Global scale with Microsoft Azure Scenarios Achieving high availability with Microsoft Azure Demos.
INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure...
Transcript of INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure...
![Page 1: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/1.jpg)
![Page 2: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/2.jpg)
PA
GE
2
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.WWW.CONSALTA.SI
INTRODUCTION TO THE AZURE SECURITY SCENARIOS
AZURE SALES STAR PROGRAM IN CEE
IGOR SHASTITKO
FEB 2017
![Page 3: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/3.jpg)
PA
GE
3
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Every business deserves an opportunity to grow! We support IT companies at growing their business
in the Cloud. We are the Cloud Business Enablers!
About Consalta
1000+ CLIENTS
200+ ONSITE ENGAGEMENTS
180+ WEBINARS
40+ COUNTRIES
4,84 RATING
CONSALTA
![Page 4: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/4.jpg)
PA
GE
4
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
• Senior Infrastructure/
Security Consultant
• Microsoft Partners
• Microsoft Learning
Centers
• Microsoft MCS
• Computer Science
• MCSE/MCT
• Geek
• Family
• Video Blogging
• Gadgets & technologies
ROLE WORK
BACKGROUND PLEASURE
IGOR SHASTITKO
![Page 5: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/5.jpg)
PA
GE
5
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Azure Sales Star program – Sessions – 11AM (CET)
FEB 6, 2017
AZURE SECURITY
SCENARIOS -
OVERVIEW OF MAIN
SCENARIOS FOR
SECURITY PROJECTS
FEB 9, 2017
NEW PARTNER
OPPORTUNITIES TO
PLAN CLOUD/HYBRID
IDENTITY PROJECTS
FEB 13, 2017
FINE-TUNE THE
DETAILS OF PLANNING
HYBRID IDENTITY
PROTECTION
FEB 16, 2017
PROVIDE A FULL
MANAGEMENT
EXPERIENCE FOR
HYBRID
INFRASTRUCTURE
FEB 20, 2017
SECURE MOBILE USERS
PLANNING: MOBILE
DEVICE MANAGEMENT
(MDM) SCENARIOS
COMPARISON
FEB 23, 2017
IMPLEMENTING
MICROSOFT INTUNE
TO MDM
FEB 27, 2017
PLANNING DATA
ACCESS &
PROTECTION IN
HYBRID
INFRASTRUCTURE
MAR 2, 2017
PLANNING HYBRID
DATA PROTECTION AT
THE FILE LEVEL
MAR 6, 2017
PLANNING AZURE
INFRASTRUCTURE
SECURITY
MAR 9, 2017
PLANNING AZURE
INFRASTRUCTURE
SECURITY – DATA
PROTECTION IN
AZURE
![Page 6: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/6.jpg)
PA
GE
6
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Agenda for the following 45’
Customer Case Studies
& Good Practices
Cloud Security Solutions
& security projects’ pillars
What is next
Webinars and resources
Security Threats
overview
![Page 7: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/7.jpg)
PA
GE
7
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Modern Security Threats
1. THE RESEARCH
2. NEW IDEAS
3. THE GAP
4. THE PLAN
5. THE CHANGE
6. THE
EVALUATION
![Page 8: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/8.jpg)
PA
GE
8
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
ARE CLOUD SOLUTIONS PROTECTED ?
THE MAIN QUESTION
![Page 9: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/9.jpg)
PA
GE
9
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Microsoft, Cloud Security Architecture
![Page 10: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/10.jpg)
PA
GE
10
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
ATTACKS AGAINST CLOUD ADMINISTRATORS
Targeted attacks against on-premises and
cloud infrastructures alike often focus on IT
administrators. The intent is to take control
of an email account that has a high
probability of containing credentials that
can be used to gain access to the public
cloud administrator portal.
PIVOT BACK ATTACKS
A pivot back attack occurs when an
attacker compromises a public cloud
resource to obtain information that they
then use to attack the resource provider’s
on-premises environment. Public facing
endpoints in the cloud are often under
constant brute force attack through
protocols such as Remote Desktop
Protocol (RDP) and Secure Shell (SSH).
New types of threats can be related to characteristics of the public cloud only, or to issues introduced
by connectivity between on-premises environments and the public cloud.
