microsoft office 365 cloud principles
Post on 02-Jun-2018
247 Views
Preview:
TRANSCRIPT
-
8/10/2019 Microsoft Office 365 Cloud Principles
1/36
-
8/10/2019 Microsoft Office 365 Cloud Principles
2/36
-
8/10/2019 Microsoft Office 365 Cloud Principles
3/36
Is cloud computing secure?
Are Microsoft Online Services se
Security
Where is my data?
Who has access to my data ?
Transparency
What does privacy at Microsoft mean?
Are you using my data to build advertisingproducts?
Privacy
What certifications and capabilities doesMicrosoft hold?
How does Microsoft support customercompliance needs?
Do I have the right to audit Microsoft?
Compliance
-
8/10/2019 Microsoft Office 365 Cloud Principles
4/36
Exceedge
R
Compliance withWorld Class Industry
standards verifiedby 3rdparties
Independently
VerifiedYour
PrivacyMatters
You know where dataresides, who can
access it and what wedo with it
Leadership in
Transparency
-
8/10/2019 Microsoft Office 365 Cloud Principles
5/36
http://trustoffice365.com
Office 365 Privacy Whitepaper
Office 365 Security Whitepaper andService Description
Office 365 Standard Responses to
Request for Information Office 365 Information SecurityManagement Framework
-
8/10/2019 Microsoft Office 365 Cloud Principles
6/36
Services are highly configurable and scalable without customization.
Services are under the Microsoft Security Policy.
We provide transparency in data locationand transfers.
We audit on your behalf and provide certification reports.
Microsofts liability is capped, consistent with industry standards.
Office 365 is an evergreen service. Customers need to stay current.
Our solution evolves rapidly with a documented roadmap.
We provide services offers to help you migrate to the cloud efficientl
-
8/10/2019 Microsoft Office 365 Cloud Principles
7/36
7
-
8/10/2019 Microsoft Office 365 Cloud Principles
8/36
Office 365 is a highly standardized service that Microsoft offers unstandardized contractual terms and condition.
-
8/10/2019 Microsoft Office 365 Cloud Principles
9/36
-
8/10/2019 Microsoft Office 365 Cloud Principles
10/36
-
8/10/2019 Microsoft Office 365 Cloud Principles
11/36
Establish SecurityRequirements
Create QualityGates / Bug Bars
Security & PrivacyRisk Assessment
Reduce vulnerabilities, limit exploit severity
Training Requirements
Education
Administer and tracksecurity training
Core SecurityTraining
Design Implementation Verification
Process
Guide product teams to meetSDL requirements
Establish DesignRequirements
Analyze AttackSurface
ThreatModeling
Use ApprovedTools
DeprecateUnsafe
Functions
Static Analysis
DynamicAnalysis
Fuzz Testing
Attack SurfaceReview
IncidentResponse Pla
FinalSecurityReview
ReleaseArchive
Ongoing Process Improvements
Release
Establishrelease criteriaand sign-off as
part of FSR
Accou
-
8/10/2019 Microsoft Office 365 Cloud Principles
12/36
Network perimeter
Internal network
Host
Application
Data
User
Facility
Threat and vulnerability management, monitoring
Edge routers, intrusion detection, vulnerability sc
Dual-factor authentication, intrusion detection, vuscanning
Access control and monitoring, anti-malware, pat
configuration management
Secure engineering (SDL), access control and monmalware
Access control and monitoring, file/data integrity
Account management, training and awareness, sc
Physical controls, video surveillance, access contr
-
8/10/2019 Microsoft Office 365 Cloud Principles
13/36
https://www.cert.org/blogs/certcc/2011/04/office_shootout_microso
https://www.cert.org/blogs/certcc/2011/04/office_shootout_microsoft_offi.htmlhttps://www.cert.org/blogs/certcc/2011/04/office_shootout_microsoft_offi.html -
8/10/2019 Microsoft Office 365 Cloud Principles
14/36
-
8/10/2019 Microsoft Office 365 Cloud Principles
15/36
Choices to keep Office 365 Customer Data separate from consumer services.
Office 365 Customer Data belongs to the customer.
Customers can export their data at any time.
At Microsoft, our strategy is to consistently set a high bar around privacy practiceglobal standards for data handling and transfer
Privacy at Office 365
No Mingling
Data Portability
No advertising products out of Customer Data.
No scanning of email or documents to build analytics or mine data.
No Advertising
-
8/10/2019 Microsoft Office 365 Cloud Principles
16/36
How Privacy of Data is Protected?Microsoft Online Services Customer Data1 Usage Data
Account andAddress Book Data
Customer Data (excludingCore Customer data)
Operating and Troubleshooting the Service Yes Yes Yes
Security, Spam and Malware Prevention Yes Yes Yes Improving the Purchased Service, Analytics Yes Yes Yes
Personalization, User Profile, Promotions No Yes No
Communications (Tips, Advice, Surveys, Promotions) No No/Yes No
Voluntary Disclosure to Law Enforcement No No No
Advertising5 No No No
We use customer data for just what they pay us for - to maintain and provide Offic
Usage Data Address Book DataCustomer Data (excludingCore Customer Data*)
Core
Operations Response Team
(limited to key personnel only)Yes. Yes, as needed. Yes, as needed. Yes,
Support OrganizationYes, only as required inresponse to Support Inquiry.
