• Secures against attacks • Protects confidentiality, integrity, and availability of data and systems • Helps manage risk • Protects from unwanted communication • User choice and.
Download ReportTranscript • Secures against attacks • Protects confidentiality, integrity, and availability of data and systems • Helps manage risk • Protects from unwanted communication • User choice and.
• Secures against attacks • Protects confidentiality, integrity, and availability of data and systems • Helps manage risk • Protects from unwanted communication • User choice and control • Products, online services adhere to fair information principles • Dependable, available • Predictable, consistent, responsive service • Maintainable • Resilient, easily restored • Proven, ready 1,000 US consumers surveyed by Wakefield research Broad Network Access Service Model IaaS PaaS SaaS CONCERNS BENEFITS scalability increased agility flexibility Reduced costs privacy security reliability RESPONSIBILITY: Data classification Client and end point protection Identity and access management IaaS PaaS SaaS CLOUD CUSTOMER Application level controls Host security Network controls Physical security CLOUD PROVIDER What are your current IT capabilities? Can you improve your people, processes, and technologies? Can cloud reduce your risks while reducing cost? CCM control Description DG-01 All data shall be designated with Data stewardship with assigned responsibilities Governance defined, documented and communicated. Ownership / Stewardship Data, and objects containing data, shall be assigned a classification based on data type, DG-02 jurisdiction of origin, jurisdiction domiciled, context, legal constraints, contractual Data constraints, value, sensitivity, criticality to Governance the organization and third party obligation Classification for retention and prevention of unauthorized disclosure or misuse. Where are you now? Where will you be? Can cloud help? • Cloud Security Readiness Tool (CSRT) data between October 2012 and March 2013. • Approximately 5700 anonymized answers to CSRT questions • Margin of error • +/- 1% USA/EUROPE • +/- 10% ASIA INFORMATION SECURITY antivirus/antimalware software FACILITY SECURITY controlled user access to data clock synchronization SECURITY ARCHITECTURE HUMAN RESOURCES SECURITY prudent hiring practices OPERATIONS MANAGEMENT effective capacity planning OPERATIONS MANAGEMENT effective equipment maintenance INFORMATION SECURITY consistent incident reporting LEGAL PROTECTION nondisclosure agreements 1. Getting Started. 2. Making Progress. 3. Almost There. 4. Streamlined. 20% 10% If the answer was Almost There or Streamlined, a +1 value was assigned for maturity. If the answer was Getting Started or Making Progress, a -1 value was assigned for maturity. 14.7% 0% -0.4% -5.8% -10% -12.7% -20% -12.6% -16.4% -22.8% -30% -9.0% -15.7% -26.9% -24.0% -24.2% -25.3% -26.5% -25.7% -31.7% -31.6% -32.8% -35.6% -34.9% -40% -28.7% -30.6% -39.4% -41.0% -42.8% -44.3% -50% -52.4% -60% Q1 Q2 Q3 Q4 Q5 Q6 Q7 Q8 Q9 Q10 Q11 Q12 Q13 Q14 Q15 Q16 Q17 Q18 Q19 Q20 Q21 Q22 Q23 Q24 Q25 Q26 Q27 100% Worldwide Asia Europe North America 80% 60% 40% 20% 0% Getting Started Making Progress Almost There Streamlined 100% Worldwide Asia Europe North America 80% 60% 40% 20% 0% Getting Started Making Progress Almost There Streamlined 100% Worldwide Asia Europe North America 80% 60% 40% 20% 0% Getting Started Making Progress Almost There Streamlined 100% Worldwide Asia Europe North America 80% 60% 40% 20% 0% Getting Started Making Progress Almost There Streamlined 100% Worldwide North America Europe 80% 60% 40% 20% 0% Getting Started Making Progress Almost There Streamlined 40.0% 31.3% 4.2% 10.0% 14.6% 50.0% Getting Started 20.0% 30.0% Making Progress Almost There Streamlined Resource planning Equipment maintenance 100% Worldwide Europe North America 80% 60% 40% 20% 0% Getting Started Making Progress Almost There Streamlined 100% Worldwide Europe North America 80% 60% 40% 20% 0% Getting Started Making Progress Almost There Streamlined 100% Worldwide Europe North America Almost There Streamlined 80% 60% 40% 20% 0% Getting Started Making Progress 100% Worldwide Europe North America 80% 60% 40% 20% 0% Getting Started Making Progress Almost There Streamlined USA/ME/Africa/Australia HIPAA / HITECH Act ISO/IEC 27001-2005 NIST Guidelines Europe/Asia PCI DSS v2.0 Enisa NIST Guidelines PCI DSS v2.0 The better you understand your people, processes, and technologies, the more you will be able to make informed comparisons and evaluate the benefits of the cloud. Visit the Trustworthy Computing – Cloud TechCenter and its many resources: The Cloud Security Readiness Tool • A free assessment to help you • evaluate the benefits of the cloud • create a plan for adoption • better understand your organization’s capabilities Additional resources on cloud security, privacy, and reliability microsoft.com/trustedcloud http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn