SlideShare a Scribd company logo
1 of 40
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Microsoft Cloud principles
Privacy and
Control
Security Transparency Compliance
3 3
Security with Cortana Analytics
Microsoft delivers enterprise cloud services
customers can trust
• Industry-leading best practices in the design and
management of online services
• Enhanced security, operational management, and threat
mitigation practices
• Trustworthy enterprise cloud services
• Centers of excellence
4
Cloud services – shared responsibility
Microsoft Azure
On-Premises Infrastructure
(as a Service)
Platform
(as a Service)
Software
(as a Service)
Each customer
environment is
isolated on top of
Azure’s
Infrastructure
Shared Physical
Environment
Managed by:
5
Company-wide, mandatory
development and operations
processes that embeds security
into every phase of
development and ops process.
We make security a priority at every step,
from code development to incident response.
Security Development
Lifecycle (SDL) and Operations
Security Assurance (OSA)
Assume breach
simulation
Dedicated security expert “Red
Team” that simulate real-world
attacks at network, platform,
and application layers, testing
the ability of Azure to detect,
protect against, and recover
from breaches.
Global, 24x7 incident response
service that works to mitigate
the effects of attacks and
malicious activity.
Incident
response
Azure Security Design and Operations
6
Prevent and assume breach
Prevent breach – A methodical Secure
Development Lifecycle and Operational Security
minimizes probability of exposure
Assume breach – Identifies & addresses potential
gaps:
• Ongoing live site testing of security response plans
improves mean time to detection and recovery
• Bug bounty program encourages security
researchers in the industry to discover and report
vulnerabilities
• Reduce exposure to internal attack (once inside,
attackers do not have broad access)
Latest Threat Intelligence to prevent breaches
and to test security response plans
State of the art Security Monitoring and
Response
Prevent and assume breach
Security monitoring and response
Prevent breach
• Secure Development Lifecycle
• Operational Security
Assume breach
• Bug Bounty Program
• War game exercises
• Live site penetration testing
Threat intelligence
7
Operational security
Strategy: Employ risk-based, multi-dimensional approach to safeguarding services and data
Security Monitoring and Response
Threat Intelligence Feed

