Post on 19-Aug-2015
Mitigating Customer Risk with the Cybersecurity SAM EngagementNorm BarberManaging Director, UnifyCloud LLC
SAM05
Don MorrisonDirector US SAM and Compliance, Microsoft
Today’s agenda
“The Pitch”Value propositionFor SAM partnersFor customers
EngagementToday’s threat landscapeConducting the engagement
Go do’s / Ramp upQ&A
Cybersecurity SAM Engagement – “The Pitch”Cybersecurity SAM Engagement proposal discussionDon Morrison, “CIO for Litware”Norm Barber, “A SAM Partner with a Cybersecurity & Cloud competency”
BackgroundLitware is a mid-sized company; 871 PCs, 213 Physical Servers, 264 VMsThey are thinking about the key drivers of IT transformation – Cloud, Social, Mobile and Big DataWhile not an adversarial relationship with Microsoft, Litware is concerned about the financial impact of a True-up. Security is a concern, but Litware is not under regulatory requirements and believes much of their Security challenges go away as they migrate to the Cloud.
Let’s listen in on the discussion…
The Pitch
“The CIO” “The SAM Partner”
CIO and SAM partner discussionIsn’t this just another way for Microsoft to get data for a True-Up?
A Cybersecurity assessment? Is that like a pen test? What is in it for me?
What’s the big deal with Cybersecurity, we are not big or famous like Sony or the US Federal Government after all?
We are moving to the cloud, doesn’t that just solve all this Cybersecurity nonsense?
You are a licensing guy, why are you suddenly qualified to be a Cybersecurity SME?
Answers are contained in the deck that can be downloaded.
SAM Cybersecurity value propositionFor SAM partners:• Take advantage of a Cybersecurity SAM
Engagement as one step towards having a discussion about larger customer opportunities (e.g., O365/Azure, Core IO, Migration to latest OS, Systems Center)
• Broaden the value of a SAM engagement by providing data that can be rationalized against other internal data so the customer receives a more integrated view of their environment.
• Develop a long-term trusted advisor relationship by establishing credibility and demonstrating customer-focused problem solving.
• Highlight the overall benefits of incorporating SAM best practices within the organization.
• Increase customer satisfaction by helping your customers solve critical business challenges.
SAM Cybersecurity value propositionFor customers:• A foundation for securely managing software
assets and promoting good Cybersecurity hygiene in a holistic, integrated way.
• A view of the software estate can prepare a resilient IT infrastructure that can respond to threats, and meet their agreement obligations.
• Added policies and controls help ensure that a secure IT infrastructure within the organization provides an effective defense against attacks.
• Minimizing cyber risks helps organizations decrease costs from data loss, fraud from theft, loss in revenue, labor, support, employee downtime, cost to locate and reinstall lost data, customer support, and negative reputation.
• A solid Cybersecurity program helps to accelerate the migration to the cloud and adoption of mobile.
Cybersecurity SAM Engagement - context
“Antivirus and security products are designed for and focus on protecting you from prevalent classes of in the wild… threats coming from criminals, thugs and digital mobsters. It is not designed to protect you from the digital equivalent of Seal Team Six. So if you're the guy that finds himself in the crosshairs… you're not safe.”
--F-Secure “News from the Lab”, May 30, 2012
Traditional IT Modern IT
Cybersecurity SAM Engagement - context“When discussing the importance of information security we’ve probably heard excuses such as ‘we’re too small to be a target’ or ‘we don’t have anything of value’, but if there is anything this report can teach us, is that breaches can and do occur in organizations of all sizes and across a large number of industries.”
-- TechRepublic - on the 2013 edition of Verizon’s Data Breach Investigations Report.
Script kiddies; Cybercrime Cyber-espionage; Cyber-warfare
Cybercriminals State sponsored actions; Unlimited resources
Attacks on fortune 500 All sectors and even suppliers getting targeted
Software solutions Hardware rooted trust the only way
Secure the perimeter Assume breach; Protect at all levels
Hoping I don‘t get hacked You will be hacked. Did I successfully mitigate?
Company owned and tightly managed devices Bring your own device, varied management
Cybersecurity SAM Engagement - context
Source: The Guardian“INFORMATION SECURITY BREACHES SURVEY 2014”
“There has been a significant rise in the cost of individual breaches. The overall cost of security breaches for all type of organizations has increased.”
“10% of organizations that suffered a breach in the last year were so badly damaged by the attack that they had to change the nature of their business.”
Specifically, for small businesses:• 60% had a security breach• 59% expect there will be more security incidents
next year• 33% were attacked by an unauthorized outsider• 45% had an infection from viruses or malware• 31% of the worst breaches were caused by
human error • 70% keep their worst security incident under
wraps. So what’s in the news is just the tip of the iceberg.
Key observations:1. While the number of breaches has decreased,
the scale and cost has nearly doubled.