Threats against cloud deployments and infrastructure
https://www.microsoft.com/security/sir/default.aspx
![Page 11: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/11.jpg)
PA
GE
11
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
The cyber kill chain is a model defined by analysts at Lockheed Martin to aid decision making with
regard to detecting and responding to threats
The cyber kill chain: On-premises and in the cloud
https://www.microsoft.com/security/sir/default.aspx
![Page 12: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/12.jpg)
PA
GE
12
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Cloud Security Solutions & security projects’ pillars
overview
1. THE RESEARCH
2. NEW IDEAS
3. THE GAP
4. THE PLAN
5. THE CHANGE
6. THE
EVALUATION
![Page 13: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/13.jpg)
PA
GE
13
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Cloud Solutions’ weakness pillars/modern threats
• Azure IaaS is same to
customers local infra in
terms of vulnerabilities
• And it is not only about
VMs/LOBs protection, it is
also about new INFA
protection against modern
threats
INFRASTRUCTURE
• Get admin access/”gold
admin” is most used
hackers practice against
organisations
• “Cloud globalisation” of
identity systems and
accounts helps to use this
breach more effectively
• Requirements of the business demand more mobility from employees
• All confidential mobile data on user devices is potential threat for loss or disclosure
• BYOD/unmanaged devices is thread for customer infra and identity
IDENTITY MOBILITY
“IAAS” IS NOT MEAN SECURE MOST USED PRACTICE LOST DEVICES, BYOD
![Page 14: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/14.jpg)
PA
GE
14
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
MANDATORY ACTIONS
Start to discuss this topics with customers in any hybrid/public cloud Azure IaaS project
Azure Security Infrastructure
• Admin access protection in Azure IaaS
• Azure IaaS virtual networks/network access
protection to Azure IaaS
• Data protection in Azure
• Antivirus/antimalware protection in Azure
IaaS
• Monitoring of security for Azure IaaS, VMs,
hybrid infra
![Page 15: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/15.jpg)
PA
GE
15
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Admin access protection
• Hybrid Identity solution/project
• Modernization of existing local identity infrastructure with modern technologies, e.g. authentication silos, Microsoft ATA etc.
• Modernization of existing administration procedures, processes and on-premises admin account protection (PAW)
• Planning Role Based Access Control (RBAC) and procedures in general
![Page 16: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/16.jpg)
PA
GE
16
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Safe and extend your Network Engineers experience with Azure Projects
Virtual Networks protection in Azure
• Remote Access to
IaaS/VMs & hybrid
connections solutions
• Network architecture and
Network Security Groups
planning in Azure IaaS
• VM network security audit
• Virtual Network Security
Appliances – well known
network security solutions
in Azure Marketplace
![Page 17: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/17.jpg)
PA
GE
17
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Build the customer trust to store data in Azure
Data protection in Azure
• Help customer to understand data protection and encryption in Azure IaaS
• Azure Key Vault/BYOK discussion
• Plan, Design & Implement VMs/Storage/SQL encryption
• StorSimple as the part of solution
![Page 18: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/18.jpg)
PA
GE
18
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
The Fundamental of any Cloud project
Hybrid Identity Protection
• Azure AD B2B/B2C solutions for easy connection
• Microsoft AD DS/Azure AD hybrid identity implementation
• Single sign-on, AD FS etc.