Data Protection
Access control,
encryption, key
management
Data & Keys
Admin Access
Identity management,
dual-factor
authentication,
training and
awareness, screening,
Least and Temporary
Privilege
User
Application Security
Access control,
monitoring, anti-
malware, vulnerability
scanning, patch and
configuration
management
Application
Host Protection
Access control,
monitoring, anti-
malware, vulnerability
scanning, patch and
configuration
management
Host System
Network Security
Segmentation,
intrusion detection,
vulnerability scanning
Internal
Network
Network Security
Edge ACLs, DOS,
intrusion detection,
vulnerability scanning
Network
Perimeter
Physical Security
Physical controls,
video surveillance,
access control
Facility
8
Infrastructure protection
24-hour monitored
PHYSICAL SECURITY
Centralized
MONITORING AND
ALERTS
Antivirus/Antimalware
PROTECTION
Red Teaming
PENETRATION
TESTING
FIREWALLS
Update
MANAGEMENT
9
Monitoring & alerts
• Performs monitoring & alerting on security events
for the platform
• Enables security data collection via Monitoring
Agent or Windows Event Forwarding
AZURE
• Configures monitoring
• Exports events to SQL Database, HDInsight or a
SIEM for analysis
• Monitors alerts & reports
• Responds to alerts
CUSTOMER
Customer VMs
Microsoft Azure
!
Enable
Monitoring
Agent
Extract event information to SIEM or
other reporting system
Customer
Admin
Portal
SMAPI
Events
Guest VM Guest VM Cloud Services
HDInsight
Azure
storage
Alerting &
reporting
10
Update management
Azure
• Applies regularly scheduled updates to
the platform
• Releases critical patches immediately
• Rigorously reviews & tests all changes
• Uses a combination of third-party
scanning tools for Azure environment
• Utilizes integrated deployment
systems to manage the distribution
and installation of security updates
Customer
• Applies similar patch management
strategies for their Virtual Machines
• Monitor 100,000+
vulnerability
reports
• Sourced from
customers &
worldwide network
of security
researchers
• Prioritize critical
updates
• Monthly OS
releases with
patches
• Reconciliation
report
• Resolution
summary
• Scanning &
reporting of all
Azure VMs
• Track & remediate
any findings
SCANNING
AUDIT
VALIDATION
PATCHING
ROLLOUT
MONTHLY
MSRC PATCH
REVIEW
11
Antivirus/antimalware protection
• Performs monitoring & alerting of antimalware
events for the platform
• Enables real time protection, on-demand scanning,
and monitoring via Microsoft Antimalware for Cloud
Services and Virtual Machines
AZURE
• Configures Microsoft Antimalware or an AV/AM
solution from a partner
• Extracts events to SIEM
• Monitors alerts & reports
• Responds to alerts
CUSTOMER
Customer VMs
Microsoft Azure
!
Enable &
configure
anti-malware
Extract event information to SIEM or
other reporting system
Customer
Admin
Portal
SMAPI
Events
Guest VM
Azure
storage
Alerting &
reporting
Guest VM Cloud Services
12
Threat protection
• Performs big data analysis of logs for
intrusion detection & prevention for the
platform
• Employs denial of service attack
prevention measures for the platform
• Regularly performs penetration testing
• Can add extra layers of protection by
deploying additional controls, including
DOS, IDS, web application firewalls
• Conducts authorized penetration testing
of their application
Azure
Customer
Customer Environment
Cloud Access & Firewall
Virtual network
Application tier
Logic tier
Database tier
VPN
Corp 1
Internet End Users
443
443
Microsoft Azure
THREAT DETECTION: DOS/IDS Capabilities
13
DDoS system overview
MSFT Routing Layer
Detection Pipeline
Profile DB
Scrubbing Array
SLB
Application
Attack Traffic
Scrubbed Traffic
Flow Data
Routing Updates
Internet
• Traffic is re-routed to scrubbers via dynamic routing updates
• Traffic is SYN auth. and rate limited
MITIGATION PROCESS
• Traffic to a given /32 VIP Inbound or Outbound is tracked,
recorded, and analyzed in real time to determine attack
behavior
DETECTION PROCESS
• TCP SYN
• UDP/ICMP/TCP Flood
SUPPORTED DDOS ATTACK PROFILES
14
Architected for more secure multi-tenancy
• Centrally manages the platform and helps
isolate customer environments using the
Fabric Controller
• Runs a configuration-hardened version of
Windows Server as the Host OS
• Uses Hyper-V, a battle tested and enterprise
proven hypervisor
• Runs Windows Server and Linux on Guest
VMs for platform services
• Manages their environment through service
management interfaces and subscriptions
• Chooses from the gallery or brings their own
OS for their Virtual Machines
Azure
Customer
SQL
Database
Fabric
Controller
Azure
Storage
Guest VM Guest VM
Customer 2
Guest VM
Customer 1
Customer
Admin
Portal
SMAPI
Host OS
Hypervisor
Microsoft Azure
End
Users
15
Firewalls
16
• Restricts access from the Internet, permits traffic only to
endpoints, and provides load balancing and NAT at the
Cloud Access Layer
• Isolates traffic and provides intrusion defense through a
distributed firewall
AZURE
• Applies corporate firewall using site-to-site VPN
• Configures endpoints
• Defines access controls between tiers and provides
additional protection via the OS firewall
CUSTOMER
VPN
Corp
Firewall
Internet Client
Cloud Access
Microsoft Azure
Customer 1
Application tier
443
Logic tier
Database tier
Virtual Network
443
16
Identity & access
Azure enables customers to better control access in a multi-tenant environment
Azure Active Directory (AAD)
offers enterprise identity and
access management in the
cloud.
Enterprise cloud directory
Security reports monitor
access patterns that help
identify potential threats.
Access monitoring and
logging
Strong authentication adds an
extra layer of security for user
logins.
Multi-Factor
Authentication (MFA)
Users get a single sign-on option across
multiple applications and services.
Single sign-on
Developers can integrate their app with Azure
AD for single sign-on functionality for their
users.
Integration with customer applications
17
Access monitoring and logging
Azure
• Uses password hashes for
synchronization
• Offers security reporting that tracks
inconsistent traffic patterns, including:
– Sign-ins from unknown sources
– Multiple failed sign-ins
– Sign-ins from multiple geographies
in short timeframes
– Sign-ins from suspicious IP
addresses and suspicious devices
Customer
• Reviews reports and mitigates
potential threats
• Can enable Multi-Factor Authentication
X X X X XX X X X X
X X X X X
User Non-user
18
Incident
Assessment
Customer
Notification
DevOps
Engaged
Event
Detected
Security Team
Engaged
Event
Start
Determine
Customer Impact
Customer
Process
Step 1
Determine
Affected
Customers
Security
Event
Confirmed
Azure
Customer
Notification
• Leverages a 9-step incident
response process
• Focuses on containment &
recovery
• Analyzes logs and VHD images in
the event of platform-level
incident and provides forensics
information to customers when
needed
• Makes contractual commitments
regarding customer notification
Azure incident response
19
PrivacyPrivacy & Control
Microsoft makes our commitment to the privacy of
our customers a priority with independently audited
policies and practices that include restricting the
mining of customer data for advertising or similar
commercial purposes.
20
PrivacyTrustworthy foundation
Microsoft privacy principles are designed to facilitate the responsible
use of customer data, be transparent about practices, and offer
meaningful privacy choices.
Privacy by
design
Guidelines that help ensure privacy is applied in the
development and deployment of products and services.
Microsoft privacy
standard
Azure uses logical isolation to segregate
each customer’s data from that
of others.
Data segregation
21
Customer data
When a customer utilizes Cortana Analytics, they own their data.
Control over
data location
Customers choose data location and replication options.
Control over access
to data
Strong authentication, carefully logged “just in time”
support access, and regular audits.
Encryption key
management
Customers have the flexibility to generate and manage
their own encryption keys.
Control over
data deletion
When customers delete data or leave Azure, Microsoft follows
procedures to render the previous customer’s data inaccessible.
22
Data control
For many services, customers can specify the geographic areas where their
customer data is storedData location
Access to customer data by Microsoft personnel is restricted;
Microsoft provides cloud-service-specific privacy statements and
strong contractual commitments to safeguard customer data
Data access
Technical safeguards help keep customer data secure;
Customers have the flexibility to implement additional
encryption and manage their own keys
Data protection
23
Data location and replication
• Microsoft will not store customer data outside the customer-
specified geography except for global services and certain
regional services
• Azure replicates data both locally and to different physical
locations
• Every blob is replicated across three computers in a Microsoft
Azure datacenter
• Geo-replicated storage in a datacenter hundreds of
miles away
• Microsoft may transfer customer data within a geo (e.g.,
within Europe) for data redundancy or other purposes
AZURE
• Chooses where data resides
• Configures data replication options
CUSTOMER
Microsoft Azure datacenters
24
Data access
Role-based
access control
Customer data is only
used to provide the
service, including
purposes compatible
with providing those
service and is never
used for advertising
Restricted data
access
Customer data is only
accessed when
necessary to support
customer’s use of
Azure, or when
required by law
Microsoft
employee access
management
Microsoft controls
employee access to
Azure customer
environment
25
Access controls are verified by independent audit and certifications
Restricted data access
Customer data is only accessed when necessary to support customer’s use of
Azure (e.g. troubleshooting or feature improvement), or when required by law.
When granted, access is controlled and logged.
Strong authentication, including MFA, helps limit access to
authorized personnel only.
Access is revoked as soon as it’s no longer needed.
26
Data protection
Data segregation
Logical isolation segregates each customer’s
data from that of others.
In-transit data protection
Industry-standard protocols encrypt data in
transit to/from outside components, as well as
data in transit internally by default.
Data redundancy
Customers have multiple options for
replicating data, including number of copies
and number and location of replication
datacenters.
At-rest data protection
Customers can implement a range of
encryption options for virtual machines and
storage.
Encryption
Data encryption in storage or in transit can be
deployed by the customer to align with best
practices for ensuring confidentiality and
integrity of data.
Data destruction
When customers delete data or leave Azure,
Microsoft follows procedures to render the
previous customer’s data inaccessible.
27
Data segregation
SQL
Database
Fabric
Controller
Azure
Storage
Guest VM Guest VM
Customer 2
Guest VM
Customer 1
Customer
Admin
Portal
SMAPI
End
Users
Host OS
Hypervisor
Microsoft Azure
Access
Control
• Access is through Storage account keys and Shared Access
Signature (SAS) keys
• Storage blocks are hashed by the hypervisor to separate accounts
Storage Isolation
• SQL Database isolates separate databases using SQL accounts
SQL Isolation
Network Isolation
• VM switch at the host level blocks inter-tenant communication
28
Encryption in Transit
Azure
• Encrypts most communication between
Azure datacenters
• Encrypts transactions through Azure
Portal using HTTPS
• Supports FIPS 140-2
Customer
• Can choose HTTPS for REST
API (recommended)
• Configures HTTPS endpoints for
application running in Azure
• Encrypts traffic between Web client
and server by implementing TLS on IIS
Azure
Datacenter
Azure
Datacenter
Azure
Portal
29
Encryption at Rest
• Data drives – full disk encryption using BitLocker
• Boot drives – BitLocker and partner solutions
• SQL Server – Transparent Data and Column Level Encryption
• Files & folders – EFS in Windows Server
Virtual Machines
• BitLocker encryption of drives using Azure Import/Export service
• StorSimple with AES-256 encryption
Storage
Applications
• Client Side encryption through .NET Crypto API
• RMS Service and SDK for file encryption by your applications
30
RMS SDK.NET Crypto
SQL TDE BitLocker Partners EFS
BitLocker StorSimple
Virtual
Machines
Applications
Storage
Azure Key Vault Service
Azure Vault
Create
Manage
Monitor
Import Keys from
On-Premises HSM
Microsoft Azure Key Vault offers encryption key management in the
cloud, enabling customers to safeguard keys for use in applications
they develop as well as SaaS applications that encrypt data on their
behalf. In Azure, customers can:
• Create/import, store, and manage cryptographic keys
• Secure those keys in FIPS 140-2 Level 2 Hardware Security
Modules (HSMs)
Benefits:
• Scale to meet the encryption needs of cloud applications
• Improve performance of cloud applications by storing keys in the
cloud
• Reduce the time and cost required to maintain dedicated HSM
hardware
• Maintain control over keys - grant and revoke use by applications as
needed
• Gain visibility into key use through Azure logging
Customer keys stay locked in very tightly monitored HSMs. Rogue
operators and software cannot see customer keys.
What is the feature?
Grant/Revoke Permission for
Applications to Use Keys
31
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
Application
• .NET encryption API Managed by customer .NET Cryptography documentation
• RMS SDK – encrypt data by using
RMS SDK
Managed by customer via on-prem
RMS key management service or
RMS online
RMS SDK documentation
Platform
• SQL TDE/CLE on SQL server on
Azure IAAS servers
Managed by customers SQL TDE/CLE documentation
• SQL Azure TDE and Column
Encryption features in progress
Managed by Microsoft in first release
and by customers in next release
• StorSimple – provides primary,
backup, archival
Managed by customers
Supports AES-256 to encrypt data
in StorSimple
StorSimple link and documentation
System
• BitLocker support for data volumes
• Partner solutions for system volume
encryption
• BitLocker support
Managed by customers
BitLocker for fixed or removable
volumes
BitLocker commandline tool
Others
• Import/Export of xstore data onto
drives can be protected by BitLocker
Managed by customers Import/export step by step blog
Layer Encryption support Key Management Comments
Data Encryption
33
Data Destruction
Data Deletion
• Index immediately removed from
primary location
• Geo-replicated copy of the data
(index) removed asynchronously
• Customers can only read from disk
space they have written to
• NIST 800-88 compliant processes are
used for destruction of defective disks
Disk Handling
34
Cortana Analytics Transparency on Azure
Azure helps enable customer control over customer
data by providing transparency into where it is
stored, who can access it, and how Microsoft helps
secure it, with accessible tools and straightforward
language.
35
Data storage and use
Customers
know where and
how their data is
stored and used
Customers control where customer data is stored
Microsoft doesn’t use customer data for advertising
Microsoft doesn’t share customer data with our advertiser-supported
services or mine it for marketing
Microsoft uses customer data only to provide the services,
including purposes compatible with providing the services
Customers may delete customer data
or leave the service at any time
36
Data access
Customer controls who has access to
customer data
Microsoft may hire other companies to
provide limited services, such as
customer support, on its behalf
Subcontractors are prohibited from using
customer data for any other purpose
Customer
knows who can
access their
data and
under what
conditions
37
Microsoft and compliance
Microsoft invests heavily in the development of
innovative compliance technology, processes and
integration in Azure. The Microsoft compliance
framework for online services maps controls to
multiple regulatory standards, which helps drive the
design and building of services that meet today’s
high level of security and privacy needs.
38
Microsoft and Compliance
39
Microsoft maintains a
team of experts focused
on ensuring that Azure
meets its own
compliance obligations,
which helps customers
meet their own
compliance requirements.
Compliance
certifications
Compliance strategy
helps customers address
business objectives and
industry standards &
regulations, including
ongoing evaluation and
adoption of emerging
standards and practices.
Continual evaluation,
benchmarking, adoption,
test & audit
Ongoing verification by
third-party audit firms.
Independent verification
Microsoft shares audit
report findings and
compliance packages
with customers.
Access to audit reports
Prescriptive guidance on
securing data, apps, and
infrastructure in Azure
makes it easier for
customers to achieve
compliance.
Proven practices
Azure meets a broad set of international, regional, and industry-specific compliance
and regulatory standards.
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance

