Le Cloud &

la Sécurité

Christophe Van Mollekot

Solution Advisor – Microsoft

Cloud vs Security

Global datacenter footprint

100+ Datacenters in over 40 countries

“71% of strategic buyers cite scalability, cost and business

agility as the most important drivers for using cloud services.“

– Gigaom Research

Integral to business transformation

Efficiently ScaleScalability

Test & DevCosts

Agility

trillion a year1

Risk of cyber

attacks can cost

business up to

3$

individual records

were breached in

2013.4

More than

800Min 2014.3

The number of

recorded data

breaches increased

78%

of the value created

by the Internet.2

Cybercrime

extracts between

15-20% agree consumers have

lost control over how

personal information is

collected and used by

companies5

91%

Global attacks are increasing and costs are rising

How can Cloud help your Security

No one is able to use your

data in a way that you do

not approve.

You have visibility into

how your data is being

handled and used.

Your content is stored and

managed in compliance

with applicable laws,

regulations and standards.

How can Cloud help your Security

13

24 hour monitored physical security

System monitoring and logging

Patch management

Anti-Virus/Anti-Malware protection

Intrusion detection/DDoS

Penetration testing

Infrastructure protection

Network protection

Encrypted connections

Virtual Networks

ExpressRouteNetwork isolation

Enterprise cloud identity – Windows Azure AD

Access monitoring

Single sign-on

Multi-Factor Authentication

Role based access controls

Identity & access

Encrypted data transfer

Encryption options for stored data

Data segregation

Choice of data location

Data redundancy

Data destruction

16

Data protection

Traditional protect & recover security strategy

The mindset shift

“FUNDAMENTALLY, IF SOMEBODY WANTS TO GET IN,

THEY'RE GETTING IN…ACCEPT THAT.

WHAT WE TELL CLIENTS IS:

NUMBER ONE, YOU'RE IN THE FIGHT, WHETHER YOU

THOUGHT YOU WERE OR NOT. NUMBER TWO,

YOU ALMOST CERTAINLY ARE PENETRATED. ”

Michael Hayden

Former Director of NSA & CIA

Ass

um

e B

reach

20

If you found out

tomorrow that your most

critical systems had been

infiltrated or that your

most critical data was

being exfiltrated, would

you be prepared to deal

with the breach?

REDAll your bases BELONG to us

vs. BLUE

Ass

um

e B

reach

Exe

cutio

n

23

Wargameexercises

Blueteaming

Redteaming

Monitor emerging threats

Executepost breach

Insider attack simulation

Po

st B

reach

Exe

cutio

n

24

Establish security baselines

Time to detect

Time to contain

Time to fix

Time to recover

Framework to inventory damage

Identify reactive security investments

Update response plans

If you measure MTTR in WEEKS/MONTHS/YEARS instead of hours/days, then YOU’VE FAILED!

The confidentiality,

integrity, and availability

of your data is protected.

You have visibility into

how your data is being

handled and used.

Your content is stored and

managed in compliance

with applicable laws,

regulations and standards.

How can Cloud help your Security

We’ll keep your data secure

Your data is private and under your control

We manage your data in accordance with the law

You know what we’re doing with your data

No one is able to use your

data in a way that you do

not approve.

The confidentiality,

integrity, and availability

of your data is protected.

You have visibility into

how your data is being

handled and used.

How can Cloud help your Security

Microsoft Cloud Compliance Certifications

No one is able to use your

data in a way that you do

not approve.

The confidentiality,

integrity, and availability

of your data is protected.

Your content is stored and

managed in compliance

with applicable laws,

regulations and standards.

How can Cloud help your Security

http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/

Law Enforcement Requests

Microsoft NDA-To be shared under NDA only

Transparency Center

How can Cloud help your Security

One last word…

An on-premises solution to identify advanced security attacks before they cause damage

Credit card companies

monitor cardholders’

behavior.

If there is any abnormal

activity, they will notify the

cardholder to verify charge.

Microsoft Advanced Threat Analytics brings this

concept to IT and users of a particular organizationComparison:

Behavioral

Analytics

Detection for known

attacks and issues

Advanced Threat

Detection

An on-premises solution to identify advanced security attacks before they cause damage

Detect threats fast with Behavioral

Analytics

Adapt as fast as your enemies

Focus on what is important fast

using the simple attack timeline

Reduce the fatigue of false positives

Thank You

Learn more about the Microsoft Enterprise Cloud

Visit the Microsoft Trust Centers: Azure, Intune,

Office 365, and Dynamics CRM

Review the Microsoft Law Enforcement Request

Report and US National Security Orders Report

Read our blogs: Microsoft Cyber Trust and

Microsoft On the Issues

Follow us on Twitter: @MSFTSecurity

Additional Resources