2. The investment in security as part of total IT budget is increasing across all sectors.
3. There has been a marked increase in spending on IT Security in small businesses.
4. Risk-based decisions are being made about the introduction of mobile devices.
OS Currency: Cybersecurity protection
The reality is that businesses are far more exposed running outdated and unpatched client and server operating systems:• Windows XP is 21 times more likely to be
infected by malware than Window 8 • Windows 7 is 6 times more likely to be
infected by malware than Window 8
Running pirated software makes the situation even worse. Criminals embrace pirated software because it is:• Lucrative• Spreads malware• Less risky and has a low barrier to entry
As a result, one out of three computers with counterfeit software installed will be infected by malware.
Cybersecurity: A cloud accelerator
Cloud
Over 80% of new apps were distributed or deployed on clouds in 2012
70% of organizations are either using orinvestigating cloud computing solutions
• Designed for Security from the ground up; Azure development adheres to Microsoft’s SDL.
• Adheres to a rigorous set of Security controls that govern operations and support.
• Deploys a combination of preventive, defensive, and reactive controls.
• Tight access controls on sensitive data, includingtwo-factor authentication to perform sensitive operations.
• Controls that enhance independent detection of malicious activity.
• Multiple levels of monitoring, logging, and reporting.
• A global, 24x7 incident response service that mitigates attacks and malicious activity
Cybersecurity SAM Engagement: Step 1
Gather preliminary information about the existing environment, future goals, and security concerns
Security considerations
Applications, OS, and data security
Infrastructure
People
Organizational profile
Environment
Cybersecurity Concerns
Basic information about the organization
Match installations with licenses
Cybersecurity Engagement: Step 2
After establishing an organization’s goals and objectives, the next step is to complete a software review…
Inventory deployed software
...build a detailed report on your current state
Microsoft
A cybersecurity assessment of an IT organization will be conducted.
Cybersecurity Engagement: Step 3A Cybersecurity Assessment will assess the current status using generally accepted security controls. The assessment will cover topics such as: • Authorized and unauthorized devices• Authorized and unauthorized software• Secure configurations for hardware and software• Malware defenses• Application software security
Increasing the efficiency of each control raises the success rate of the defenses in the environment.
Cybersecurity SAM Engagement - Deliverables
The recommended
set of deliverables (required for Incentive SOW)
include:
Executive Overview Report (PPT) • This report contains and Executive
Summary, summary of project background and scope, engagement results, recommendations and next steps.
Microsoft Deployment, Usage and Entitlement Analysis Reports:• The Established Deployment Position
(EDP) spreadsheet• The Effective License Position (ELP)
spreadsheet
Licensing Optimization Recommendations Report
Cybersecurity Assessment Report
Licensing Optimization Recommendations Report
Cybersecurity Assessment: Using license dataExample: Litware inventory data uncovered additional Cybersecurity risk
Assessment finding:
Windows Server 2003 has been discovered in the Litware IT infrastructure and support is scheduled to end on July 14, 2015 after which time no further support will be provided by Microsoft including security patches.
This brings to Litware elevated risk from data loss or malicious attacks, future problems of incompatible software that may not run on Windows Server 2003, and problems meeting certain regulatory requirements that require fully supported systems.
Cybersecurity Assessment Report - foundation Built on the Center for Internet Security’s Critical Security Controls (v5.1) AND the use of licensing data from a toolset like MAP
11. Limitation and Control of Network Ports, Protocols and Services
12. Controlled Use of Administrative Privileges
13. Boundary Defense
14. Maintenance, Monitoring, and Analysis of Audit Logs
15. Controlled Access Based on the Need to Know
16. Account Monitoring and Control
17. Data Protection
18. Incident Response and Management
19. Secure Network Engineering
20. Penetration Tests and Red Team Exercises
1. Inventory of Authorized and Unauthorized Devices
2. Inventory of Authorized and Unauthorized Software
3. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
4. Continuous Vulnerability Assessment and Remediation
5. Malware Defenses
6. Application Software Security
7. Wireless Access Control
8. Data Recovery Capability
9. Security Skills Assessment and Appropriate Training to Fill Gaps
10. Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
Cybersecurity Assessment: Using license dataLeveraging inventory data that provides value beyond licensing is key
11.Limitation and Control of Network Ports, Protocols and Services
12.Controlled Use of Administrative Privileges13.Boundary Defense 14.Maintenance, Monitoring, and Analysis of
Audit Logs 15.Controlled Access Based on the Need to
Know 16.Account Monitoring and Control 17.Data Protection 18.Incident Response and Management 19.Secure Network Engineering 20.Penetration Tests and Red Team Exercises
1. Inventory of Authorized and Unauthorized Devices
2. Inventory of Authorized and Unauthorized Software
3. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
4. Continuous Vulnerability Assessment and Remediation
5. Malware Defenses 6. Application Software Security 7. Wireless Access Control 8. Data Recovery Capability 9. Security Skills Assessment and Appropriate
Training to Fill Gaps 10.Secure Configurations for Network Devices
such as Firewalls, Routers, and Switches
The CSC can be complex
Maturity Model Pivot
Details have been created in the SAM Cybersecurity Assessment guidance
BasicThe program is tactical at best and the risks of a Cybersecurity issue are significant.