More Related Content

What's hot

Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security CenterCheah Eng Soon
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
Mcas log collector deck
Mcas log collector deckMcas log collector deck
Mcas log collector deckMatt Soseman
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewAlert Logic
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterScott Hoag
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsAlert Logic
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeemu Tiainen
 
DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513Tiffeny Price
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security FundamentalsLorenzo Barbieri
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architectureKarl Ots
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics NetworkCollaborators
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...NetworkCollaborators
 
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...BeyondTrust
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks  - Ed Adams, President, Security InnovationWfh security risks  - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingPriyanka Aash
 
Advanced Threat Defense Intel Security
Advanced Threat Defense  Intel SecurityAdvanced Threat Defense  Intel Security
Advanced Threat Defense Intel Securityxband
 
Nicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterNicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterMicrosoft Österreich
 
Using m365 defender to protect against solorigate
Using m365 defender to protect against solorigateUsing m365 defender to protect against solorigate
Using m365 defender to protect against solorigateMatt Soseman
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell ApartIBM Security
 

What's hot (20)

Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USM
 
Mcas log collector deck
Mcas log collector deckMcas log collector deck
Mcas log collector deck
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security Center
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimukset
 
DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architecture
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
 
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks  - Ed Adams, President, Security InnovationWfh security risks  - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
 
Advanced Threat Defense Intel Security
Advanced Threat Defense  Intel SecurityAdvanced Threat Defense  Intel Security
Advanced Threat Defense Intel Security
 
Nicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterNicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security Center
 
Using m365 defender to protect against solorigate
Using m365 defender to protect against solorigateUsing m365 defender to protect against solorigate
Using m365 defender to protect against solorigate
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell Apart
 

Viewers also liked

Deep Learning for Speech Recognition in Cortana at AI NEXT Conference
Deep Learning for Speech Recognition in Cortana at AI NEXT ConferenceDeep Learning for Speech Recognition in Cortana at AI NEXT Conference
Deep Learning for Speech Recognition in Cortana at AI NEXT ConferenceBill Liu
 
Better Together: The New Data Management Orchestra
Better Together: The New Data Management OrchestraBetter Together: The New Data Management Orchestra
Better Together: The New Data Management OrchestraCloudera, Inc.
 
Big Data: Real-life examples of Business Value Generation with Cloudera
Big Data: Real-life examples of Business Value Generation with ClouderaBig Data: Real-life examples of Business Value Generation with Cloudera
Big Data: Real-life examples of Business Value Generation with ClouderaCapgemini
 
Explanation on Tensorflow example -Deep mnist for expert
Explanation on Tensorflow example -Deep mnist for expertExplanation on Tensorflow example -Deep mnist for expert
Explanation on Tensorflow example -Deep mnist for expert홍배 김
 
Meetup#6: AWS-AI & Lambda Serverless
Meetup#6: AWS-AI & Lambda Serverless Meetup#6: AWS-AI & Lambda Serverless
Meetup#6: AWS-AI & Lambda Serverless AWS Vietnam Community
 
AIMeetup #3: Cortana intelligence suite - tchnij życie w swoje dane
AIMeetup #3: Cortana intelligence suite - tchnij życie w swoje daneAIMeetup #3: Cortana intelligence suite - tchnij życie w swoje dane
AIMeetup #3: Cortana intelligence suite - tchnij życie w swoje dane2040.io
 
Image Recognition With TensorFlow
Image Recognition With TensorFlowImage Recognition With TensorFlow
Image Recognition With TensorFlowYaz Santissi
 
Announcing Amazon Rekognition - Deep Learning-Based Image Analysis - December...
Announcing Amazon Rekognition - Deep Learning-Based Image Analysis - December...Announcing Amazon Rekognition - Deep Learning-Based Image Analysis - December...
Announcing Amazon Rekognition - Deep Learning-Based Image Analysis - December...Amazon Web Services
 
AWS re:Invent 2016: NEW LAUNCH! Workshop: Hands on with Amazon Lex, Amazon Po...
AWS re:Invent 2016: NEW LAUNCH! Workshop: Hands on with Amazon Lex, Amazon Po...AWS re:Invent 2016: NEW LAUNCH! Workshop: Hands on with Amazon Lex, Amazon Po...
AWS re:Invent 2016: NEW LAUNCH! Workshop: Hands on with Amazon Lex, Amazon Po...Amazon Web Services
 
AWS re:Invent 2016: NEW LAUNCH! Introducing Amazon Rekognition (MAC203)
AWS re:Invent 2016: NEW LAUNCH! Introducing Amazon Rekognition (MAC203)AWS re:Invent 2016: NEW LAUNCH! Introducing Amazon Rekognition (MAC203)
AWS re:Invent 2016: NEW LAUNCH! Introducing Amazon Rekognition (MAC203)Amazon Web Services
 
Increase Marketing Effectiveness and ROI with Big Data
Increase Marketing Effectiveness and ROI with Big DataIncrease Marketing Effectiveness and ROI with Big Data
Increase Marketing Effectiveness and ROI with Big DataDemandbase
 
Deep Learning with TensorFlow: Understanding Tensors, Computations Graphs, Im...
Deep Learning with TensorFlow: Understanding Tensors, Computations Graphs, Im...Deep Learning with TensorFlow: Understanding Tensors, Computations Graphs, Im...
Deep Learning with TensorFlow: Understanding Tensors, Computations Graphs, Im...Altoros
 
Machine learning and TensorFlow
Machine learning and TensorFlowMachine learning and TensorFlow
Machine learning and TensorFlowJose Papo, MSc
 
Microsoft Power BI and Cortana Analytics user group meetings with Alteryx
Microsoft Power BI and Cortana Analytics user group meetings with AlteryxMicrosoft Power BI and Cortana Analytics user group meetings with Alteryx
Microsoft Power BI and Cortana Analytics user group meetings with AlteryxHåkan Söderbom
 
Machine Learning Loves Hadoop
Machine Learning Loves HadoopMachine Learning Loves Hadoop
Machine Learning Loves HadoopCloudera, Inc.
 
