ITPS203: The Batman Clause

Same3Guys IT Pro Show

Executive Summary:

John attended an invitation-only Microsoft event focused on cloud security and compliance. Sobering statistics on cyber attack trends and a vast array of topics you can’t afford to ignore when it comes to protecting your company’s brand and assets. We’ll recap.

 

Hosts: John KresicTom KresicMike Kresic

Running Time:

 

 

 

Microsoft Cloud event: Transparency and Trust, a Security and Legal summit

Hosted in Cleveland at Microsoft office on March 12, 2015

 

Topics Covered:

  1. Cyber Security and Cloud Trends, WW Chief Security Advisor Tim Rains
  2. How Microsoft Asst General Counsel uses Office365, Dennis Garcia
  3. Azure Tech Specialist Delbert Murphy on how Microsoft Cloud is secured
  4. MS-IT Principal Program Manager Maya Davis on Azure Adoption
  5. panel and lunch

 

Fun Facts:

  • 6B Bing queries/month, 2.4M emails/day for Hosted Exchange,  for 400M accounts on Outlook.com, 250M active OneDrive users, 48M Xbox accounts, 50B minutes/month of Skype, 90 markets ww
  • MSFT adopt cloud privacy standard ISO/IEC 27018
  • Independently verified. See Trust Center

 

Security highlights:

  • 243 DAYS to detect intrusion
  • Daily Breach costs are up 15%YoY to $3.5M/day
  • CEO scale problem now, at $3T lost productivity and growth
  • complexity: on-prem+cloud+hybrid at remote+at work+at home with work devices+personal devices+social media channels

 

 

Cloud Service Delivery Models

Top 10 Cloud Contract Terms

 

Forensics Lab: taking the fight to the cyber criminals (gov collab to take down botnets)

 

 

Legal Best Practices

Pre-contract framework of Transparency, Protect, Comply, Control

  • Transparency: who are the subs, who easy is an audit reports, DC pinning
  • Protect: who is the privacy regulator that validates, Batman clause (cybercrime fighting ability)
  • Comply: ISO 27001 and 27018; HIPAA and BAA;  FISMA; FERPA; CJIS
  • Control: your data ownership; what of 3rd party requests; law enforcement requests and reporting; sue others to protect YOU; (in1H2014, 5 Enterprise Customer requests from Law for 5 users were either rejected or redirected to the actual customer) (Ireland DC for US citizen is in court)

 

 

Regulatory & Compliance Controls

Azure specialist

  • Security of hard drives: Hotel California policy (never leave: shredded)
  • Defense in Depth: physical, network, Host Security, app sec, data sec;
  • IAM, configuration and vulnerability scanning, 24/7/365 Incident response

Intrusion Kill Chain

 

 

Event Calendar:

  • SEE US AT MICROSOFT IGNITE in Chicago May 3-8!

 

 

[box style=”quote”]Help Us Spread the Word!

Please let your Twitter followers know about this podcast. Simply click here now to post a tweet.

 

If you enjoyed this episode of IT Pro Show, please head over to iTunes, leave a rating, write a review and subscribe.

 

Subscribe to the ITPS podcast. It’s absolutely free!

 

 

                

[/box]