StandardizedThe program is proactive and the risks of a Cybersecurity issue are moderate.
DynamicThe program is strategic and optimal and the risks of a Cybersecurity issue are minimal.
RationalizedThe program is holistic and fully operational and the risks of a Cybersecurity issue are limited.
Cybersecurity Assessment Report - contentsTable of contentsSAM Cybersecurity Assessment Report• Organization and IT Overview
SAM Cybersecurity Goals• Summary of Inventory Tools
Cybersecurity Summary• Critical Security Controls (v5.1)
Current Cybersecurity Maturity Findings and Recommendations• Current Cybersecurity Maturity Findings• Cybersecurity Future State and Recommendations
SAM Policies and Procedures for Cybersecurity
Current Cybersecurity maturity findingsUse the CSC as a framework to evaluate the maturity of each Control Domain
Cybersecurity future state and recommendations
Using the CSC Maturity Model, work with customer to chart the next step
SAM policies and procedures for CybersecurityThe sample report includes suggested “Good Practices” policies
SAM partner Ramp Up / Go Do’sTo seize the Cybersecurity SAM Engagement opportunity you should…Review the SAM Cybersecurity Engagement Kit and sample reports
Become familiar with the Critical Security Controls (v5.1)
Prepare to deliver a Cybersecurity Assessment by:• Obtaining your SAM competency• Training up a resource to be a credible Cybersecurity SME (e.g., pass CISSP)• Hiring a resource with Cybersecurity skills and certifications; or by• Partnering with Microsoft or a Microsoft Partner for deeper Cybersecurity expertise
SAM Cybersecurity resourcesCritical Security Controls (v5.1)Center for Internet Security: (http://www.cisecurity.org) Download Controls: (http://www.counciloncybersecurity.org/critical-controls)
Cybersecurity SAM Engagement support materials:Downloads for the Kit, sample reports and sample report development guidance:https://mspartner.microsoft.com/en/us/pages/licensing/software-asset-management.aspx#Cybersecurity
Microsoft SAM partner resourcesMicrosoft Partner Network: http://aka.ms/SAMCybersecurity Yammer: https://www.yammer.com/westerneuropesampartnertraininggroup
Key ServicesCybersecurity Risk AssessmentsProviding a current / future state analysis of Cybersecurity for a Hybrid IT environment (on-premises, Cloud, Mobile).
Data Center Modernization Reports (DCMRs)Using IT discovery tools, provide a roadmap for migrating to “Modern IT” using Office 365, SQL Database, and the Azure platforms.
Azure Application RefactoringStarting with a detailed Application Cloud Readiness Assessment (ACRA) and using our tools and offshore Azure resources, we evaluate, re-architect and remediate apps to run effectively in Azure.
Assessment, Remediation, and Monitoring Tools
CloudAssessor™Using IT inventory data from discovery tools like MAP, the Assessor tool creates a Data Center Modernization Report on what a Modern IT environment will look like once Office 365, SQL Azure and Azure platforms (IaaS / PaaS) are used.
CloudValidator™Using static code analysis, SQL scripts and configuration data, the Validator tool analyzes and recommends changes down to the code block level dramatically reducing remediation time even suggesting sample code to accelerate the remediation effort.
CloudNavigator™Navigator serves as the repository for the suite of tools to allow Services settings and coding best practices to remain in sync in both the Dev/Test and production environments to minimize IT risk. Navigator is updated as Azure features and settings are enhanced.
CloudMonitor™Once applications are deployed into an Azure subscription, the Monitor tool scans Azure-based applications for out of compliance conditions against policy and standards as new Azure features are released, applications are upgraded, and Cloud IT policies evolve.
Accelerating Azure adoption and driving consumption in FY16 through migration and risk management tools and services.
As a Microsoft Cloud, Cybersecurity and SAM partner, UnifyCloud LLC has developed tools and related services focusing on the key sales motion scenarios for FY16 including:
• Transform the Datacenter
• Enable Application Innovation
• Unlock Data Insights
• Ensure IT Security & Controls
Meet me at the SAM lounge….
Tuesday, July 14: 11:30am-1:30pmTuesday, July 14: 5:00pm-6:00pmWednesday, July 15: 1:00pm-3:00pm
Questions?
Don Morrisondmorriso@microsoft.com
Norm Barbernormb@unifycloud.com
© 2015 Microsoft Corporation. All rights reserved.