Robert Brzezinski MBA, CHPS, CISA, CISMisacacuracao.com/wp-content/uploads/2019/09/... · Cisco...
28
Sensitivity: Internal Security Architecture in Cloud First Organization Microsoft example Robert Brzezinski MBA, CHPS, CISA, CISM Bizwit LLC, Columbus, OH www.bizwit.us 2019 (C) Bizwit LLC 1
Transcript of Robert Brzezinski MBA, CHPS, CISA, CISMisacacuracao.com/wp-content/uploads/2019/09/... · Cisco...
Sensitivity: Internal
Security Architecture in Cloud First OrganizationMicrosoft example
Robert Brzezinski MBA, CHPS, CISA, CISMBizwit LLC, Columbus, OHwww.bizwit.us
2019 (C) Bizwit LLC 1
Sensitivity: Internal
The Perpetrator2019 (C) Bizwit LLC 2
Sensitivity: Internal
POA&M
• Why Cloud First?
• What is the Cloud First?
• Key Security Concepts for Cloud First
• Protecting Identities
• Protecting Devices
• Attack Prevention & Detection
• Protecting Information / Data
First Published in 1973Leopold Kohr
2019 (C) Bizwit LLC 3
Sensitivity: Internal
Why Cloud First -> Working Smart
46 % in Office
150% Increase
43 Hours per week
http://technalysisresearch.com/downloads/TECHnalysis%20Research%20Workplace%20of%20the%20Future%20Study%20Highlights.pdf
25% BYOD
75% Email, Phone,
Text
65 % Windows
2019 (C) Bizwit LLC 4
Sensitivity: Internal
Why Cloud First -> Working Smart
Security • Systems & Devices Vulnerabilities
• Email & Social Attack Vectors
• Data Loss, Unauthorized Disclosure & Visibility
Compliance• Rules Enforcement & Documentation
• Continuous Audit
2019 (C) Bizwit LLC 5
Sensitivity: Internal
Why Cloud First
• Better holistic Security
• Politically correct
• The success of others– Efficiency– Cost …
Like so many IT projects, it starts with culture, according to David Chou, CIO of Children’s Mercy.
• 600+ apps – most in the Cloud
• ERP in Amazon AWS
• Email & communications – Office 365 / Azure
• Cloud Security tools
https://www.infoworld.com/article/3304283/public-cloud/the-3-reasons-cios-have-become-cloud-first.html 2019 (C) Bizwit LLC 6
CIOs from large organizations
Sensitivity: Internal
What is a Cloud First approach?
Source: CHIME Healthcare’s Most Wired, National Trends 2018
Federal Cloud First policy 12/2010• Federal Data Center
Consolidation Initiative • Shared Services
Essential Characteristics of Cloud:• On-demand provisioning• Broad network access• Resource pooling• Rapid elasticity• Measured services
2019 (C) Bizwit LLC 7
Sensitivity: Internal
Common challenges with Cloud adoption
Lift-and-Shift• Off site backup• Disaster Recovery• Scalability• Bolting on Cloud to server app
• SSO & SsSV• Email only to Cloud / Office 365
2019 (C) Bizwit LLC 8
Sensitivity: Internal
Windows 10 Office 365Enterprise Mobility
+ Security
Identity
Attack Detection & Prevention
2019 (C) Bizwit LLC 9
Key Security Concepts for Cloud First Approach –> Microsoft 365
Sensitivity: Internal
2019 (C) Bizwit LLC 10
Sensitivity: Internal
2019 (C) Bizwit LLC 11
https://www.northropgrumman.com/AboutUs/Contracts/ManagedServices/Pages/SecurityServices.aspx
Sensitivity: Internal
2019 (C) Bizwit LLC 12
https://www.northropgrumman.com/AboutUs/Contracts/ManagedServices/Pages/SecurityServices.aspx
Sensitivity: Internal
Key Security Concepts for Cloud First Approach –> Microsoft 365
Windows 10 Office 365Enterprise Mobility
+ Security
Identity
Attack Detection & Prevention
2019 (C) Bizwit LLC 13
Sensitivity: Internal
Enterprise –Level Identity Protection
Azure Active DirectoryZero Trust
Windows Hello – password-lessCredential GuardConditional AccessCloud App Security
Windows 10 Office 365Enterprise Mobility +
Security
Protect user identities to prevent theft and misuseSecure authentication
Improve visibility to help identify abnormal behaviors and usageSecure authentication
Cloud identity and access managementConditional access & Identity protection
2019 (C) Bizwit LLC 14
Sensitivity: Internal
Enterprise –Level Identity Protection
Conditional access
2019 (C) Bizwit LLC 15
User / Group Device
LocationApplication
Sensitivity: Internal
Device Protection
BitLockerSmartScreenWindows Defender & ATPSecurity BaselineGPO vs Intune policies
Windows 10 Office 365 Enterprise Mobility + Security
Protects devices and data with comprehensive set of defense and management tools, that can help protect, detect and respond to advanced attacks
Reduces threat of malicious content, improves visibility to help identify abnormal behaviors, usage, security incidents and threats.
