Mitigating Customer Risk with the Cybersecurity SAM EngagementNorm BarberManaging Director, UnifyCloud LLC

SAM05

Don MorrisonDirector US SAM and Compliance, Microsoft

Today’s agenda

“The Pitch”Value propositionFor SAM partnersFor customers

EngagementToday’s threat landscapeConducting the engagement

Go do’s / Ramp upQ&A

Cybersecurity SAM Engagement – “The Pitch”Cybersecurity SAM Engagement proposal discussionDon Morrison, “CIO for Litware”Norm Barber, “A SAM Partner with a Cybersecurity & Cloud competency”

BackgroundLitware is a mid-sized company; 871 PCs, 213 Physical Servers, 264 VMsThey are thinking about the key drivers of IT transformation – Cloud, Social, Mobile and Big DataWhile not an adversarial relationship with Microsoft, Litware is concerned about the financial impact of a True-up. Security is a concern, but Litware is not under regulatory requirements and believes much of their Security challenges go away as they migrate to the Cloud.

Let’s listen in on the discussion…

The Pitch

“The CIO” “The SAM Partner”

CIO and SAM partner discussionIsn’t this just another way for Microsoft to get data for a True-Up?

A Cybersecurity assessment? Is that like a pen test? What is in it for me?

What’s the big deal with Cybersecurity, we are not big or famous like Sony or the US Federal Government after all?

We are moving to the cloud, doesn’t that just solve all this Cybersecurity nonsense?

You are a licensing guy, why are you suddenly qualified to be a Cybersecurity SME?

Answers are contained in the deck that can be downloaded.

SAM Cybersecurity value propositionFor SAM partners:• Take advantage of a Cybersecurity SAM

Engagement as one step towards having a discussion about larger customer opportunities (e.g., O365/Azure, Core IO, Migration to latest OS, Systems Center)

• Broaden the value of a SAM engagement by providing data that can be rationalized against other internal data so the customer receives a more integrated view of their environment.

• Develop a long-term trusted advisor relationship by establishing credibility and demonstrating customer-focused problem solving.

• Highlight the overall benefits of incorporating SAM best practices within the organization.

• Increase customer satisfaction by helping your customers solve critical business challenges.

SAM Cybersecurity value propositionFor customers:• A foundation for securely managing software

assets and promoting good Cybersecurity hygiene in a holistic, integrated way.

• A view of the software estate can prepare a resilient IT infrastructure that can respond to threats, and meet their agreement obligations.

• Added policies and controls help ensure that a secure IT infrastructure within the organization provides an effective defense against attacks.

• Minimizing cyber risks helps organizations decrease costs from data loss, fraud from theft, loss in revenue, labor, support, employee downtime, cost to locate and reinstall lost data, customer support, and negative reputation.

• A solid Cybersecurity program helps to accelerate the migration to the cloud and adoption of mobile.

Cybersecurity SAM Engagement - context

“Antivirus and security products are designed for and focus on protecting you from prevalent classes of in the wild… threats coming from criminals, thugs and digital mobsters. It is not designed to protect you from the digital equivalent of Seal Team Six. So if you're the guy that finds himself in the crosshairs… you're not safe.”

--F-Secure “News from the Lab”, May 30, 2012

Traditional IT Modern IT

Cybersecurity SAM Engagement - context“When discussing the importance of information security we’ve probably heard excuses such as ‘we’re too small to be a target’ or ‘we don’t have anything of value’, but if there is anything this report can teach us, is that breaches can and do occur in organizations of all sizes and across a large number of industries.”

-- TechRepublic - on the 2013 edition of Verizon’s Data Breach Investigations Report.

Script kiddies; Cybercrime Cyber-espionage; Cyber-warfare

Cybercriminals State sponsored actions; Unlimited resources

Attacks on fortune 500 All sectors and even suppliers getting targeted

Software solutions Hardware rooted trust the only way

Secure the perimeter Assume breach; Protect at all levels

Hoping I don‘t get hacked You will be hacked. Did I successfully mitigate?

Company owned and tightly managed devices Bring your own device, varied management

Cybersecurity SAM Engagement - context

Source: The Guardian“INFORMATION SECURITY BREACHES SURVEY 2014”

“There has been a significant rise in the cost of individual breaches. The overall cost of security breaches for all type of organizations has increased.”

“10% of organizations that suffered a breach in the last year were so badly damaged by the attack that they had to change the nature of their business.”

Specifically, for small businesses:• 60% had a security breach• 59% expect there will be more security incidents

next year• 33% were attacked by an unauthorized outsider• 45% had an infection from viruses or malware• 31% of the worst breaches were caused by

human error • 70% keep their worst security incident under

wraps. So what’s in the news is just the tip of the iceberg.

Key observations:1. While the number of breaches has decreased,

the scale and cost has nearly doubled.

