Data Privacy and Protection in the CloudJules CohenSarah FenderA.J. Schwab

OFC-B233

Changing Data Protection Concerns to Opportunities

Pre-adoption concern

60% cited concerns around data security as a barrier to adoption

45% concerned that the cloud would result in a lack of data control

Security

Privacy

94% experienced security benefits they

didn’t previously have on-premise

62% said privacy protection increased as a result of moving to the cloud

Benefit realized

Barriers to Cloud Adoption study, ComScore, September 2013

Microsoft’s approach to data protection

Design for privacy

1

Built-in features

2

Protect data in operations

3

Provide transparency and choice

4

Privacy governance

Program

Design for Privacy1

Commitments

People

Privacy governance

Program

Design for Privacy1

CommitmentsProces

sPeople

Privacy governance

Program

Design for Privacy1

CommitmentsTechnolog

yProcessPeople

Privacy governance

Program

Design for Privacy1

Commitments

Built-in features

Sarah FenderDirector, Azure Product Marketing

Data protections in Azure

Built-in features2

Redundancy & Backup Data EncryptionIdentity – Azure ADData Location

Customer Control Azu

re

Note: Microsoft Azure data centers, Australia – Q2 FY15

GEO REGION

Asia PacificAsia Pacific East (Hong Kong)Asia Pacific Southeast (Singapore)

EuropeEurope North (Ireland)Europe West (Netherlands)

United States

US North Central (Illinois)US South Central (Texas)US East (Virginia)US West (California)

JapanJapan East (Saitama Prefecture)Japan West (Osaka Prefecture)

Brazil South (Preview)

Sao Paulo State

Data location

Data redundancy

Locally redundant storage

US East

US West

> 400 miles

Geo-redundant storage

Replication

Data redundancy

Configuring data location and redundancy

Locations

East Asia

Southeast Asia

North Europe

West Europe

East US

North Central US

South Central US

West US

Japan East

Japan West

Brazil South (Preview)

South Central US

Enable single sign on across Microsoft online services and a world of other cloud applications

Extend and synchronize on-premises directories to the cloud

Centrally manage user accounts in the cloud

Manage identities and access to cloud applications

Your cloud apps ready when you are.

SaaS apps

SaaS apps

Manage identities and access to cloud applications

Your cloud apps ready when you are.

IT professional

SaaS apps

Enable single sign on across Microsoft online services and a world of other cloud applications

Extend and synchronize on-premises directories to the cloud

Centrally manage user accounts in the cloud

Security reporting that tracks inconsistent access patterns

Built-in security features

Monitor and protect access to enterprise apps

Ensure secure access and visibility on usage patterns for SaaS and cloud-hosted LOB applications.

Step up to Multi-Factor Authentication

Monitor and protect access to enterprise apps

Ensure secure access and visibility on usage patterns for SaaS and cloud-hosted LOB applications.

X X X X X

X X X X X

X X X X X

Security reporting that tracks inconsistent access patterns

Built-in security features

Step up to Multi-Factor Authentication

Data encryption

Virtual Machines

SQL TDE Bitlocker

Partners EFS

Applications RMS SDK

Storage .NET Crypto Bitlocker StorSimple

Data protections in Office 365

Built-in features2

Data protection at rest

Data Protection in motion Data Protection in motion

Data protection at rest

Data protection at rest Data protection at restOffi

ce 3

65

Protect data in operations

A.J. SchwabSenior Privacy Architect, Office 365

Defense in depth strategy

Protect data in operations3

DataApplicationNetwork Host Security

Identity & Access ManagementPhysical

24x7x365 Incident Response

Key operational protections

Protect data in operations3

Data isolation Limited access

MFA for service access

Auditing of all operator access and actions

Zero standing permissions in the service

Automatic Microsoft staff account deletion

Staff background checks, training

Approach to compliance

Protect data in operations3

Certification and Attestations

Controls Framework Predictable Audit Schedule

Industry Standards and Regulations

&

Customer storiesKindred Healthcare

Background Solution Benefits

• With 76,000 employees, one of the U.S.’s largest diversified healthcare providers.

