Windows Azure

Security, Privacy, &

Compliance
Your name goes here
Your title goes here

Technology trends: driving cloud

adoption
2
weeks

Speed

Cloud Trend:

70
%

of CIOs will embrace a

cloud-first strategy in
2016
(IDC CIO Agenda webinar)

Windows Azure

to deliver new
services vs. 6-12
months with
traditional solution
(Case Study: HarperCollins
Publishers)

430B+
Windows Azure AD
authentications

BENEFITS

Scale

$25,00
0

Economics

Scale
from

30,000
to visitors instantly
site

250,00
280%
0
(Case Study: Autocosmos)

year-over-year
database growth in
Windows Azure

WINDOWS AZURE
ADOPTION

in the cloud would

cost $100,000 on
premises

(Microsoft Azure BI Team,

STMG Proof Points Central)

50%

of Fortune 500 use

Windows Azure

Cloud innovation

OPPORTUNITY FOR SECURITY & COMPLIANCE BENEFITS

Pre-adoption
Benefits realized
concern

60
94
%

cited
experienced
concerns
security
around
benefitsdata
theysecurity
didnt
as
previously
a barrierhave
to
adoption
on-premise

Windows Azure

62
45
%

concerned
said privacy
that the
cloud
protection
would
increased
result in
a
aslack
a result
of data
of moving
control
to the cloud

SECURITY
Design/Operatio
n
Infrastructure
Network
Identity/access
Data

PRIVACY
COMPLIANCE

Trustworthy foundation
BUILT ON MICROSOFT EXPERIENCE AND INNOVATION
Trustworthy
Computing
Initiative

1st
Microsoft
Data
Center

1989

Active
Directory

1995

2000
Windows
Update

Microsoft Security
Response Center

Windows Azure

UK G-Cloud
Level 2

Malware
Protection
Center

2005

Security
Development
Global
Lifecycle
Data Center
Services

SOC 1

FedRAMP/
FISMA
SOC 2

2010

Digital
Crimes
Unit

E.U. Data
Protection
ISO/IEC Directive HIPAA/
27001:2005
HITECH

CSA Cloud
Controls
Matrix

PCI DSS
Level 1

Shared responsibility

REDUCE SECURITY COSTS + MAINTAIN FLEXIBILITY, ACCESS, & CONTROL

On-Premises

IaaS

PaaS

SaaS

Applications
Data
Runtime
Middleware
O/S
Virtualization
Servers
Storage
Networking

Windows Azure

Customer

Microsoft

Transparency & independent verification

AID CUSTOMERS IN MEETING SECURITY & COMPLIANCE OBLIGATIONS

Third-party
verification

Trust
Center
Windows Azure

Access to
audit reports

Compliance
packages

Best practices
and guidance

Cloud Security
Alliance

Security
Response
Center progress
report

Security
intelligence
report
8

Microsoft approach in action

Security

Windows Azure

Privacy

Compliance

Security
We chose Azure because all
things being equal, it is the
easiest cloud platform to work
with. Security and patching
is already taken care of, so it is
less labour-intensive.

Windows Azure

10

Security at the core

Software
Operational Assume
Developme security
breach
nt Lifecycle controls
(SDL)

Windows Azure

Incident
response

Infrastructure protection
24 hour monitored physical security
System monitoring and logging
Patch management
Anti-Virus/Anti-Malware protection
Intrusion detection/DDoS
Penetration testing
Dedicated US government cloud
Windows Azure

12

Network protection
Network
isolation

Windows Azure

Encrypted Virtual
connections Networks

ExpressRou
te

Identity & access

Enterprise cloud identity Windows Azure
AD
Access monitoring
Single sign-on
Multi-Factor Authentication
Role based access controls
Windows Azure

14

Data protection
Encrypted data transfer
Encryption options for stored data
Data segregation
Choice of data location
Data redundancy
Data destruction
Windows Azure

15

Privacy
Our vision is to be the national
leader in patient-centered ehealthcare. Using Windows
Azure as our delivery system
provides us with a level of
trust and reliability that
makes this possible.
Windows Azure

Privacy by design
Privacy by
Design

Windows Azure

Contractual Restricted
No use for
commitmen data access advertising
ts
and use

10101010101010101010101010101

101010101010101010101010101010101010101010101010

Compliance
Windows Azure was attractive
because it has built-in
capabilities for compliance
with a wide range of
regulations and privacy
mandates.

Windows Azure

Simplified compliance
Information Effective
security
controls
standards

Government

ISO 27001

FedRAMP/FISMA
PCI DSS Level 1
UK G-Cloud
HIPAA/HITECH

Windows Azure

SOC 1 Type 2
SOC 2 Type 2

& industry
certification
s

Microsoft commitment
Enhance
Security

Protect
Privacy

Simplify
Complianc
e

Unified platform for modern

business

Windows Azure

Trusted by leading companies

Windows Azure

21

Get started
Talk to a Microsoft security expert
today!
Explore additional resources:
Microsoft Trust Center for Windows Azure: http://
www.windowsazure.com/en-us/support/trust-center
Trustworthy Computing Cloud Services:
www.microsoft.com/trustedcloud
Windows
Azure

 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or
other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to
changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the
date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Windows Azure