

SOC 2

E.U. Data Protection Directive

Operations Security

Assurance

Malware Protection

Center

Microsoft SecurityResponse Center

Security Centers

of Excellence:

Protecting Microsoft

customers by combatting

evolving threats

20+ Data Centers

Trustworthy foundation

BUILT ON MICROSOFT EXPERIENCE AND INNOVATION

Trustworthy Computing

Initiative

Security Development

LifecycleGlobal Data Center

Services

Malware Protection

Center

Microsoft SecurityResponse Center

Windows Update

1st

Microsoft Data

CenterActive

DirectorySOC 1

CSA Cloud Controls Matrix

PCI DSS Level 1

FedRAMP/FISMAUK G-Cloud

Level 2

ISO/IEC 27001:2005

HIPAA/HITECH

SOC 2

E.U. Data Protection Directive

Operations Security

Assurance

Digital Crimes

Unit

Digital Crimes Unit:

Using legal and

technical expertise

to disrupt the way

cybercriminals operate

20+ Data Centers

Trustworthy foundation

BUILT ON MICROSOFT EXPERIENCE AND INNOVATION

Trustworthy Computing

Initiative

Security Development

LifecycleGlobal Data Center

Services

Malware Protection

Center

Microsoft SecurityResponse Center

Windows Update

1st

Microsoft Data

CenterActive

Directory

Digital Crimes

Unit

SOC 1

CSA Cloud Controls Matrix

PCI DSS Level 1

FedRAMP/FISMAUK G-Cloud

Level 2

ISO/IEC 27001:2005

HIPAA/HITECH

SOC 2

E.U. Data Protection Directive

Compliance Standards:

Investing heavily in robust

compliance processes, including

ISO 27001, FedRAMP, and

HIPAA

Operations Security

Assurance

Microsoft Azure

31

Automated

Managed

Resources

Elastic

Usage Based

UNIFIED PLATFORM FOR MODERN BUSINESS

Unified platform for modern business

Microsoft commitment

ISO 27001:5

NIST 800-53

SOC 1 Type 2

SOC 2 Type 2

FedRAMP/FISMA

PCI DSS Level 1

UK G-Cloud

US-EU Safe

Harbor

Information

security

standards

Effective controls

Government & industry certifications

Simplified compliance

34

Security compliance strategy

Security

analytics

Risk management

best practices

Security

benchmark

analysis

Test

and

audit

Security

Compliance

Framework

• Security goals set in context of business and industry requirements

• Security analytics & best practices deployed to detect and respond to threats

• Benchmarked to a high bar of certifications and accreditations to ensure compliance

• Continual monitoring, test and audit

35

Program Description

ISO/IEC 27001 Internationally recognized information security standard, broadly accepted outside U.S.

PCI DSS Level 1 Information security standard designed to prevent fraud through controls around credit card data

UK G-Cloud IL2‘Protect' level of security for data processing, storage and transmission by UK public sector organization

including local and regional government

SSAE 16 / ISAE

3402

Accounting standard relied upon as the authoritative guidance for reporting on service organizations

(SOC 1, SOC 2, SOC 3)

FedRAMP/FISMAU.S. Federal law enacted in 2002, based on NIST 800 series, 18 control domains, with in-depth audit,

and applies to all U.S. Federal agencies

Certifications & programs

Contractual commitments

EU Data Privacy Approval

• Microsoft makes strong contractual commitments to safeguard customer data

covered by HIPAA BAA, Data Processing Agreement, & E.U. Model Clauses

• Enterprise cloud-service specific privacy protections benefit every industry &

region

• Microsoft meets high bar for protecting privacy of EU customer data

• EU Data Privacy approval allows Microsoft to transfer personal data across

international borders

• Only Microsoft is jointly approved from EU Article 29

Broad contractual scope

Security & Compliance Tools and Resources

Microsoft has taken on the responsibility to provide tools and information that will enable our customers to

deploy our cloud services with the highest confidence that they are safe and compliant. Dervish Tayyip, General

Counsel, Microsoft Corp https://blogs.microsoft.com/eupolicy/2016/11/10/microsoft-cloud-assurance-legal-

regulatory-compliance-for-cloud-computing/#pmD5xEGu7XcQCa15.99

Cloud Computing Compliance Tools Central Repo: Microsoft Trust Center

Cloud Service Due Diligence Checklist: In anticipation for your organization’s move to the cloud, please review ISO/IEC

19086-1 and the Cloud Services Due Diligence Checklist.

Auditing Logging tools

Built into the cloud from the ground up. Wasn’t an after thought

Auditing and logging Overview

Examples:

How to: Monitor Apps in Azure App Service

Storage Analytics Logging

Creating alerts in Azure Monitor for Azure services

Azure AD Privileged Identity Management

Security & Compliance Tools and Resources

Well-Defined System Configuration Models

Azure’s recent transition from Service Manager to Resource Manager model

Security and Data Encryption Services

Azure Key Vault: Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications

and services.

Client-Side Encryption and Azure Key Vault for Microsoft Azure Storage: Supports encrypting data within client

applications before uploading to Azure Storage, and decrypting data while downloading to the client. The library

also supports integration with Azure Key Vault for storage account key management

Tutorials: Encrypt and decrypt blobs in Microsoft Azure Storage using Azure Key Vault

Closing Comments

Azure is more secure than your data center

The bigger the IT spend, the more Azure makes sense

Conduct an accurate and thorough risk analysis that incorporates all

information technology equipment, applications and data systems

storing PII, PCI;

Create and maintain a risk management plan;

Implement policies and procedures and retain for six years;

Reasonably safeguard the electronic PII and PCI using prevailing

practices;

Encrypt computing devices and storage media;

Obtain satisfactory assurances in the form of a written business

associate agreement;

Monitor and maintain user provisioning, such as not removing user

access in a timely manner.

Top 12 Recommendations for Your Security Strategy

Questions

??

?

?

Constructive Feedback Is Appreciated

Great information,

but would like to

have learned more

about [Insert Topic]Brian – Your

presentation

was …

Good

Demos!

Thanks!

Thank you!

Brian Culver, MCM

Twitter:

@spbrianculver

E-mail:

brian.culver(at)expertpointsolutions.com

Blog:

http://blog.expertpointsolutions.com/

Slides:

http://www.slideshare.net/bculver

Alvin Vaughn, CISSP

E-mail:

Alvin.Vaughn(at)expertpointsolutions.com