ISTSEC 2013 - Bulut Bilişim ve Güvenlik

Bulut Bilişim ve Güvenlik

The image part with relationship ID rId12 was not found in the file.

Bulut Bilişim | Özellikler

Yönetim Maliyet Üretkenlik

• • 

• • • 

• • • • • 

• 

• 

• • 

Sizin Yönettiğiniz

Bulut Sağlayıcılarının

Yönettiği

Bulut Hizmetleri

•  Sanal Makineler •  Sanal Ağ

•  Servis Olarak Uygulama Yönetimi

•  Servis Olarak Veritabanı •  Servis Olarak AD •  Entegrasyon Servisleri

•  Servis Olarak ERP •  Servis Olarak EPosta •  Servis Olarak CRM •  Servis Olarak DYS

Servis Olarak Altyapı

Uygulama / Veri

Altyapı

Platform

Servis Olarak Platform

Uygulama / Veri

Altyapı

Platform

Servis Olarak Yazılım

Altyapı

Platform

Uygulama / Veri

Şirket İçi

Uygulama / Veri

Altyapı

Platform

•  Altyapı: Sunucu, Ağ, Güvenlik, Depo, Sanallaştırma..vs

•  Platform: Veritabanı, Web Hosting, Ortakatman,..vs

•  Uygulama: Exchange, Office..

Platformun Altyapınla Beraber Kurulu Geliyor ! Sadece Kullan ! Altyapın Hazır !

Microsoft

Bulut Hizmet Sağlayıcı

Siz

Tek tutarlı

deneyim

Microsoft’un bulut tanımı

Microsoft

Bulut Hizmet Sağlayıcı

Siz

Tek tutarlı

deneyim

Microsoft’un kapsamlı bulut çözümleri

Unparalleled experience in online security

7

Identity and Access

Platform Integrity

Application Security

Data Protection

Network Security

Physical Security

Engineering System and Operational Security

Service security starts with the data center

Extensive Monitoring Fire Suppression Perimeter Security Multi-factor

authentication

ISO / IEC 27001:2005 Certification

SAS 70 Type I and II attestations (transitioning to SSAE 16/ISAE 3402 SOC 1, 2, and 3)

HIPAA/HITECH

PCI Data Security Standard Certification

FISMA Certification and Accreditation

Various State, Federal, and International Privacy Laws (95/46/EC—aka EU Data Protection Directive; California SB1386; etc.)

DDoS Protection in Azure •  DDoS attacks aiming to exhaust compute, memory, network bandwidth or other resources of a

service •  Windows Azure network infrastructure deploys DDoS defense system •  Standard DDoS volumetric mitigation techniques such as SYN floods, rate limiting and connection

limits •  Combined with SLBs to sanitize TCP/UDP traffic, including automated DDoS detection and mitigation •  On ongoing basis we validate that core Windows Azure services have adequate resilience to DDoS

attacks •  DDoS protection for platform services also benefits tenant applications •  However, it is still possible for tenant applications to be targeted individually

§  Customers should actively monitor their applications §  Customers should test their applications for interface specific attacks §  Deploy third part web application firewalls e.g. https://www.barracuda.com/programs/azure

•  If a customer notices their application is attacked, they should contact Azure Customer Support for assistance

Platform Integrity •  Reduced OS footprint •  Compute and Access Isolation

§  Isolation of the Host from the Guest VMs §  Isolation of Guest VMs from one another §  Host-mediated Guest VM access to network and disk

•  Anti-Malware •  Patch management

Data Protection •  Redundant storage

§  Replicated at least three times in the same datacenter §  Geo-replication to different datacenter

•  Storage accounts and keys •  Data backup •  Data deletion and destruction •  SQL Azure inherits SQL’s authentication/authorization system •  Data encryption in transit •  Data encryption at rest - IaaS customers may implement using .NET

cryptographic services or EFS

Securing Engineering System and Operations

•  Strong Identity Assurance

•  Granular Access Control •  Access to Customer Data is highly restricted

•  Logging and monitoring

•  Customers have access to logs of administrator actions affecting them

Application Security

•  One location to aggregate content across Security, Privacy, and Compliance

http://www.windowsazure.com/en-us/support/trust-center/