Transforming Government With The Microsoft Trusted...
Transcript of Transforming Government With The Microsoft Trusted...
TransformingGovernmentWithTheMicrosoftTrustedCloud
ChrisNiehausSr.Director,Trusted&NationalCloudMicrosoft
Cloudmomentumcontinuestoaccelerate
“By2020,acorporate‘no-cloud’policywillbeasrare asa
‘no-internet’policyistoday”1
“Thequestionisnolonger:‘HowdoImovetothecloud?’Instead,it’s‘NowthatI’minthecloud,howdoImakesureI’ve
optimized my investmentandriskexposure?” 2
“By2020cloudswillstopbeingreferredtoas‘public’and
‘private’.Itwillsimplybethe way business is done andIT
isprovisioned.” 3
1Gartner:SmarterwithGartner,WhyaNo-CloudPolicyWillBecomeExtinct,February2,20162KPMG:2014CloudSurveyReport,Elevatingbusinessinthecloud,December10,20143IDC:IDCMarketSpotlight,CloudDefinitionsandOpportunity,April2015
2
cloudcloud
Security&management
Security&management
Data&intelligence
Data&intelligence
ApplicationinnovationProductivity
Productivity
Businessapps
Businessapps
Applicationinnovation
Security&management
Data&intelligence
Productivity
Businessapps
Applicationinnovation
MicrosoftCloud
MicrosoftCloud
JourneytotheCloud
Office365 Dynamics365 Azure EnterpriseMobility+Security
OperationsMgmt.+Security
CortanaIntelligence
Global|Trusted|Hybrid
3
TRANSPARENCY
SECURITY
OURCOMMITMENTTOYOU
COMPLIANCE
PRIVACY&CONTROL
AVAILABILITY
4
1
2
34 5
Top 5 Customer Requirements Related to Trust
Compliance&dataresidencyakeyfactorincloudadoption
Compliancewasrankedthesecondinregardstoimportancetocloudtrust
3000customerswereaskedtoranktheirtop20requirementsrelatedtocloudtrust
1 2 3
Securityandprivacyarestatedmostimportantconsiderationswhilecompliancedrivesbehavior
5
Source:PennSchoenBerland,TrustedCommercialCloud(CloudBDM,ITDM,DevDM),May2016
Aproviderthatusesstrongsecuritymeasuresandstate-of-the-arttechnologyandprocessestosafeguardyourdatafrom…
Aproviderthathasindustrystandardsecurityprotocolstosafeguardyourdatafromhackersandunauthorizedaccess...
Aproviderthatfollowsclearprivacyprinciplesresponsibly,andpreventsanyoneoutsideofyourorganizationfromview…
Aproviderthathelpsensurethatyourorganizationiscompliantwithapplicablelaws,regulationsandkeyinternational…
Aproviderthatensuresproperdatagovernancewithbackgroundchecks,citizenshipchecks,anddataresidency…
1 2 3 4 5
Top 5 Most Important Needs from a Cloud Service Provider
Inadditiontosecurityandprivacy,complianceanddataresidencywereinthetopfivemost
importantneeds
639USGovernmentcustomerswereaskedtoranktheirtop20mostimportantneedsfroma
cloudservicesprovider
1 2 3
Security&compliancetopUSGovernmentcustomerneeds
6
Source:PennSchoenBerland,TrustedUSGovernmentCloud(CloudBDM,ITDM,DIBs),May2016
Microsoftcloudmodels
7
Inadditiontoourglobalandsovereignofferings,Microsoftpartnersoffermanycloudservicesthattheyhostandoperate,Microsoftproductscanbedeployedincustomersowndatacenters,andhybridcloudoptionsprovidecustomerswiththeultimateflexibility.
Global
Offeredacrossallmajorgeographicregions*
Hyper-scale,globallyconnectedcloudservices.Includesmultiplegeographiesaddressingspecificdataresidencyandcompliance
requirements
Sovereign
ExamplesInclude:USGovernment,Germany,andChina*
Hyper-scalecloudservices,isolatedfromglobalcloudservices.Deployedfromlocaldatacenterstomeetuniquerequirements
ofaspecificmarket.
*Fordataresidencydetails,seehttp://azuredatacentermap.azurewebsites.net/.MicrosoftCloudGermanydatatrusteeservicesprovidedbyT-systems.Chinadatacentersoperatedby21Vianet.