Tensorflow windows installation
Tensorflow windows installationTensorflow windows installation
Tensorflow windows installationmarwa Ayad Mohamed
 
Overview of Microsoft Azure AI Services
Overview of Microsoft Azure AI ServicesOverview of Microsoft Azure AI Services
Overview of Microsoft Azure AI ServicesCraig Milroy
 
GDG-Shanghai 2017 TensorFlow Summit Recap
GDG-Shanghai 2017 TensorFlow Summit RecapGDG-Shanghai 2017 TensorFlow Summit Recap
GDG-Shanghai 2017 TensorFlow Summit RecapJiang Jun
 

Viewers also liked (20)

Deep Learning for Speech Recognition in Cortana at AI NEXT Conference
Deep Learning for Speech Recognition in Cortana at AI NEXT ConferenceDeep Learning for Speech Recognition in Cortana at AI NEXT Conference
Deep Learning for Speech Recognition in Cortana at AI NEXT Conference
 
Social media strategy
Social media strategySocial media strategy
Social media strategy
 
Better Together: The New Data Management Orchestra
Better Together: The New Data Management OrchestraBetter Together: The New Data Management Orchestra
Better Together: The New Data Management Orchestra
 
Big Data: Real-life examples of Business Value Generation with Cloudera
Big Data: Real-life examples of Business Value Generation with ClouderaBig Data: Real-life examples of Business Value Generation with Cloudera
Big Data: Real-life examples of Business Value Generation with Cloudera
 
Explanation on Tensorflow example -Deep mnist for expert
Explanation on Tensorflow example -Deep mnist for expertExplanation on Tensorflow example -Deep mnist for expert
Explanation on Tensorflow example -Deep mnist for expert
 
Meetup#6: AWS-AI & Lambda Serverless
Meetup#6: AWS-AI & Lambda Serverless Meetup#6: AWS-AI & Lambda Serverless
Meetup#6: AWS-AI & Lambda Serverless
 
AIMeetup #3: Cortana intelligence suite - tchnij życie w swoje dane
AIMeetup #3: Cortana intelligence suite - tchnij życie w swoje daneAIMeetup #3: Cortana intelligence suite - tchnij życie w swoje dane
AIMeetup #3: Cortana intelligence suite - tchnij życie w swoje dane
 
Image Recognition With TensorFlow
Image Recognition With TensorFlowImage Recognition With TensorFlow
Image Recognition With TensorFlow
 
Announcing Amazon Rekognition - Deep Learning-Based Image Analysis - December...
Announcing Amazon Rekognition - Deep Learning-Based Image Analysis - December...Announcing Amazon Rekognition - Deep Learning-Based Image Analysis - December...
Announcing Amazon Rekognition - Deep Learning-Based Image Analysis - December...
 
AWS re:Invent 2016: NEW LAUNCH! Workshop: Hands on with Amazon Lex, Amazon Po...
AWS re:Invent 2016: NEW LAUNCH! Workshop: Hands on with Amazon Lex, Amazon Po...AWS re:Invent 2016: NEW LAUNCH! Workshop: Hands on with Amazon Lex, Amazon Po...
AWS re:Invent 2016: NEW LAUNCH! Workshop: Hands on with Amazon Lex, Amazon Po...
 
AWS re:Invent 2016: NEW LAUNCH! Introducing Amazon Rekognition (MAC203)
AWS re:Invent 2016: NEW LAUNCH! Introducing Amazon Rekognition (MAC203)AWS re:Invent 2016: NEW LAUNCH! Introducing Amazon Rekognition (MAC203)
AWS re:Invent 2016: NEW LAUNCH! Introducing Amazon Rekognition (MAC203)
 
Increase Marketing Effectiveness and ROI with Big Data
Increase Marketing Effectiveness and ROI with Big DataIncrease Marketing Effectiveness and ROI with Big Data
Increase Marketing Effectiveness and ROI with Big Data
 
Tensorflow
TensorflowTensorflow
Tensorflow
 
Deep Learning with TensorFlow: Understanding Tensors, Computations Graphs, Im...
Deep Learning with TensorFlow: Understanding Tensors, Computations Graphs, Im...Deep Learning with TensorFlow: Understanding Tensors, Computations Graphs, Im...
Deep Learning with TensorFlow: Understanding Tensors, Computations Graphs, Im...
 
Machine learning and TensorFlow
Machine learning and TensorFlowMachine learning and TensorFlow
Machine learning and TensorFlow
 
Microsoft Power BI and Cortana Analytics user group meetings with Alteryx
Microsoft Power BI and Cortana Analytics user group meetings with AlteryxMicrosoft Power BI and Cortana Analytics user group meetings with Alteryx
Microsoft Power BI and Cortana Analytics user group meetings with Alteryx
 
Machine Learning Loves Hadoop
Machine Learning Loves HadoopMachine Learning Loves Hadoop
Machine Learning Loves Hadoop
 
Tensorflow windows installation
Tensorflow windows installationTensorflow windows installation
Tensorflow windows installation
 
Overview of Microsoft Azure AI Services
Overview of Microsoft Azure AI ServicesOverview of Microsoft Azure AI Services
Overview of Microsoft Azure AI Services
 
GDG-Shanghai 2017 TensorFlow Summit Recap
GDG-Shanghai 2017 TensorFlow Summit RecapGDG-Shanghai 2017 TensorFlow Summit Recap
GDG-Shanghai 2017 TensorFlow Summit Recap
 

Similar to Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance

Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3CCG
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-securityober64
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A ServiceOlav Tvedt
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskPrecisely
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAmazon Web Services
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and ResponseAlert Logic
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft CloudEuropean Collaboration Summit
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxGenericName6
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudAlert Logic
 
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoDesafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoCristian Garcia G.
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich
 
Microsoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security CenterMicrosoft
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxArjayBalberan1
 

Similar to Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance (20)

Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-security
 
Azure security
Azure  securityAzure  security
Azure security
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App Security
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud Infrastructure
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
 
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoDesafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
 
Microsoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure Security Infographic
Microsoft Azure Security Infographic
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security Center
 
CIO Forum June Microsoft.pdf
CIO Forum June Microsoft.pdfCIO Forum June Microsoft.pdf
CIO Forum June Microsoft.pdf
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptx
 

More from MSAdvAnalytics

Cortana Analytics Workshop: Predictive Maintenance in the IoT Era
Cortana Analytics Workshop: Predictive Maintenance in the IoT EraCortana Analytics Workshop: Predictive Maintenance in the IoT Era
Cortana Analytics Workshop: Predictive Maintenance in the IoT EraMSAdvAnalytics
 
Cortana Analytics Workshop: Cortana Analytics for Retail
Cortana Analytics Workshop: Cortana Analytics for RetailCortana Analytics Workshop: Cortana Analytics for Retail
Cortana Analytics Workshop: Cortana Analytics for RetailMSAdvAnalytics
 
Cortana Analytics Workshop: Cortana Analytics for Marketing
Cortana Analytics Workshop: Cortana Analytics for MarketingCortana Analytics Workshop: Cortana Analytics for Marketing
Cortana Analytics Workshop: Cortana Analytics for MarketingMSAdvAnalytics
 
Cortana Analytics Workshop: Real-Time Data Processing -- How Do I Choose the ...
Cortana Analytics Workshop: Real-Time Data Processing -- How Do I Choose the ...Cortana Analytics Workshop: Real-Time Data Processing -- How Do I Choose the ...
Cortana Analytics Workshop: Real-Time Data Processing -- How Do I Choose the ...MSAdvAnalytics
 
Cortana Analytics Workshop: Operationalizing Your End-to-End Analytics Solution
Cortana Analytics Workshop: Operationalizing Your End-to-End Analytics SolutionCortana Analytics Workshop: Operationalizing Your End-to-End Analytics Solution
Cortana Analytics Workshop: Operationalizing Your End-to-End Analytics SolutionMSAdvAnalytics
 
Cortana Analytics Workshop: Azure Data Catalog
Cortana Analytics Workshop: Azure Data CatalogCortana Analytics Workshop: Azure Data Catalog
Cortana Analytics Workshop: Azure Data CatalogMSAdvAnalytics
 
Cortana Analytics Workshop: Connecting Cortana Analytics Faster -- Any Source...
Cortana Analytics Workshop: Connecting Cortana Analytics Faster -- Any Source...Cortana Analytics Workshop: Connecting Cortana Analytics Faster -- Any Source...
Cortana Analytics Workshop: Connecting Cortana Analytics Faster -- Any Source...MSAdvAnalytics
 
Cortana Analytics Workshop: Real-World Data Collection for Cortana Analytics
Cortana Analytics Workshop: Real-World Data Collection for Cortana AnalyticsCortana Analytics Workshop: Real-World Data Collection for Cortana Analytics
Cortana Analytics Workshop: Real-World Data Collection for Cortana AnalyticsMSAdvAnalytics
 
Cortana Analytics Workshop: Insights and Predictions -- Integrating and Deplo...
Cortana Analytics Workshop: Insights and Predictions -- Integrating and Deplo...Cortana Analytics Workshop: Insights and Predictions -- Integrating and Deplo...
Cortana Analytics Workshop: Insights and Predictions -- Integrating and Deplo...MSAdvAnalytics
 