Protects user identities, helps identify high-risk usage and safeguards against advanced attacks in the cloud and on-premises.
2019 (C) Bizwit LLC 16
Sensitivity: Internal
Proactive Attack Detection & Prevention
Office 365 Advanced Threat Protection
Office 365 Threat Intelligence
Office 365 Security & Compliance Center
Azure Security Center
Windows Defender Advanced Threat Protection
Windows Defender Security Center
Cloud App Security
Advanced Threat Analytics
2019 (C) Bizwit LLC 17
Sensitivity: Internal
Information (Data) Protection
Advanced Compliance & Security ManagementData Loss Prevention (DLP)Azure Information Protection (AIP)Intune & Windows Information Protection (WIP)
Windows 10 Office 365 Enterprise Mobility + Security
Protection of business data across devices and locations
Advanced detection, protection and monitoring of sensitive information
Advanced classification and security for sensitive information –anytime, anywhere
Detect + Classify + Protect + Monitor
2019 (C) Bizwit LLC 18
Sensitivity: Internal
Information (Data) Protection
Document Access & SharingPolicy ViolationsAnomalous Activities
Detect + Classify + Protect + Monitor
Tune up policiesRevoke AccessQuarantine User or FileIntegrate Into Workflows or SIEM
2019 (C) Bizwit LLC 19
Sensitivity: Internal
Attacks Never Stop2019 (C) Bizwit LLC 20
www.jklossner.com
Sensitivity: Internal
Attacks Never Stop2019 (C) Bizwit LLC 21
Sensitivity: Internal
Configuration Matters
# 1 Cloud Security Principle -Shared Security Responsibility
2019 (C) Bizwit LLC 22
Sensitivity: Internal
Configuration Matters
# 1 Cloud Security Principle -Shared Security Responsibility
2019 (C) Bizwit LLC 23
NIST AR19-133Ahttps://www.us-cert.gov/ncas/analysis-reports/AR19-133A
Sensitivity: Internal
Configuration Matters – Have You Audited Yours?2019 (C) Bizwit LLC 24
Sensitivity: Internal
Threat management + Forensics2019 (C) Bizwit LLC 25
Sensitivity: Internal
2019 (C) Bizwit LLC 26
Description Contractor Amount
Cisco Security Incident Response Services CDW-G $60,000
Surge Support Staff Augmentation Mosaic451 $60,000
Emergency Incident Response Services Secureworks $650,000
Advisory Services for Cyber Incident Response Ernst & Young, LLC $600,000
Microsoft Cloud, Client Stack Design and Build,
and Pro Services for Azure Active Directory,
System Center, and Windows 10
Fyrsoft $730,000
Crisis Communications Services Edelman $50,000
Development and Deployment of BenchmarkPioneer
Technology Group$124,000
Microsoft Azure Cloud Engineering, Development,
and Migration Professional ServicesAirnet Group, Inc. $393,328
Forescout Counter ACT System CDW Government $376,240
http://procurement.atlantaga.gov/awarded-emergency-procurements/
Atlanta ransomware cleanup $2.6 M +Total cost $17 M +
Sensitivity: Internal
If a man isn't willing to take some risk for his opinions, either his opinions are no good or he's no good.
Ezra Pound, poet
Robert Brzezinski CHPS, CISA, CISM
Security Architecture in Cloud First Organization –Microsoft example
2019 (C) Bizwit LLC 27
Sensitivity: Internal
If a man isn't willing to take some risk for his opinions, either his opinions are no good or he's no good.
Ezra Pound, poet
Robert Brzezinski CHPS, CISA, CISM
Security Architecture in Cloud First Organization –Microsoft example
2019 (C) Bizwit LLC 28
Nearly half of the security risk that organizations face, stems from having multiple security vendors and products.
Cisco: 2018 Annual Cybersecurity Report