Yes, only as required in response toSupport Inquiry.
Yes, only as required in responseto Support Inquiry.
No.
Engineering Yes.No Direct Access. May Be TransferredDuring Trouble-shooting.
No Direct Access. May BeTransferred During Trouble-shooting.
No.
PartnersWith customer permission. SeePartner for more information.
With customer permission. See Partnerfor more information.
With customer permission. SeePartner for more information.
WithPart
Others in Microsoft No.No (Yes for Office 365 for small businessCustomers for marketing purposes).
No. No.
-
8/10/2019 Microsoft Office 365 Cloud Principles
17/36
Compliance
-
8/10/2019 Microsoft Office 365 Cloud Principles
18/36
Office 365 compliance
Address privacy, security and handling of Customer Data.
Going above and beyond the EU Model Clauses to address additional requirements from individual EU member stat
Enables customers to comply with their local regulations.
Office 365 is the first major business productivity public cloud service provider willing to sign EU Model Clauses with
EU Model Clauses a set of stringent European Union wide data protection requirements
Data Processing Agreement
EU Model Clauses
ISO27001 is one of the best security benchmarks available across the world.
Office 365 first major business productivity public cloud service to implement rigorous ISO security controls on physand management
ISO27001
We are the first and only major cloud based productivity to offer the
ff
-
8/10/2019 Microsoft Office 365 Cloud Principles
19/36
Office 365 compliance
EU generally prohibits personal data from crossing borders into other countries except under circumstances in whichbeen legitimated by a recognized mechanism, such as the "Safe Harbor" certification
Microsoft was first certified under the Safe Harbor program in 2001, and we recertify compliance with the Safe Harbotwelve months
EU Safe Harbor
HIPAA is a U.S. law that requires HIPAA covered entities to meet certain privacy and security standards with respect tidentifiable health information
Microsoft is offering to sign the Business Associate Agreement (BAA) for any Microsoft Enterprise Agreement customenables our customers to comply with HIPAA concerning protected health information.
US Health Insurance Portability and Accountability A
Comply with additional industry leading standards
-
8/10/2019 Microsoft Office 365 Cloud Principles
20/36
-
8/10/2019 Microsoft Office 365 Cloud Principles
21/36
T
-
8/10/2019 Microsoft Office 365 Cloud Principles
22/36
Transparency
Microsoft notifies you of changes in data center locations.
Core Customer Data accessed only for troubleshooting and malware prevention purposes
Core Customer Data access limited to key personnel on an exception basis.
How to get notified?
Who accesses and What is accessed?
Clear Data Maps and Geographic boundary information provided
Ship To address determines Data Center Location
Where is Data Stored?
At Microsoft, our strategy is to consistently set a high bar around privacy practiceglobal standards for data handling and transfer
-
8/10/2019 Microsoft Office 365 Cloud Principles
23/36
-
8/10/2019 Microsoft Office 365 Cloud Principles
24/36
This saves customers time and money, and allows Micto provide assurances to customers at scale.
-
8/10/2019 Microsoft Office 365 Cloud Principles
25/36
Policy
ControlFramework
Standards
Operating Procedures
Business rules for protecting inforsystems which store and process i
A process or system to assure the of policy
System or procedural specific requ
must be met
Step-by-step procedures
-
8/10/2019 Microsoft Office 365 Cloud Principles
26/36
26
-
8/10/2019 Microsoft Office 365 Cloud Principles
27/36
-
8/10/2019 Microsoft Office 365 Cloud Principles
28/36
-
8/10/2019 Microsoft Office 365 Cloud Principles
29/36
-
8/10/2019 Microsoft Office 365 Cloud Principles
30/36
-
8/10/2019 Microsoft Office 365 Cloud Principles
31/36
-
8/10/2019 Microsoft Office 365 Cloud Principles
32/36
-
8/10/2019 Microsoft Office 365 Cloud Principles
33/36
Recommended PartnerMicrosoft Cloud Vantage
l d
-
8/10/2019 Microsoft Office 365 Cloud Principles
34/36
Cloud Vantage Services helps you realize
business value from your Office 365
investments by providing deep expertise
and collaborationacross the fulllifecycle
to smoothly transition to Office 365, and
make the most out of your cloud
investments.
Cloud Vantage S
-
8/10/2019 Microsoft Office 365 Cloud Principles
35/36
-
8/10/2019 Microsoft Office 365 Cloud Principles
36/36
2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/o
information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentations. Because Microsoft must
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
top related