Cortana Analytics Workshop: The "Big Data" of the Cortana Analytics Suite, Pa...
Cortana Analytics Workshop: The "Big Data" of the Cortana Analytics Suite, Pa...Cortana Analytics Workshop: The "Big Data" of the Cortana Analytics Suite, Pa...
Cortana Analytics Workshop: The "Big Data" of the Cortana Analytics Suite, Pa...MSAdvAnalytics
 
Cortana Analytics Workshop: The "Big Data" of the Cortana Analytics Suite, Pa...
Cortana Analytics Workshop: The "Big Data" of the Cortana Analytics Suite, Pa...Cortana Analytics Workshop: The "Big Data" of the Cortana Analytics Suite, Pa...
Cortana Analytics Workshop: The "Big Data" of the Cortana Analytics Suite, Pa...MSAdvAnalytics
 
Cortana Analytics Workshop: Developing for Power BI
Cortana Analytics Workshop: Developing for Power BICortana Analytics Workshop: Developing for Power BI
Cortana Analytics Workshop: Developing for Power BIMSAdvAnalytics
 
Cortana Analytics Workshop: Milliman Integrate for Cortana Analytics
Cortana Analytics Workshop: Milliman Integrate for Cortana AnalyticsCortana Analytics Workshop: Milliman Integrate for Cortana Analytics
Cortana Analytics Workshop: Milliman Integrate for Cortana AnalyticsMSAdvAnalytics
 
Cortana Analytics Workshop: Intelligent Retail -- The Machine Learning Approach
Cortana Analytics Workshop: Intelligent Retail -- The Machine Learning ApproachCortana Analytics Workshop: Intelligent Retail -- The Machine Learning Approach
Cortana Analytics Workshop: Intelligent Retail -- The Machine Learning ApproachMSAdvAnalytics
 
Cortana Analytics Workshop: Azure Data Lake
Cortana Analytics Workshop: Azure Data LakeCortana Analytics Workshop: Azure Data Lake
Cortana Analytics Workshop: Azure Data LakeMSAdvAnalytics
 
Cortana Analytics Workshop: Using the Cortana Analytics Process
Cortana Analytics Workshop: Using the Cortana Analytics ProcessCortana Analytics Workshop: Using the Cortana Analytics Process
Cortana Analytics Workshop: Using the Cortana Analytics ProcessMSAdvAnalytics
 
Cortana Analytics Workshop: Building Next-Generation Smart Grids
Cortana Analytics Workshop: Building Next-Generation Smart GridsCortana Analytics Workshop: Building Next-Generation Smart Grids
Cortana Analytics Workshop: Building Next-Generation Smart GridsMSAdvAnalytics
 
Cortana Analytics Workshop: Deep Neural Networks
Cortana Analytics Workshop: Deep Neural NetworksCortana Analytics Workshop: Deep Neural Networks
Cortana Analytics Workshop: Deep Neural NetworksMSAdvAnalytics
 
Cortana Analytics Workshop: AI -- Assistive Intelligence
Cortana Analytics Workshop: AI -- Assistive IntelligenceCortana Analytics Workshop: AI -- Assistive Intelligence
Cortana Analytics Workshop: AI -- Assistive IntelligenceMSAdvAnalytics
 
Cortana Analytics Workshop: Big Data @ Microsoft
Cortana Analytics Workshop: Big Data @ MicrosoftCortana Analytics Workshop: Big Data @ Microsoft
Cortana Analytics Workshop: Big Data @ MicrosoftMSAdvAnalytics
 

More from MSAdvAnalytics (20)

Cortana Analytics Workshop: Predictive Maintenance in the IoT Era
Cortana Analytics Workshop: Predictive Maintenance in the IoT EraCortana Analytics Workshop: Predictive Maintenance in the IoT Era
Cortana Analytics Workshop: Predictive Maintenance in the IoT Era
 
Cortana Analytics Workshop: Cortana Analytics for Retail
Cortana Analytics Workshop: Cortana Analytics for RetailCortana Analytics Workshop: Cortana Analytics for Retail
Cortana Analytics Workshop: Cortana Analytics for Retail
 
Cortana Analytics Workshop: Cortana Analytics for Marketing
Cortana Analytics Workshop: Cortana Analytics for MarketingCortana Analytics Workshop: Cortana Analytics for Marketing
Cortana Analytics Workshop: Cortana Analytics for Marketing
 
Cortana Analytics Workshop: Real-Time Data Processing -- How Do I Choose the ...
Cortana Analytics Workshop: Real-Time Data Processing -- How Do I Choose the ...Cortana Analytics Workshop: Real-Time Data Processing -- How Do I Choose the ...
Cortana Analytics Workshop: Real-Time Data Processing -- How Do I Choose the ...
 
Cortana Analytics Workshop: Operationalizing Your End-to-End Analytics Solution
Cortana Analytics Workshop: Operationalizing Your End-to-End Analytics SolutionCortana Analytics Workshop: Operationalizing Your End-to-End Analytics Solution
Cortana Analytics Workshop: Operationalizing Your End-to-End Analytics Solution
 
Cortana Analytics Workshop: Azure Data Catalog
Cortana Analytics Workshop: Azure Data CatalogCortana Analytics Workshop: Azure Data Catalog
Cortana Analytics Workshop: Azure Data Catalog
 
Cortana Analytics Workshop: Connecting Cortana Analytics Faster -- Any Source...
Cortana Analytics Workshop: Connecting Cortana Analytics Faster -- Any Source...Cortana Analytics Workshop: Connecting Cortana Analytics Faster -- Any Source...
Cortana Analytics Workshop: Connecting Cortana Analytics Faster -- Any Source...
 
Cortana Analytics Workshop: Real-World Data Collection for Cortana Analytics
Cortana Analytics Workshop: Real-World Data Collection for Cortana AnalyticsCortana Analytics Workshop: Real-World Data Collection for Cortana Analytics
Cortana Analytics Workshop: Real-World Data Collection for Cortana Analytics
 
Cortana Analytics Workshop: Insights and Predictions -- Integrating and Deplo...
Cortana Analytics Workshop: Insights and Predictions -- Integrating and Deplo...Cortana Analytics Workshop: Insights and Predictions -- Integrating and Deplo...
Cortana Analytics Workshop: Insights and Predictions -- Integrating and Deplo...
 
Cortana Analytics Workshop: The "Big Data" of the Cortana Analytics Suite, Pa...
Cortana Analytics Workshop: The "Big Data" of the Cortana Analytics Suite, Pa...Cortana Analytics Workshop: The "Big Data" of the Cortana Analytics Suite, Pa...
Cortana Analytics Workshop: The "Big Data" of the Cortana Analytics Suite, Pa...
 
Cortana Analytics Workshop: The "Big Data" of the Cortana Analytics Suite, Pa...
Cortana Analytics Workshop: The "Big Data" of the Cortana Analytics Suite, Pa...Cortana Analytics Workshop: The "Big Data" of the Cortana Analytics Suite, Pa...
Cortana Analytics Workshop: The "Big Data" of the Cortana Analytics Suite, Pa...
 
Cortana Analytics Workshop: Developing for Power BI
Cortana Analytics Workshop: Developing for Power BICortana Analytics Workshop: Developing for Power BI
Cortana Analytics Workshop: Developing for Power BI
 
Cortana Analytics Workshop: Milliman Integrate for Cortana Analytics
Cortana Analytics Workshop: Milliman Integrate for Cortana AnalyticsCortana Analytics Workshop: Milliman Integrate for Cortana Analytics
Cortana Analytics Workshop: Milliman Integrate for Cortana Analytics
 
Cortana Analytics Workshop: Intelligent Retail -- The Machine Learning Approach
Cortana Analytics Workshop: Intelligent Retail -- The Machine Learning ApproachCortana Analytics Workshop: Intelligent Retail -- The Machine Learning Approach
Cortana Analytics Workshop: Intelligent Retail -- The Machine Learning Approach
 
Cortana Analytics Workshop: Azure Data Lake
Cortana Analytics Workshop: Azure Data LakeCortana Analytics Workshop: Azure Data Lake
Cortana Analytics Workshop: Azure Data Lake
 
Cortana Analytics Workshop: Using the Cortana Analytics Process
Cortana Analytics Workshop: Using the Cortana Analytics ProcessCortana Analytics Workshop: Using the Cortana Analytics Process
Cortana Analytics Workshop: Using the Cortana Analytics Process
 
Cortana Analytics Workshop: Building Next-Generation Smart Grids
Cortana Analytics Workshop: Building Next-Generation Smart GridsCortana Analytics Workshop: Building Next-Generation Smart Grids
Cortana Analytics Workshop: Building Next-Generation Smart Grids
 
Cortana Analytics Workshop: Deep Neural Networks
Cortana Analytics Workshop: Deep Neural NetworksCortana Analytics Workshop: Deep Neural Networks
Cortana Analytics Workshop: Deep Neural Networks
 
Cortana Analytics Workshop: AI -- Assistive Intelligence
Cortana Analytics Workshop: AI -- Assistive IntelligenceCortana Analytics Workshop: AI -- Assistive Intelligence
Cortana Analytics Workshop: AI -- Assistive Intelligence
 
Cortana Analytics Workshop: Big Data @ Microsoft
Cortana Analytics Workshop: Big Data @ MicrosoftCortana Analytics Workshop: Big Data @ Microsoft
Cortana Analytics Workshop: Big Data @ Microsoft
 

Recently uploaded

ChistaDATA Real-Time DATA Analytics Infrastructure
ChistaDATA Real-Time DATA Analytics InfrastructureChistaDATA Real-Time DATA Analytics Infrastructure
ChistaDATA Real-Time DATA Analytics Infrastructuresonikadigital1
 
SFBA Splunk Usergroup meeting March 13, 2024
SFBA Splunk Usergroup meeting March 13, 2024SFBA Splunk Usergroup meeting March 13, 2024
SFBA Splunk Usergroup meeting March 13, 2024Becky Burwell
 
TINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptx
TINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptxTINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptx
TINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptxDwiAyuSitiHartinah
 
Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity
Strategic CX: A Deep Dive into Voice of the Customer Insights for ClarityStrategic CX: A Deep Dive into Voice of the Customer Insights for Clarity
Strategic CX: A Deep Dive into Voice of the Customer Insights for ClarityAggregage
 
How is Real-Time Analytics Different from Traditional OLAP?
How is Real-Time Analytics Different from Traditional OLAP?How is Real-Time Analytics Different from Traditional OLAP?
How is Real-Time Analytics Different from Traditional OLAP?sonikadigital1
 
Virtuosoft SmartSync Product Introduction
Virtuosoft SmartSync Product IntroductionVirtuosoft SmartSync Product Introduction
Virtuosoft SmartSync Product Introductionsanjaymuralee1
 
Master's Thesis - Data Science - Presentation
Master's Thesis - Data Science - PresentationMaster's Thesis - Data Science - Presentation
Master's Thesis - Data Science - PresentationGiorgio Carbone
 
The Universal GTM - how we design GTM and dataLayer
The Universal GTM - how we design GTM and dataLayerThe Universal GTM - how we design GTM and dataLayer
The Universal GTM - how we design GTM and dataLayerPavel Šabatka
 
CI, CD -Tools to integrate without manual intervention
CI, CD -Tools to integrate without manual interventionCI, CD -Tools to integrate without manual intervention
CI, CD -Tools to integrate without manual interventionajayrajaganeshkayala
 
AI for Sustainable Development Goals (SDGs)
AI for Sustainable Development Goals (SDGs)AI for Sustainable Development Goals (SDGs)
AI for Sustainable Development Goals (SDGs)Data & Analytics Magazin
 
MEASURES OF DISPERSION I BSc Botany .ppt
MEASURES OF DISPERSION I BSc Botany .pptMEASURES OF DISPERSION I BSc Botany .ppt
MEASURES OF DISPERSION I BSc Botany .pptaigil2
 
5 Ds to Define Data Archiving Best Practices
5 Ds to Define Data Archiving Best Practices5 Ds to Define Data Archiving Best Practices
5 Ds to Define Data Archiving Best PracticesDataArchiva
 
Elements of language learning - an analysis of how different elements of lang...
Elements of language learning - an analysis of how different elements of lang...Elements of language learning - an analysis of how different elements of lang...
Elements of language learning - an analysis of how different elements of lang...PrithaVashisht1
 
Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024
Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024
Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024Guido X Jansen
 
YourView Panel Book.pptx YourView Panel Book.
YourView Panel Book.pptx YourView Panel Book.YourView Panel Book.pptx YourView Panel Book.
YourView Panel Book.pptx YourView Panel Book.JasonViviers2
 
Mapping the pubmed data under different suptopics using NLP.pptx
Mapping the pubmed data under different suptopics using NLP.pptxMapping the pubmed data under different suptopics using NLP.pptx
Mapping the pubmed data under different suptopics using NLP.pptxVenkatasubramani13
 
Cash Is Still King: ATM market research '2023
Cash Is Still King: ATM market research '2023Cash Is Still King: ATM market research '2023
Cash Is Still King: ATM market research '2023Vladislav Solodkiy
 

Recently uploaded (17)

ChistaDATA Real-Time DATA Analytics Infrastructure
ChistaDATA Real-Time DATA Analytics InfrastructureChistaDATA Real-Time DATA Analytics Infrastructure
ChistaDATA Real-Time DATA Analytics Infrastructure
 
SFBA Splunk Usergroup meeting March 13, 2024
SFBA Splunk Usergroup meeting March 13, 2024SFBA Splunk Usergroup meeting March 13, 2024
SFBA Splunk Usergroup meeting March 13, 2024
 
TINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptx
TINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptxTINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptx
TINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptx
 
Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity
Strategic CX: A Deep Dive into Voice of the Customer Insights for ClarityStrategic CX: A Deep Dive into Voice of the Customer Insights for Clarity
Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity
 
How is Real-Time Analytics Different from Traditional OLAP?
How is Real-Time Analytics Different from Traditional OLAP?How is Real-Time Analytics Different from Traditional OLAP?
How is Real-Time Analytics Different from Traditional OLAP?
 
Virtuosoft SmartSync Product Introduction
Virtuosoft SmartSync Product IntroductionVirtuosoft SmartSync Product Introduction
Virtuosoft SmartSync Product Introduction
 
Master's Thesis - Data Science - Presentation
Master's Thesis - Data Science - PresentationMaster's Thesis - Data Science - Presentation
Master's Thesis - Data Science - Presentation
 
The Universal GTM - how we design GTM and dataLayer
The Universal GTM - how we design GTM and dataLayerThe Universal GTM - how we design GTM and dataLayer
The Universal GTM - how we design GTM and dataLayer
 
CI, CD -Tools to integrate without manual intervention
CI, CD -Tools to integrate without manual interventionCI, CD -Tools to integrate without manual intervention
CI, CD -Tools to integrate without manual intervention
 
AI for Sustainable Development Goals (SDGs)
AI for Sustainable Development Goals (SDGs)AI for Sustainable Development Goals (SDGs)
AI for Sustainable Development Goals (SDGs)
 
MEASURES OF DISPERSION I BSc Botany .ppt
MEASURES OF DISPERSION I BSc Botany .pptMEASURES OF DISPERSION I BSc Botany .ppt
MEASURES OF DISPERSION I BSc Botany .ppt
 
5 Ds to Define Data Archiving Best Practices
5 Ds to Define Data Archiving Best Practices5 Ds to Define Data Archiving Best Practices
5 Ds to Define Data Archiving Best Practices
 
Elements of language learning - an analysis of how different elements of lang...
Elements of language learning - an analysis of how different elements of lang...Elements of language learning - an analysis of how different elements of lang...
Elements of language learning - an analysis of how different elements of lang...
 
Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024
Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024
Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024
 
YourView Panel Book.pptx YourView Panel Book.
YourView Panel Book.pptx YourView Panel Book.YourView Panel Book.pptx YourView Panel Book.
YourView Panel Book.pptx YourView Panel Book.
 