2. The investment in security as part of total IT budget is increasing across all sectors.

3. There has been a marked increase in spending on IT Security in small businesses.

4. Risk-based decisions are being made about the introduction of mobile devices.

OS Currency: Cybersecurity protection

The reality is that businesses are far more exposed running outdated and unpatched client and server operating systems:• Windows XP is 21 times more likely to be

infected by malware than Window 8 • Windows 7 is 6 times more likely to be

infected by malware than Window 8

Running pirated software makes the situation even worse. Criminals embrace pirated software because it is:• Lucrative• Spreads malware• Less risky and has a low barrier to entry

As a result, one out of three computers with counterfeit software installed will be infected by malware.

Cybersecurity: A cloud accelerator

Cloud

Over 80% of new apps were distributed or deployed on clouds in 2012

70% of organizations are either using orinvestigating cloud computing solutions

• Designed for Security from the ground up; Azure development adheres to Microsoft’s SDL.

• Adheres to a rigorous set of Security controls that govern operations and support.

• Deploys a combination of preventive, defensive, and reactive controls.

• Tight access controls on sensitive data, includingtwo-factor authentication to perform sensitive operations.

• Controls that enhance independent detection of malicious activity.

• Multiple levels of monitoring, logging, and reporting.

• A global, 24x7 incident response service that mitigates attacks and malicious activity

Cybersecurity SAM Engagement: Step 1

Gather preliminary information about the existing environment, future goals, and security concerns

Security considerations

Applications, OS, and data security

Infrastructure

People

Organizational profile

Environment

Cybersecurity Concerns

Basic information about the organization

Match installations with licenses

Cybersecurity Engagement: Step 2

After establishing an organization’s goals and objectives, the next step is to complete a software review…

Inventory deployed software

...build a detailed report on your current state

Microsoft

A cybersecurity assessment of an IT organization will be conducted.

Cybersecurity Engagement: Step 3A Cybersecurity Assessment will assess the current status using generally accepted security controls. The assessment will cover topics such as: • Authorized and unauthorized devices• Authorized and unauthorized software• Secure configurations for hardware and software• Malware defenses• Application software security

Increasing the efficiency of each control raises the success rate of the defenses in the environment.

Cybersecurity SAM Engagement - Deliverables

The recommended

set of deliverables (required for Incentive SOW)

include:

Executive Overview Report (PPT)  • This report contains and Executive

Summary, summary of project background and scope, engagement results, recommendations and next steps.

Microsoft Deployment, Usage and Entitlement Analysis Reports:• The Established Deployment Position

(EDP) spreadsheet• The Effective License Position (ELP)

spreadsheet

Licensing Optimization Recommendations Report

Cybersecurity Assessment Report 

Licensing Optimization Recommendations Report

Cybersecurity Assessment: Using license dataExample: Litware inventory data uncovered additional Cybersecurity risk

Assessment finding:

Windows Server 2003 has been discovered in the Litware IT infrastructure and support is scheduled to end on July 14, 2015 after which time no further support will be provided by Microsoft including security patches.

This brings to Litware elevated risk from data loss or malicious attacks, future problems of incompatible software that may not run on Windows Server 2003, and problems meeting certain regulatory requirements that require fully supported systems.

Cybersecurity Assessment Report - foundation Built on the Center for Internet Security’s Critical Security Controls (v5.1) AND the use of licensing data from a toolset like MAP

11. Limitation and Control of Network Ports, Protocols and Services

12. Controlled Use of Administrative Privileges

13. Boundary Defense

14. Maintenance, Monitoring, and Analysis of Audit Logs

15. Controlled Access Based on the Need to Know

16. Account Monitoring and Control

17. Data Protection

18. Incident Response and Management

19. Secure Network Engineering

20. Penetration Tests and Red Team Exercises

1. Inventory of Authorized and Unauthorized Devices

2. Inventory of Authorized and Unauthorized Software

3. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

4. Continuous Vulnerability Assessment and Remediation

5. Malware Defenses

6. Application Software Security

7. Wireless Access Control

8. Data Recovery Capability

9. Security Skills Assessment and Appropriate Training to Fill Gaps

10. Secure Configurations for Network Devices such as Firewalls, Routers, and Switches

Cybersecurity Assessment: Using license dataLeveraging inventory data that provides value beyond licensing is key

11.Limitation and Control of Network Ports, Protocols and Services

12.Controlled Use of Administrative Privileges13.Boundary Defense 14.Maintenance, Monitoring, and Analysis of

Audit Logs 15.Controlled Access Based on the Need to

Know 16.Account Monitoring and Control 17.Data Protection 18.Incident Response and Management 19.Secure Network Engineering 20.Penetration Tests and Red Team Exercises

1. Inventory of Authorized and Unauthorized Devices

2. Inventory of Authorized and Unauthorized Software

3. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

4. Continuous Vulnerability Assessment and Remediation

5. Malware Defenses 6. Application Software Security 7. Wireless Access Control 8. Data Recovery Capability 9. Security Skills Assessment and Appropriate

Training to Fill Gaps 10.Secure Configurations for Network Devices

such as Firewalls, Routers, and Switches

The CSC can be complex

Maturity Model Pivot

Details have been created in the SAM Cybersecurity Assessment guidance

BasicThe program is tactical at best and the risks of a Cybersecurity issue are significant.

