Upload
megan-norman
View
215
Download
1
Tags:
Embed Size (px)
Citation preview
Microsoft – "an insider's view"CISO Council 2008Asif JinnahMicrosoft IT – United Kingdom
Security Challenges in an ever changing landscape
Evolution of Security Controls: Microsoft’s Secure Anywhere Access Concepts & Solutions
Infrastructure Solutions to safeguard Microsoft's flexible workforce
Objectives and Agenda
The Microsoft Environment
129,000 e-mail accounts9.5 million remote connections/month
5+ million internal e-mails daily
3,000 internal applications
6 billion IMs per month
435 million unique users
29 billion e-mails sent per day
Leading Edge Technology on an Enterprise Scale
280 billion page views per day
• Others may manage your network and data centers
• Software plus Services [SaaS] augmenting traditional IT – data and applications hosted remotely
• Increasingly complex granular partner access controls
• Traditional Perimeter security is not sufficient alone
• Emergence of new technology enablers
• Always remote employees• Flexible definition of the
“office”• Corpnet access from customer
sites
• Data is walking out the front door• Laptops, USB drives, cellular
network cards, Smart Phones/PDAs
• Malware and spyware for everyone
Information Security Landscape
Mobile Workforce
Mobile Technology
Globalization &
Outsourcing
Reperimeterization of the network
...the visible and the invisible
Con
trol
Evolu
tion
Evolution Of Security Controls
TransportEnable deep inspected
transport as needed
NetworkProvide connectivity and WAN
optimization
ApplicationEnsure application integrity
HostProtect hosts from malware
and attacks
DataProtect data in storage,
transit, and use
Many are protecting their hosts and data here
We should be protecting our hosts here
And protecting our data here
Protecting Host And Data Now A Reality
ApplicationsandData
X
XXTrusted, compliant machine; with
malware
Trusted, compliant, healthy machine
Untrusted machine
Trusted, non-compliant machine
Compliant but Untrusted machine
SSL VPN
– Gra
nular A
cces
s
Access to data and applications is restored
once NAP remediates the client
Corporate Network
Business Partner
Behind customer firewall
Layer 7 VPN Gateway
Compliant Client
Compliant Client
IPsec/IPv6
IPsec/I
Pv6
Down-level Client
SSL-VPN
SSL-VPN
SSL-VPN
All Corpnet ResourcesDual Protocol (IPv6/IPv4)
Non-Compliant
Clients
Office PC
VPN w
ith
Mobile
Device
User with mobile device
Internet
Security for a flexible workforce
Degrees of Client Management
IPsec boundaryCreates Secure Net environment
Remote access clients/dial-up
Workgroups
Labs
All Devices
~330,000
Unique management challenges
Secure Net Devices
~270,000
Devices managed through SMS/SCCM~265,000
~16,000 servers
IPsec
9
The Security Life-CycleNetwork Security
• Monitor, Detect, Respond• Attack & Penetration• Technical Investigations• IDS and A/V
Assessment & Governance• InfoSec Risk Assessment• InfoSec Policy
Management• Security Architecture• InfoSec Governance
App Consulting & Engineering• End-to-End App
Assessment & Mitigation• Application Threat
Modelling• External & Internal
TrainingEngineering & Engagement• Engineering Lifecycle• Process & Methods• Secure Design Review• Awareness &
Communication
Identity & Access Management• IdM Security Architecture• IdM Gov & Compliance• IdM Eng Ops & Services• IdM Accounts & Lifecycle
Compliance• Regulatory Compliance• Vulnerability Scanning &
Remediation• Scorecarding
Respond Define
Assess
DesignOperate
Monitor
Secure & Easy Anywhere Access Vision
“Security is the fundamental challenge that will determine whether we can successfully create a new generation of connected experiences that enable people to have anywhere access to communications, content and information”
- Bill Gates
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
James Burns – No Slides
Paul MacKinnon - Slides to be emailed post event