Mapping the pubmed data under different suptopics using NLP.pptx
Mapping the pubmed data under different suptopics using NLP.pptxMapping the pubmed data under different suptopics using NLP.pptx
Mapping the pubmed data under different suptopics using NLP.pptx
 
Cash Is Still King: ATM market research '2023
Cash Is Still King: ATM market research '2023Cash Is Still King: ATM market research '2023
Cash Is Still King: ATM market research '2023
 

Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance

  • 3. Microsoft Cloud principles Privacy and Control Security Transparency Compliance 3 3
  • 4. Security with Cortana Analytics Microsoft delivers enterprise cloud services customers can trust • Industry-leading best practices in the design and management of online services • Enhanced security, operational management, and threat mitigation practices • Trustworthy enterprise cloud services • Centers of excellence 4
  • 5. Cloud services – shared responsibility Microsoft Azure On-Premises Infrastructure (as a Service) Platform (as a Service) Software (as a Service) Each customer environment is isolated on top of Azure’s Infrastructure Shared Physical Environment Managed by: 5
  • 6. Company-wide, mandatory development and operations processes that embeds security into every phase of development and ops process. We make security a priority at every step, from code development to incident response. Security Development Lifecycle (SDL) and Operations Security Assurance (OSA) Assume breach simulation Dedicated security expert “Red Team” that simulate real-world attacks at network, platform, and application layers, testing the ability of Azure to detect, protect against, and recover from breaches. Global, 24x7 incident response service that works to mitigate the effects of attacks and malicious activity. Incident response Azure Security Design and Operations 6
  • 7. Prevent and assume breach Prevent breach – A methodical Secure Development Lifecycle and Operational Security minimizes probability of exposure Assume breach – Identifies & addresses potential gaps: • Ongoing live site testing of security response plans improves mean time to detection and recovery • Bug bounty program encourages security researchers in the industry to discover and report vulnerabilities • Reduce exposure to internal attack (once inside, attackers do not have broad access) Latest Threat Intelligence to prevent breaches and to test security response plans State of the art Security Monitoring and Response Prevent and assume breach Security monitoring and response Prevent breach • Secure Development Lifecycle • Operational Security Assume breach • Bug Bounty Program • War game exercises • Live site penetration testing Threat intelligence 7
  • 8. Operational security Strategy: Employ risk-based, multi-dimensional approach to safeguarding services and data Security Monitoring and Response Threat Intelligence Feed  Data Protection Access control, encryption, key management Data & Keys Admin Access Identity management, dual-factor authentication, training and awareness, screening, Least and Temporary Privilege User Application Security Access control, monitoring, anti- malware, vulnerability scanning, patch and configuration management Application Host Protection Access control, monitoring, anti- malware, vulnerability scanning, patch and configuration management Host System Network Security Segmentation, intrusion detection, vulnerability scanning Internal Network Network Security Edge ACLs, DOS, intrusion detection, vulnerability scanning Network Perimeter Physical Security Physical controls, video surveillance, access control Facility 8
  • 9. Infrastructure protection 24-hour monitored PHYSICAL SECURITY Centralized MONITORING AND ALERTS Antivirus/Antimalware PROTECTION Red Teaming PENETRATION TESTING FIREWALLS Update MANAGEMENT 9
  • 10. Monitoring & alerts • Performs monitoring & alerting on security events for the platform • Enables security data collection via Monitoring Agent or Windows Event Forwarding AZURE • Configures monitoring • Exports events to SQL Database, HDInsight or a SIEM for analysis • Monitors alerts & reports • Responds to alerts CUSTOMER Customer VMs Microsoft Azure ! Enable Monitoring Agent Extract event information to SIEM or other reporting system Customer Admin Portal SMAPI Events Guest VM Guest VM Cloud Services HDInsight Azure storage Alerting & reporting 10
  • 11. Update management Azure • Applies regularly scheduled updates to the platform • Releases critical patches immediately • Rigorously reviews & tests all changes • Uses a combination of third-party scanning tools for Azure environment • Utilizes integrated deployment systems to manage the distribution and installation of security updates Customer • Applies similar patch management strategies for their Virtual Machines • Monitor 100,000+ vulnerability reports • Sourced from customers & worldwide network of security researchers • Prioritize critical updates • Monthly OS releases with patches • Reconciliation report • Resolution summary • Scanning & reporting of all Azure VMs • Track & remediate any findings SCANNING AUDIT VALIDATION PATCHING ROLLOUT MONTHLY MSRC PATCH REVIEW 11
  • 12. Antivirus/antimalware protection • Performs monitoring & alerting of antimalware events for the platform • Enables real time protection, on-demand scanning, and monitoring via Microsoft Antimalware for Cloud Services and Virtual Machines AZURE • Configures Microsoft Antimalware or an AV/AM solution from a partner • Extracts events to SIEM • Monitors alerts & reports • Responds to alerts CUSTOMER Customer VMs Microsoft Azure ! Enable & configure anti-malware Extract event information to SIEM or other reporting system Customer Admin Portal SMAPI Events Guest VM Azure storage Alerting & reporting Guest VM Cloud Services 12
  • 13. Threat protection • Performs big data analysis of logs for intrusion detection & prevention for the platform • Employs denial of service attack prevention measures for the platform • Regularly performs penetration testing • Can add extra layers of protection by deploying additional controls, including DOS, IDS, web application firewalls • Conducts authorized penetration testing of their application Azure Customer Customer Environment Cloud Access & Firewall Virtual network Application tier Logic tier Database tier VPN Corp 1 Internet End Users 443 443 Microsoft Azure THREAT DETECTION: DOS/IDS Capabilities 13
  • 14. DDoS system overview MSFT Routing Layer Detection Pipeline Profile DB Scrubbing Array SLB Application Attack Traffic Scrubbed Traffic Flow Data Routing Updates Internet • Traffic is re-routed to scrubbers via dynamic routing updates • Traffic is SYN auth. and rate limited MITIGATION PROCESS • Traffic to a given /32 VIP Inbound or Outbound is tracked, recorded, and analyzed in real time to determine attack behavior DETECTION PROCESS • TCP SYN • UDP/ICMP/TCP Flood SUPPORTED DDOS ATTACK PROFILES 14
  • 15. Architected for more secure multi-tenancy • Centrally manages the platform and helps isolate customer environments using the Fabric Controller • Runs a configuration-hardened version of Windows Server as the Host OS • Uses Hyper-V, a battle tested and enterprise proven hypervisor • Runs Windows Server and Linux on Guest VMs for platform services • Manages their environment through service management interfaces and subscriptions • Chooses from the gallery or brings their own OS for their Virtual Machines Azure Customer SQL Database Fabric Controller Azure Storage Guest VM Guest VM Customer 2 Guest VM Customer 1 Customer Admin Portal SMAPI Host OS Hypervisor Microsoft Azure End Users 15
  • 16. Firewalls 16 • Restricts access from the Internet, permits traffic only to endpoints, and provides load balancing and NAT at the Cloud Access Layer • Isolates traffic and provides intrusion defense through a distributed firewall AZURE • Applies corporate firewall using site-to-site VPN • Configures endpoints • Defines access controls between tiers and provides additional protection via the OS firewall CUSTOMER VPN Corp Firewall Internet Client Cloud Access Microsoft Azure Customer 1 Application tier 443 Logic tier Database tier Virtual Network 443 16
  • 17. Identity & access Azure enables customers to better control access in a multi-tenant environment Azure Active Directory (AAD) offers enterprise identity and access management in the cloud. Enterprise cloud directory Security reports monitor access patterns that help identify potential threats. Access monitoring and logging Strong authentication adds an extra layer of security for user logins. Multi-Factor Authentication (MFA) Users get a single sign-on option across multiple applications and services. Single sign-on Developers can integrate their app with Azure AD for single sign-on functionality for their users. Integration with customer applications 17
  • 18. Access monitoring and logging Azure • Uses password hashes for synchronization • Offers security reporting that tracks inconsistent traffic patterns, including: – Sign-ins from unknown sources – Multiple failed sign-ins – Sign-ins from multiple geographies in short timeframes – Sign-ins from suspicious IP addresses and suspicious devices Customer • Reviews reports and mitigates potential threats • Can enable Multi-Factor Authentication X X X X XX X X X X X X X X X User Non-user 18
  • 19. Incident Assessment Customer Notification DevOps Engaged Event Detected Security Team Engaged Event Start Determine Customer Impact Customer Process Step 1 Determine Affected Customers Security Event Confirmed Azure Customer Notification • Leverages a 9-step incident response process • Focuses on containment & recovery • Analyzes logs and VHD images in the event of platform-level incident and provides forensics information to customers when needed • Makes contractual commitments regarding customer notification Azure incident response 19
  • 20. PrivacyPrivacy & Control Microsoft makes our commitment to the privacy of our customers a priority with independently audited policies and practices that include restricting the mining of customer data for advertising or similar commercial purposes. 20
