Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)
-
Upload
microsoft-oesterreich -
Category
Technology
-
view
518 -
download
0
Transcript of Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)
![Page 1: Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)](https://reader035.fdocument.pub/reader035/viewer/2022062401/58ce7d191a28ab210a8b4c1b/html5/thumbnails/1.jpg)
04:11Mittwoch, 03. Mai 2023
Microsoft Trusted CloudSecurity, Privacy & Control, Compliance, Transparency
DI. Harald LeitenmüllerChief Technology Officer
Microsoft Österreich GmbH.
#ftAustria
![Page 2: Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)](https://reader035.fdocument.pub/reader035/viewer/2022062401/58ce7d191a28ab210a8b4c1b/html5/thumbnails/2.jpg)
Sind meine Daten sicher?
Gehören meine Daten mir?
Hab ich die Kontrolle?
Was bedeutet das Ende von Safe Harbor?
![Page 3: Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)](https://reader035.fdocument.pub/reader035/viewer/2022062401/58ce7d191a28ab210a8b4c1b/html5/thumbnails/3.jpg)
“The court of justice declares that the Commission’s US Safe Harbor Decision is invalid”
Press Release No 117/15
EU-US Privacy Shield
![Page 4: Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)](https://reader035.fdocument.pub/reader035/viewer/2022062401/58ce7d191a28ab210a8b4c1b/html5/thumbnails/4.jpg)
Private CloudKonsolidierte Daten
OperationenMICROSOFT SOLUTIONS
Windows ServerSystem Center
Windows Azure Pack
Microsoft Cloud Portfolio - EUROPE
4
Konsistente Platformen und Anwendungen | Eine einzige Management Konsole
Public Cloud “Europa”
Hohe Skalierung, Flexibilität und Kosteneffizienz
MICROSOFT SOLUTIONSMicrosoft Azure
Office 365Dynamics CRM Online
Public Cloud “Deutschland”Hohe Skalierung, Flexibilität und
Deutsche Datentreuhand
MICROSOFT SOLUTIONSMicrosoft Azure Deutschland
Office 365 DeutschlandDynamics CRM Online
Deutschland
Hybrid CloudSchritt in die Cloud
MICROSOFT SOLUTIONSRisk Assessment and Data
Governance services
![Page 5: Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)](https://reader035.fdocument.pub/reader035/viewer/2022062401/58ce7d191a28ab210a8b4c1b/html5/thumbnails/5.jpg)
Security Privacy & Control
Transparency Compliance
5
Unsere “Trust Principles”
New: https://trustportal.office.com
![Page 6: Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)](https://reader035.fdocument.pub/reader035/viewer/2022062401/58ce7d191a28ab210a8b4c1b/html5/thumbnails/6.jpg)
Readable customer data disclosed to a third party
Customer data disclosed to a third party
Accidental data spillage
1
1.1.1
1.1
Customer data is readable
1.2
AND
Data disclosure due to law enforcement /
intelligence request
1.1.2Deliberate compromise leading to disclosure of
customer data
1.1.3
Cloud service provider (CSP) infrastructure
compromised
1.1.3.1
Customer infrastructure compromised
1.1.3.2Compromise of systems outside cloud provider
or customer control
1.1.3.3
Customer data permanently lost
2
Disruption of cloud service
3
Threat Tree 1 : Overview
Threat Tree 3
Threat Tree 2
Threat Tree 4 Threat Tree 5
Threat Tree 6
Threat Tree 7
Root Risk Event
Conditions
Technical Controls
Process Controls
Legend:
Consumer Applied Control
![Page 7: Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)](https://reader035.fdocument.pub/reader035/viewer/2022062401/58ce7d191a28ab210a8b4c1b/html5/thumbnails/7.jpg)
Customer data is readable
1.2
Data is not encrypted
1.2.1
Encryption keys become known
1.2.2
Data is weakly encrypted
1.2.3
Encryption keys lost by the cloud provider
1.2.2.1
Encryption keys lost by the customer
1.2.2.2
Customer infrastructure compromised
1.2.2.2.1Breakdown in key
management enabling attacker access to keys
1.2.2.2.2
AND
Link: 1.1.3.2Threat Tree 5
Cloud provider infrastructure compromised
1.2.2.1.1Breakdown in key
management enabling attacker access to keys
1.2.2.2.2
AND
Link: 1.1.3.1Threat Tree 4
Protected Key Storage
Key Management
Practices
Protected Key Storage
Key Management
Practices
Encryption at Rest
Data Classification
Encryption in Transit
Cryptographic standards
Policy on Use of Cryptographic
Controls
Threat Tree 1.2 : Customer Data is Readable
Local Data Encryption
Root Risk Event
Conditions
Technical Controls
Process Controls
Legend:
Consumer Applied Control
![Page 8: Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)](https://reader035.fdocument.pub/reader035/viewer/2022062401/58ce7d191a28ab210a8b4c1b/html5/thumbnails/8.jpg)
8
Ihre Daten sind sicher Ihre Daten gehören Ihnen
Sie haben die Kontrolle
Encryption of all data at rest
Encryption of all data in transit
Enhanced event and admin / service access logging
Advanced security monitoring and threat management
Clear guidelines on data location