Microsoftinfrastructureinvestments36Cloudregionsworldwide
8
CentralUS
EastUS
NorthCentralUS
BrazilSouth
WestEurope
JapanEast
SouthIndia
SoutheastAsia
AustraliaSoutheast
AustraliaEast
CentralIndia
WestIndia
JapanWest
EastAsia
ChinaWest1
NorthEuropeGermanyNortheast2CanadaEast
CanadaCentral
SouthCentralUS
ChinaEast1
GermanyCentral2KoreaSouth3
EastUS2
KoreaCentral3
UnitedKingdomWest
UnitedKingdomSouth
WestCentralUSUSGov
USGov
USDoDEast3
USDoDWest3
France3
France3WestUS
WestUS2
100+datacentersOneof3largestnetworksintheworld1Chinadatacentersoperatedby21Vianet2GermandatatrusteeservicesprovidedbyT-systems3France,SouthKoreaandUSDoDdatacenterregionshavebeenannouncedbutarenotcurrentlyoperational
Sovereigndatacenters
Globaldatacenters
MicrosoftGlobalDatacenters&Infrastructure(video)
• Thisisahiddenslide.Thenextslideisanembeddedvideo.Innormalmodeitwillappearasjustablackslide.Wheninpresentationmode,thevideowillappearfullscreenin1080pHD.
• Forthisvideotobelinkedyoumusthaveclicked“enablecontent”ifyoureceivedasecuritywarningwheninitiallyopeningthispresentation.
• Youmayneedtowaitafewsecondsforthevideotoload.AsthevideoishostedonYouTube,YouTubemayseeadjusttheresolutionduetonetworklatency.Usuallythisresolvesitselfwithin15-20secondsasthevideoisabletocacheonyourlocalmachine.
• Werecommendyoutestthevideolinkonthesystemyouarepresentingonprioryouyourpresentation.
• ThedirectURLforthevideois:https://youtu.be/bqZrejosqWU
9
InvestmentstoaddressbusinessandregulatoryneedsCloudgeo-expansionhelpsaddresssomecommoncloud‘blockers’formanyindustriesandmarkets
Specificcompliancecertificationsunblockwhatwereonceonlyonpremisesapps/workloadsEx:FedRAMP HighCompliance
Localdatacentersallowcustomerdataatresttobekeptwithinageography,enablingcustomerstohelpmeetlocaldataresidencyrequirements
DataResidency
LocaldatacenterscanhelpreduceAzurelatencyfordevelopersandpartners,fuelinglocalinnovationPerformance
ForupdatedcomplianceinformationvisittheMicrosoftTrustCenter.Fordataresidencydetails,seehttp://azuredatacentermap.azurewebsites.net/.
11
Industry’slargestcomplianceportfolio
ArgentinaPDPA
CanadianPrivacyLaws
CDSA ChinaGB18030
ChinaMLPS ChinaTRUCS CRS CSACCM CSMark(Gold)
DIACAP DISA
ENISAIAF EUModelClauses
EU-U.S.PrivacyShield
FACT FDACFRTitle21Part11
FedRAMP FERPA FIPS140-2 FISC FISMA GxP
HIPAA/HITECH
IRAP(CCSL) IRS1075 ISO/IEC27001 ISO/IEC27017 ISO/IEC27018 ITAR JapanMyNumberAct
MARS-E MPAA MTCS
NIST800-171 NZCCFramework
Section508VPATs
SOC1 SOC2 SOC3 SpainENSPCI-DSS UKG-CloudSHAREDASSESSMENTS
Microsoftismeetingcustomerneedswiththeindustry'slargestcomplianceportfolio
12
CJISMicrosoftAzureGovernment,MicrosoftOffice365U.S.Government,andMicrosoftDynamicsCRMOnlineGovernmentadheretotheCJISSecurityPolicy,requiredtoaccesstheFBI'sCriminalJusticeInformationServices(CJIS)databasethroughthecloud.
DISABasedonFedRAMPauthorizations,theDefenseInformationSystemsAgencyCloudServiceSupporthasgrantedanImpactLevel4ProvisionalAuthorization(PA)foroneMicrosoftenterprisecloudservice,andanImpactLevel2PAforothers.
FDA CFR Title 21 Part 11MicrosofthelpscustomerscomplywithUSFoodandDrugAdministrationCodeofFederalRegulationsTitle21Part11,whichdetailssecurityrequirementsfortheelectronicrecordsofcompaniesthatsellfoodanddrugsintheUnitedStates
FedRAMPBasedonFedRAMPauthorizations,theDefenseInformationSystemsAgencyCloudServiceSupporthasgrantedanImpactLevel4ProvisionalAuthorization(PA)foroneMicrosoftenterprisecloudservice,andanImpactLevel2PAforothers.