  • 21. PrivacyTrustworthy foundation Microsoft privacy principles are designed to facilitate the responsible use of customer data, be transparent about practices, and offer meaningful privacy choices. Privacy by design Guidelines that help ensure privacy is applied in the development and deployment of products and services. Microsoft privacy standard Azure uses logical isolation to segregate each customer’s data from that of others. Data segregation 21
  • 22. Customer data When a customer utilizes Cortana Analytics, they own their data. Control over data location Customers choose data location and replication options. Control over access to data Strong authentication, carefully logged “just in time” support access, and regular audits. Encryption key management Customers have the flexibility to generate and manage their own encryption keys. Control over data deletion When customers delete data or leave Azure, Microsoft follows procedures to render the previous customer’s data inaccessible. 22
  • 23. Data control For many services, customers can specify the geographic areas where their customer data is storedData location Access to customer data by Microsoft personnel is restricted; Microsoft provides cloud-service-specific privacy statements and strong contractual commitments to safeguard customer data Data access Technical safeguards help keep customer data secure; Customers have the flexibility to implement additional encryption and manage their own keys Data protection 23
  • 24. Data location and replication • Microsoft will not store customer data outside the customer- specified geography except for global services and certain regional services • Azure replicates data both locally and to different physical locations • Every blob is replicated across three computers in a Microsoft Azure datacenter • Geo-replicated storage in a datacenter hundreds of miles away • Microsoft may transfer customer data within a geo (e.g., within Europe) for data redundancy or other purposes AZURE • Chooses where data resides • Configures data replication options CUSTOMER Microsoft Azure datacenters 24
  • 25. Data access Role-based access control Customer data is only used to provide the service, including purposes compatible with providing those service and is never used for advertising Restricted data access Customer data is only accessed when necessary to support customer’s use of Azure, or when required by law Microsoft employee access management Microsoft controls employee access to Azure customer environment 25
  • 26. Access controls are verified by independent audit and certifications Restricted data access Customer data is only accessed when necessary to support customer’s use of Azure (e.g. troubleshooting or feature improvement), or when required by law. When granted, access is controlled and logged. Strong authentication, including MFA, helps limit access to authorized personnel only. Access is revoked as soon as it’s no longer needed. 26
  • 27. Data protection Data segregation Logical isolation segregates each customer’s data from that of others. In-transit data protection Industry-standard protocols encrypt data in transit to/from outside components, as well as data in transit internally by default. Data redundancy Customers have multiple options for replicating data, including number of copies and number and location of replication datacenters. At-rest data protection Customers can implement a range of encryption options for virtual machines and storage. Encryption Data encryption in storage or in transit can be deployed by the customer to align with best practices for ensuring confidentiality and integrity of data. Data destruction When customers delete data or leave Azure, Microsoft follows procedures to render the previous customer’s data inaccessible. 27
  • 28. Data segregation SQL Database Fabric Controller Azure Storage Guest VM Guest VM Customer 2 Guest VM Customer 1 Customer Admin Portal SMAPI End Users Host OS Hypervisor Microsoft Azure Access Control • Access is through Storage account keys and Shared Access Signature (SAS) keys • Storage blocks are hashed by the hypervisor to separate accounts Storage Isolation • SQL Database isolates separate databases using SQL accounts SQL Isolation Network Isolation • VM switch at the host level blocks inter-tenant communication 28
  • 29. Encryption in Transit Azure • Encrypts most communication between Azure datacenters • Encrypts transactions through Azure Portal using HTTPS • Supports FIPS 140-2 Customer • Can choose HTTPS for REST API (recommended) • Configures HTTPS endpoints for application running in Azure • Encrypts traffic between Web client and server by implementing TLS on IIS Azure Datacenter Azure Datacenter Azure Portal 29
  • 30. Encryption at Rest • Data drives – full disk encryption using BitLocker • Boot drives – BitLocker and partner solutions • SQL Server – Transparent Data and Column Level Encryption • Files & folders – EFS in Windows Server Virtual Machines • BitLocker encryption of drives using Azure Import/Export service • StorSimple with AES-256 encryption Storage Applications • Client Side encryption through .NET Crypto API • RMS Service and SDK for file encryption by your applications 30 RMS SDK.NET Crypto SQL TDE BitLocker Partners EFS BitLocker StorSimple Virtual Machines Applications Storage
  • 31. Azure Key Vault Service Azure Vault Create Manage Monitor Import Keys from On-Premises HSM Microsoft Azure Key Vault offers encryption key management in the cloud, enabling customers to safeguard keys for use in applications they develop as well as SaaS applications that encrypt data on their behalf. In Azure, customers can: • Create/import, store, and manage cryptographic keys • Secure those keys in FIPS 140-2 Level 2 Hardware Security Modules (HSMs) Benefits: • Scale to meet the encryption needs of cloud applications • Improve performance of cloud applications by storing keys in the cloud • Reduce the time and cost required to maintain dedicated HSM hardware • Maintain control over keys - grant and revoke use by applications as needed • Gain visibility into key use through Azure logging Customer keys stay locked in very tightly monitored HSMs. Rogue operators and software cannot see customer keys. What is the feature? Grant/Revoke Permission for Applications to Use Keys 31
  • 33. Application • .NET encryption API Managed by customer .NET Cryptography documentation • RMS SDK – encrypt data by using RMS SDK Managed by customer via on-prem RMS key management service or RMS online RMS SDK documentation Platform • SQL TDE/CLE on SQL server on Azure IAAS servers Managed by customers SQL TDE/CLE documentation • SQL Azure TDE and Column Encryption features in progress Managed by Microsoft in first release and by customers in next release • StorSimple – provides primary, backup, archival Managed by customers Supports AES-256 to encrypt data in StorSimple StorSimple link and documentation System • BitLocker support for data volumes • Partner solutions for system volume encryption • BitLocker support Managed by customers BitLocker for fixed or removable volumes BitLocker commandline tool Others • Import/Export of xstore data onto drives can be protected by BitLocker Managed by customers Import/export step by step blog Layer Encryption support Key Management Comments Data Encryption 33
  • 34. Data Destruction Data Deletion • Index immediately removed from primary location • Geo-replicated copy of the data (index) removed asynchronously • Customers can only read from disk space they have written to • NIST 800-88 compliant processes are used for destruction of defective disks Disk Handling 34
  • 35. Cortana Analytics Transparency on Azure Azure helps enable customer control over customer data by providing transparency into where it is stored, who can access it, and how Microsoft helps secure it, with accessible tools and straightforward language. 35
  • 36. Data storage and use Customers know where and how their data is stored and used Customers control where customer data is stored Microsoft doesn’t use customer data for advertising Microsoft doesn’t share customer data with our advertiser-supported services or mine it for marketing Microsoft uses customer data only to provide the services, including purposes compatible with providing the services Customers may delete customer data or leave the service at any time 36
  • 37. Data access Customer controls who has access to customer data Microsoft may hire other companies to provide limited services, such as customer support, on its behalf Subcontractors are prohibited from using customer data for any other purpose Customer knows who can access their data and under what conditions 37
  • 38. Microsoft and compliance Microsoft invests heavily in the development of innovative compliance technology, processes and integration in Azure. The Microsoft compliance framework for online services maps controls to multiple regulatory standards, which helps drive the design and building of services that meet today’s high level of security and privacy needs. 38
  • 39. Microsoft and Compliance 39 Microsoft maintains a team of experts focused on ensuring that Azure meets its own compliance obligations, which helps customers meet their own compliance requirements. Compliance certifications Compliance strategy helps customers address business objectives and industry standards & regulations, including ongoing evaluation and adoption of emerging standards and practices. Continual evaluation, benchmarking, adoption, test & audit Ongoing verification by third-party audit firms. Independent verification Microsoft shares audit report findings and compliance packages with customers. Access to audit reports Prescriptive guidance on securing data, apps, and infrastructure in Azure makes it easier for customers to achieve compliance. Proven practices Azure meets a broad set of international, regional, and industry-specific compliance and regulatory standards.