Greater transparency and simplicity of data use policies and choices
Data accessed only to improve customer experience
Law enforcement requests redirected to the customer
Notification of customers of lawful requests for information; challenging of gag orders
Ability of customers to hold encryption key and revoke Microsoft copy
Complete deletion of data on customer request and on contract termination
Customer choice of data location
Customer option to limit Microsoft access to data
Microsoft Trusted Cloud
![Page 9: Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)](https://reader035.fdocument.pub/reader035/viewer/2022062401/58ce7d191a28ab210a8b4c1b/html5/thumbnails/9.jpg)
Microsoft Cloud Verträge
MIOL(Microsoft
Irland)
Kunde in Österreich
European Economic Area (EEA)
EU Model Clauses*
Safe Harbor
Auftraggeber
Dienstleister
OST(Online Services
Terms)
EU-US Privacy Shield Betroffene
* vorab genehmigungspflichtig
Article 29 WP Letter: http://ec.europa.eu/justice/data-protection/article-29/documentation/other-document/files/2014/20140402_microsoft.pdf
![Page 10: Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)](https://reader035.fdocument.pub/reader035/viewer/2022062401/58ce7d191a28ab210a8b4c1b/html5/thumbnails/10.jpg)
EMEA Data Maps
http://o365datacentermap.azurewebsites.net/
![Page 11: Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)](https://reader035.fdocument.pub/reader035/viewer/2022062401/58ce7d191a28ab210a8b4c1b/html5/thumbnails/11.jpg)
Standardvertragsklausel für Online Dienste
![Page 12: Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)](https://reader035.fdocument.pub/reader035/viewer/2022062401/58ce7d191a28ab210a8b4c1b/html5/thumbnails/12.jpg)
Gibt es auch andere legale Möglichkeiten personenbezogene Daten in die USA zu senden?
Quelle: http://www.dsb.gv.at/site/6218/default.aspx
![Page 13: Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)](https://reader035.fdocument.pub/reader035/viewer/2022062401/58ce7d191a28ab210a8b4c1b/html5/thumbnails/13.jpg)
Compliance Externe Compliance- Gesetze, Verordungen, Regulierung, Verfahren
Customer Controls:Admin Kontrollfunktionen wie RBAC, Archiving, RMS, E-Discover, Encryption
Customer Controls:Admin Kontrollfunktionen wie Data Loss Prevention, Archiving, RMS, E-Discover
Interne Compliance- Interne Regeln & Architektur
Globale Compliance• Unterstützung von globalen Compliance Standards wie ISO 27001, ISO
27018, Safe Harbor, EUMC, HIPAA, FISMA,..
• Vertraglichen Zusicherung von Privacy, Security und sorgfältige Verarbeitung von Kundendaten durch Data Processing Agreements
Micr
osof
tCu
stom
er
![Page 14: Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)](https://reader035.fdocument.pub/reader035/viewer/2022062401/58ce7d191a28ab210a8b4c1b/html5/thumbnails/14.jpg)
Zertifizierung & EU Standardvertragsklauseln
Yes
![Page 15: Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)](https://reader035.fdocument.pub/reader035/viewer/2022062401/58ce7d191a28ab210a8b4c1b/html5/thumbnails/15.jpg)
ISO 27018 Standard für digital Privatsphäre in der Cloud
6 Prinzipien für Cloud Service Provide
1. Keine Datenverwendung ohne Zustimmung
2. Transparenz: Speicherort, Nutzung
3. Kunde behält Kontrolle über Datennutzung
4. Information über Rückgabe und Datenlöschprinzipien von Kundendaten
5. Breach Notification von personenbezogenen Daten
6. Unabhängiger Audit
![Page 16: Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)](https://reader035.fdocument.pub/reader035/viewer/2022062401/58ce7d191a28ab210a8b4c1b/html5/thumbnails/16.jpg)
Weiterführende LinksBrad Smiths Blog
The collapse of the US-EU Safe Harborhttp://blogs.microsoft.com/on-the-issues/2015/10/20/the-collapse-of-the-us-eu-safe-harbor-solving-the-new-privacy-rubiks-cubeA message to our customers http://blogs.microsoft.com/on-the-issues/2015/10/06/a-message-to-our-customers-about-eu-us-safe-harbor/
EU Article 29 WP Letterhttp://ec.europa.eu/justice/data-protection/article-29/documentation/other-document/files/2014/20140402_microsoft.pdf
Stellungnahme der öst. Datenschutzbehördehttp://www.dsb.gv.at/site/6218/default.aspx
Online Service Termshttp://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=31
Microsoft Cloud in Deutschlandhttp://aka.ms/MSCloudDE
Trust-Portal: https://trustportal.office.comTrust-Center: https://www.microsoft.com/en-us/TrustCenter/default.aspxMicrosoft Cloud Assurance: http://www.microsoftcloudassurance.com/
http://www.guara.org/
![Page 17: Microsoft Trusted Cloud - Harald Leitenmüller (Microsoft)](https://reader035.fdocument.pub/reader035/viewer/2022062401/58ce7d191a28ab210a8b4c1b/html5/thumbnails/17.jpg)
Ihre Daten sind sicher!
Ihre Daten gehören Ihnen!
Sie haben die Kontrolle!