StandardizedThe program is proactive and the risks of a Cybersecurity issue are moderate.

DynamicThe program is strategic and optimal and the risks of a Cybersecurity issue are minimal.

RationalizedThe program is holistic and fully operational and the risks of a Cybersecurity issue are limited.

Cybersecurity Assessment Report - contentsTable of contentsSAM Cybersecurity Assessment Report• Organization and IT Overview

SAM Cybersecurity Goals• Summary of Inventory Tools

Cybersecurity Summary• Critical Security Controls (v5.1)

Current Cybersecurity Maturity Findings and Recommendations• Current Cybersecurity Maturity Findings• Cybersecurity Future State and Recommendations

SAM Policies and Procedures for Cybersecurity

Current Cybersecurity maturity findingsUse the CSC as a framework to evaluate the maturity of each Control Domain

Cybersecurity future state and recommendations

Using the CSC Maturity Model, work with customer to chart the next step

SAM policies and procedures for CybersecurityThe sample report includes suggested “Good Practices” policies

SAM partner Ramp Up / Go Do’sTo seize the Cybersecurity SAM Engagement opportunity you should…Review the SAM Cybersecurity Engagement Kit and sample reports

Become familiar with the Critical Security Controls (v5.1)

Prepare to deliver a Cybersecurity Assessment by:• Obtaining your SAM competency• Training up a resource to be a credible Cybersecurity SME (e.g., pass CISSP)• Hiring a resource with Cybersecurity skills and certifications; or by• Partnering with Microsoft or a Microsoft Partner for deeper Cybersecurity expertise

SAM Cybersecurity resourcesCritical Security Controls (v5.1)Center for Internet Security: (http://www.cisecurity.org) Download Controls: (http://www.counciloncybersecurity.org/critical-controls)

Cybersecurity SAM Engagement support materials:Downloads for the Kit, sample reports and sample report development guidance:https://mspartner.microsoft.com/en/us/pages/licensing/software-asset-management.aspx#Cybersecurity

Microsoft SAM partner resourcesMicrosoft Partner Network: http://aka.ms/SAMCybersecurity Yammer: https://www.yammer.com/westerneuropesampartnertraininggroup

Key ServicesCybersecurity Risk AssessmentsProviding a current / future state analysis of Cybersecurity for a Hybrid IT environment (on-premises, Cloud, Mobile).

Data Center Modernization Reports (DCMRs)Using IT discovery tools, provide a roadmap for migrating to “Modern IT” using Office 365, SQL Database, and the Azure platforms.

Azure Application RefactoringStarting with a detailed Application Cloud Readiness Assessment (ACRA) and using our tools and offshore Azure resources, we evaluate, re-architect and remediate apps to run effectively in Azure.

Assessment, Remediation, and Monitoring Tools

CloudAssessor™Using IT inventory data from discovery tools like MAP, the Assessor tool creates a Data Center Modernization Report on what a Modern IT environment will look like once Office 365, SQL Azure and Azure platforms (IaaS / PaaS) are used.

CloudValidator™Using static code analysis, SQL scripts and configuration data, the Validator tool analyzes and recommends changes down to the code block level dramatically reducing remediation time even suggesting sample code to accelerate the remediation effort.  

CloudNavigator™Navigator serves as the repository for the suite of tools to allow Services settings and coding best practices to remain in sync in both the Dev/Test and production environments to minimize IT risk. Navigator is updated as Azure features and settings are enhanced.

CloudMonitor™Once applications are deployed into an Azure subscription, the Monitor tool scans Azure-based applications for out of compliance conditions against policy and standards as new Azure features are released, applications are upgraded, and Cloud IT policies evolve.

Accelerating Azure adoption and driving consumption in FY16 through migration and risk management tools and services.

As a Microsoft Cloud, Cybersecurity and SAM partner, UnifyCloud LLC has developed tools and related services focusing on the key sales motion scenarios for FY16 including:

• Transform the Datacenter

• Enable Application Innovation

• Unlock Data Insights

• Ensure IT Security & Controls

Meet me at the SAM lounge….

Tuesday, July 14: 11:30am-1:30pmTuesday, July 14: 5:00pm-6:00pmWednesday, July 15: 1:00pm-3:00pm

Questions?

Don Morrisondmorriso@microsoft.com

Norm Barbernormb@unifycloud.com

© 2015 Microsoft Corporation. All rights reserved.