FERPAMicrosoftenterprisecloudservicesalignwiththerequirementsoftheFamilyEducationalRightsandPrivacyAct,aUSfederallawthatprotectstheprivacyofstudents’educationrecords.
FIPS 140-2MicrosoftcertifiesthattheunderlyingcryptographicmodulesusedinMicrosoftproducts,includingMicrosoftenterprisecloudservices,complywiththeFederalInformationProcessingStandardPublication140-2,aUSgovernmentstandard.
HIPAAMicrosoftenterprisecloudservicesoffercustomersaHealthInsurancePortabilityandAccountabilityActBusinessAssociateAgreementthatstipulatesadherencetoHIPAA,whichregulatespatientProtectedHealthInformationintheUS.
IRS 1075MicrosoftAzureGovernmentandMicrosoftOffice365GovernmentcloudservicesprovideacontractualcommitmentthattheyhavetheappropriatecontrolsinplacetomeettherequirementsofUSInternalRevenueServicePublication1075.
ITARAzureGovernmentsupportscustomersbuildingITAR-capablesystemsonAzureGovernment.
Section 508 VPATMicrosoftcloudservicesofferVoluntaryProductAccessibilityTemplates,astandardizedformdocumentingwhetheraproductmeetstheaccessibilityrequirementsofSection508,anamendmenttotheRehabilitationActof1973.
CommitmenttogovernmentcompliancestandardsMorethanjustadheringtocompliancestandards,Microsofthasbeenactivelyengagedindesigningandtestingcompliancestandards,establishingitselfasanintegralpartofthegovernmentassuranceandsecurityecosystem.Microsoftmaintainsacontinuousand rigorouscomplianceroadmap
Note:Tolearnmoreaboutin-scopeservicesandadditionalrequirements,pleasevisitMicrosoftAzureTrustCentercompliancebyservice
13
17
3 6
0
MQ
lea
der
quad
rant
s
Competitor1 Competitor2 Competitor3
Themosttrustedcloudformission-criticalgovernmentworkloadsAfewexamplesofhowtheMicrosoftcloudisenablinggovernment
15
“BoththeCOPappandthecloud-basedbody-worncamerasenableustoengagewithpeopleinamoretransparentway.Theyarehelpingusbuildtrustwhilealsosupportingtheworkwedoinpreventingandsolvingcrime.”
JuanJPerezDirectorMiamiDadePoliceDepartment
16
“ForMemphisPoliceDepartmentwedeliveredthefastandscalableGetacVeretosEvidenceManagementSystemthatsupportsCJISsecuritypolicies.Inmanycases,datamovesseamlesslyfromtheofficerandthevehicledirectlytotheAzureGovernmentCloud.Thisstreamlined,securehostedmodeleliminatesmanyofthehiddencostsandprocessesassociatedwithrunninganinternalnetworkinfrastructure.”
ScottShainmanPresident– NorthAmericaGetac
17
“MicrosoftAzureiswellknownforitsindustry-leadingsecurityandreliabilityand,withit,wecanprovidethemostsecureandcompliantcloudcapabilitytoourcustomers.”
RickSmithFounderandCEOTASER
18
“Microsoft’s secureandtransparentcloudserviceintheUKfitsperfectlywiththeMoD’s digitaltransformationagenda,”.....“Thisagreement,whichis basedonMicrosoft’sworld-classreliabilityandperformance,willallowustodelivercost-effective,modernandflexibleinformationcapabilities.Itwillensurewearebetter-placedinourever-changing,digital-firstworld.”
MikeStoneChiefDigitalandInformationOfficerUKMinistryofDefence
19
“HavingtheoptiontostoredatalocallywillallowustotakeadvantageofnewopportunitiestoutilizetheMicrosoftUKAzurePlatform anditisreassuringtoknowthatourTrust’scoredata,thatwecreateandmanage,staysintheUK.Forus,theMicrosoft’sUKcloudregionmeansthatdemonstratingregulatoryandlegalcomplianceissimpler.ThebottomlineiswetrustMicrosoft.”
StephenDochertyCIOSouthLondonandMaudsleyNHSFoundationTrust
20
LosAngelesPoliceDepartment
“MicrosofthasexceededtheLAPD'sexpectationsinthisregardbytakingonthedifficultrequirementsoftheCJISregulatoryregimeandmeetingthemhead-on.”
Sanjoy Datta, Information Security Officer