• Acquired a provider with 22,000 employees, and a disparate email system

• Aggressive timeline for technology standardization

• Needed a single collaboration platform, geared for mobile, that ensures privacy of patient data

• Selected Office 365 Exchange, SharePoint, and Lync Online

• Flexible licenses and costs based on employee role and need

• Met security and privacy needs for regulatory compliance

• Implemented out-of-the-box retention, legal holds, eDiscovery, and encryption features

• Gained access to improved collaboration tools

• Single platform that met all group needs, with a single identity management solution

• Greater control of data through privacy and protection features

• Facilitates regulatory compliance

http://www.microsoft.com/casestudies/Microsoft-Office-365/Kindred-Healthcare/Healthcare-Provider-Chooses-Office-365-to-Meet-Compliance-Needs-Boost-Communications/710000003096

Customer storiesAl Murjan Holdings

Background Solution Benefits

• Major investment firm with an international presence

• Need to provide employees with access to applications anywhere in the world

• Solution must been stringent privacy and security laws and regulations

• Limited IT resources to support on-prem IT solutions

• Selected Office 365 Exchange, SharePoint, and Lync Online

• Leveraged a Microsoft partner to help implement the solution in a streamlined, compliant manner

• Improved availability, reducing downtime

• Lower total cost of ownership through reduced support, license costs

• Improved privacy and security through greater physical data security, logical controls

• Encryptions features further enhance privacy

http://www.microsoft.com/casestudies/Microsoft-Office-365-Plan-E1/Al-Murjan-Holding/Holding-Company-Increases-Productivity-and-Cuts-Costs-by-Implementing-a-Cloud-Solution/710000003923

Customer storiesstrategy&

Background Solution Benefits

• Consulting firm with more than 3,000 staff in 57 offices across 40 countries

• Contact information stored in personal Outlook address books, four different CRM systems

• Inefficient processes for identifying clients and targeting outreach

• Developed new Client Connect solution built on Dynamics CRM Online

• Migrated data from disparate platforms

• Leveraged functionality to control privacy and usage of contacts contributed to the system

• 95% adoption rate by executives

• More comprehensive view of clients, efficient targeting for marketing efforts

• Gained trust of end users by assuring data privacy, thus increasing adoption

http://www.microsoft.com/casestudies/Microsoft-Dynamics-CRM-2013/Strategy/Leading-Consulting-Firm-Improves-Marketing-and-Encourages-Teamwork-with-CRM-Solution/710000003810

Provide transparency and choice

Provide transparency and choice4

Shared protection responsibility

Data classification

Client and end point protection

Identity and access

Application level controls

Network controls

Host security

Physical security

IaaS PaaS SaaS

Cloud Customer

Cloud Provider

Microsoft Trust Centers

Provide transparency and choice4

Protection configuration documentation

Provide transparency and choice3

Summary

Design for privacy

1

Built-in features

2

Protect data in operations

3

Provide transparency and choice

4

Breakout Sessions (session codes and titles)

DCIM-B221 Microsoft Azure Security and Compliance Overview (available on demand from msteched.com) DCIM-B387 Data Protection in Microsoft Azure Wednesday, May 14 8:30 AM - 9:45 AM

Related content

Find Me Later At. . . Visit the Security & Compliance station in the Azure booth

ResourcesTrustworthy Computing Cloud Serviceshttp://www.microsoft.com/trustedcloudhttp://www.microsoft.com/en-us/twc/privacy/cloud-privacy.aspx

Trust CentersOffice 365 - http://www.microsoft.com/en-us/office365/trust-center.aspxWindows Azure - http://www.windowsazure.com/en-us/support/trust-center/ Dynamics - http://crm.dynamics.com/en-us/trust-center

Resources

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

msdn

Resources for Developers

http://microsoft.com/msdn

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Sessions on Demand

http://channel9.msdn.com/Events/TechEd

Complete an evaluation and enter to win!

Evaluate this session

Scan this QR code to evaluate this session.

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.