cloud computing solutions - Muligheter 2013 Partnerdag | Microsoft ...

sandwichclippersMobile - Wireless

Nov 24, 2013 (3 years and 11 months ago)

59 views

Mobile

65%

of companies

are deploying at
least one
social
software tool
.

Social

Cloud

Digital content
will grow to

Over
80%

of
new apps
will be
distributed or
deployed on
clouds in
2012
.

Big Data

70%

of organizations

are either using or

investigating
cloud
computing solutions

By
2016
,
smartphones

and
tablets

will put power in the
pockets of
a billion
global
consumers

The world’s
mobile

worker

population

will reach

80%

growth

of unstructured
data is predicted over the
next five years
.

1.3 billion

over

37%

of
the total workforce by
2015

Millennials


will make up

75%

of

the
American
workforce

by
2025

2.7ZB

in 2012, up 48% from
2011
, rocketing

toward
8ZB by 2015
.

Large Scale Technology Trends

Transforming access to people and information

Exponential
Growth

of IDs

Widespread
legacy
technology

rise in
Mobile
Malware

Malicious software

more
compromised
records

More sophisticated
attacks

Individual

Organized
Crime
Groups

Terrorist Groups

Nation
-
States

Targeted attacks

user accounts
stolen

credit card accounts
stolen

Data theft & insider leaks

email addresses
stolen
from US
military contractor

files stolen
from
Pentagon

Cyber terrorism &
hacktivism

Global
cost of computer crime

Complex Challenges

Driving need for new security approach

Malicious software

Targeted attacks

Data theft &
insider leaks

Cyber terrorism &
hacktivism

Strong Tension Today

Between business innovation and cyber security requirements

Business Innovation

Specific Concerns We Hear from
Customers

Why should I
trust

Microsoft’s Cloud?

What industry
audits

and security
certifications

cover the Microsoft
Platform
?

If I run my service in your
cloud, can I meet my
compliance needs
?

How should an enterprise
evaluate cloud providers when it
comes to
security, privacy
and
compliance
?

Why Should I Trust the Microsoft Cloud?

Proven Track Record

History of meeting obligations associated with the
delivery of over 400 cloud services


Scale

Spreading cost of robust security and compliance
across large number of customers provides a
trusted cloud at lower cost


Security at our Foundation

Years of experience through our

Trustworthy Computing initiative



Law Enforcement Access

Microsoft Response Process:

Many nations have laws addressing law enforcement access to
cloud service information, to support criminal investigations

Responding to government demands

If
we receive a government demand
for data held by a business customer,
we take steps to redirect the
government to the customer directly,
and we notify the customer unless
we are legally prohibited from doing
so.
We have never provided any
government with customer data
from any of our business or
government customers for national
security
purposes
(…)

We only respond to
requests for specific
accounts and
identifiers. There is no
blanket or
indiscriminate access
to Microsoft’s
customer data.

If
a government wants
customer data


including for
national security purposes


it needs to follow applicable
legal process, meaning it
must serve us with a court
order for content or
subpoena for account
information
.

We
do not provide any
government with the ability
to break the encryption used
between our business
customers and their data in
the cloud, nor do we provide
the government with the
encryption keys
.

http://
blogs.technet.com/b/microsoft_on_the_issues/archive/2013/07/16/responding
-
to
-
government
-
legal
-
demands
-
for
-
customer
-
data.aspx


Law enforcement request report

In the first half of 2013, Microsoft
disclosed content in response to
2.2% of the total number of law
enforcement requests received.
Each of those disclosures was in
response to a court order or
warrant, and the vast majority of
those disclosures related to users
of our consumer services.

Unfortunately, we are not
currently permitted to
report detailed
information about the
type and volume of any
national security orders
(e.g. FISA Orders and FISA
Directives) that we may
receive

Law enforcement sought information about
only a tiny fraction of the millions of end users
of our enterprise services, such as Office 365.
We received 19 requests for e
-
mail accounts
we host for enterprise customers, seeking
information about 48 accounts. We disclosed
customer data in response to five of those
requests (4 content; 1 only non
-
content), and
in all but one case, we were able to notify the
customer. We rejected the request, found no
responsive data, or redirected law
enforcement to obtain the information from
the customer directly in thirteen of those
cases. One request is still
pending.

(…) the
requests are
fairly concentrated with
over 73% of requests
coming from five
countries, the United
States, Turkey,
Germany, the United
Kingdom, and
France.

http://www.microsoft.com/about/corporatecitizenship/en
-
us/reporting/transparency
/


Law enforcement
requests from
Norwegian
Authorities, H1
2013

http://blogs.technet.com/b/microsoft_on_the_issues/archive/2013/06/14/microsoft
-
s
-
u
-
s
-
law
-
enforcement
-
and
-
national
-
security
-
requests
-
for
-
last
-
half
-
of
-
2012.aspx

Global Foundation Services

Microsoft’s
Cloud Environment

Platform as a Service

(PaaS)

Infrastructure as a
Service (
IaaS
)

Consumer and
Small Business
Services

Enterprise

Services

Third
-
party

Hosted Services

Security

Global Network

Operations

Data Centers

Software as a Service (
SaaS
)

Microsoft Data Center Scale

Chicago

Quincy

Dublin

Amsterdam

Hong Kong

Singapore

Japan

"Data Centers have become as vital to the
functioning of society as power stations."

The Economist

San Antonio

Multiple global CDN locations

Microsoft has more than 10 and less than 100 DCs worldwide

Boydton

Des Moines

Quincy,

Washington

27MW

100% Hydro power

San Antonio,

Texas

27MW

Recycled

water for cooling

Chicago
, Illinois

Up to 60MW

Water side economization,

Containers

Dublin, Ireland

Up to 50MW

Outside air cooling, PODs

Customer
Compliance Needs


Customers ultimately responsible for ensuring their compliance obligations are met


Microsoft will share its certifications and audit reports to allow customers to establish reliance

Responsibility:

Data Classification and Accountability

Application Level Controls

Operating System Controls

Host Level Controls

Identity and Access Management

Network Controls

Physical Security

CLOUD PROVIDER

CLOUD CUSTOMER

SaaS

PaaS

IaaS

Data Classification


What data goes where?

Information Security Management System


ISO / IEC 27001:2005 certification


SSAE 16/ISAE 3402 SOC 1


AT101 SOC 2 and 3


PCI DSS certification


FedRAMP P
-
ATO, FISMA certification and accreditation


And more …

PREDICTABLE
AUDIT
SCHEDULE

COMPLIANCE
FRAMEWORK

Information Security Management System

INFORMATION
SECURITY

MANAGEMENT
FORUM

RISK
MANAGEMENT
PROGRAM

INFORMATION
SECURITY
POLICY
PROGRAM

Test and Audit

Infrastructure
Compliance Capabilities

ISO / IEC 27001:2005 Certification

SSAE 16/ISAE 3402 SOC 1,

AT101 SOC

2 and 3

HIPAA/HITECH

PCI Data Security Standard Certification

FedRAMP P
-
ATO

and
FISMA Certification & Accreditation

Various State, Federal, and International Privacy Laws

(95/46/EC

aka EU Data Protection Directive; California SB1386;
etc.)

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be re
gis
tered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the
dat
e of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accu
rac
y of any information provided after the date of this presentation.

MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.