• Identity Infrastructure protection with Web App Proxy/Azure App Proxy
• Multifactor authentication with Azure AD Premium, Device registration and hardening
• Monitoring of Azure AD/Identity Protection
![Page 19: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/19.jpg)
PA
GE
19
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Unprotected/unmanaged mobile devices is high threat for any infrastructure
Mobile Device Management
• Help to select right MDM solution for customer – Office 365/Intune + hybrid identity
• Intune deployment design, planning and implementation
• Standard security policies for mobile devices implementation and audit
• Mobile devices’ “Hardening”, extend Intune functionality
• Deploy application to mobile devices
• Have SCCM specialist – let’s reuse their experience in hybrid MDM scenarios
![Page 20: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/20.jpg)
PA
GE
20
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Mitigate issues related to data leakage on mobile devices in on-premises an cloud infrastructure
Mobile Data Protection
• Modernization of existing local data
protection infrastructure with
Dynamic Access Control/
Conditional Access Control/ FCI
• Design, Planning and
Implementation mobile data
encryption and sync with Work
Folders
• Implementation of Windows
Information Protection for Windows
10 with Azure/Intune
• Mobile data protection with Azure
RMS/Information Protection
• Hybrid infrastructure data protection
project – RMS/Azure RMS Connector
![Page 21: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/21.jpg)
PA
GE
21
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Customer Case Studies
1. THE RESEARCH
2. NEW IDEAS
3. THE GAP
4. THE PLAN
5. THE CHANGE
6. THE
EVALUATION
![Page 22: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/22.jpg)
PA
GE
22
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
![Page 23: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/23.jpg)
PA
GE
23
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
![Page 24: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/24.jpg)
PA
GE
24
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
![Page 25: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/25.jpg)
PA
GE
25
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
What’s NEXT?
1. THE RESEARCH
2. NEW IDEAS
3. THE GAP
4. THE PLAN
5. THE CHANGE
6. THE
EVALUATION
![Page 26: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/26.jpg)
PA
GE
26
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Azure Sales Star program – Sessions
FEB 6, 2017
AZURE SECURITY
SCENARIOS -
OVERVIEW OF MAIN
SCENARIOS FOR
SECURITY PROJECTS
FEB 9, 2017
NEW PARTNER
OPPORTUNITIES TO
PLAN CLOUD/HYBRID
IDENTITY PROJECTS
FEB 13, 2017
FINE-TUNE THE
DETAILS OF PLANNING
HYBRID IDENTITY
PROTECTION
FEB 16, 2017
PROVIDE A FULL
MANAGEMENT
EXPERIENCE FOR
HYBRID
INFRASTRUCTURE
FEB 20, 2017
SECURE MOBILE USERS
PLANNING: MOBILE
DEVICE MANAGEMENT
(MDM) SCENARIOS
COMPARISON
FEB 23, 2017
IMPLEMENTING
MICROSOFT INTUNE
TO MDM
FEB 27, 2017
PLANNING DATA
ACCESS &
PROTECTION IN
HYBRID
INFRASTRUCTURE
MAR 2, 2017
PLANNING HYBRID
DATA PROTECTION AT
THE FILE LEVEL
MAR 6, 2017
PLANNING AZURE
INFRASTRUCTURE
SECURITY
MAR 9, 2017
PLANNING AZURE
INFRASTRUCTURE
SECURITY – DATA
PROTECTION IN
AZURE
NEXT
![Page 27: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/27.jpg)
PA
GE
27
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Azure Sales Star program - Resources
CHECK ALL THE SESSIONS AND
ANNOUNCEMENTS
https://partner.microsoft.com/pl-
pl/training/AzureSalesStarProgram#kic
k_off-session
…AND REGISTER SOON!
CHECK OUR LATEST THINKING –
AZURE SALES STAR BLOG
https://partner.microsoft.com/pl-
pl/training/azuresalesstarprogram/secu
rity-can-be-the-primary-reason-for-
cloud-adoption
…AND MORE TO COME!
![Page 28: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/28.jpg)
PA
GE
28
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
Brought to you by Consalta
1. THE RESEARCH
2. NEW IDEAS
3. THE GAP
4. THE CHANGE
5. THE PLAN
6. THE
EVALUATION
![Page 29: INTRODUCTION TO THE AZURE SECURITY …note.microsoft.com/rs/578-UYY-044/images/CONSALTA... · azure security scenarios - overview of main scenarios for security projects feb 9, 2017](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b65f93b7f8b9a851e8c9577/html5/thumbnails/29.jpg)
PA
GE
30
AZURE SALES STAR PROGRAM WWW.CONSALTA.SICopyright © Consalta Ltd.
DAVID BALAZICe: [email protected]
m: +386 31 699 622
Skype: davidb-consalta
Thank you for your attention!
SAMO
KANELLOPULOSe: [email protected]
m: +386 41 781 761
Skype: samok-consalta
IGOR SHASTITKOe: [email protected]
m: +421 949 88 78 36
Skype: iwalker2000