4. Microsoft MVP (Enterprise Security)
Microsoft Certified Trainer (18 years)
Founder: Cybercrime Security Forum!
International Event Speaker
Winner: Microsoft Speaker Idol 2006
Andy Malone
(United Kingdom)
Follow me on Twitter
@AndyMalone
7. The Journey from Revolution to Evolution
The Industrial
Revolution
The Industrial
Internet
1760 - 1840
2005 - Present
The Internet
Revolution
1980 - 2005
8. Revolution or Evolution
The Mainframe Era
The Home Computer Revolution
The PC Dream
The Internet Age
The Mobile Era
The Cloud Era
11. The Explosion of Data
• Challenges
•
•
•
Anytime, anywhere, any
device connectivity
Explosion of data in all areas
Discover, search, and analyze
information in near real-time
• Responses
•
•
•
•
Massive build-out of data
centers
Innovations in technologies
From infrastructure-focused to
user-centric deployment
New business models
Doubling
every
2 years
12. What drives the cloud?
Consumerism
High Speed
Connections
Elastic Data
Storage
Data center
Reliability
99.9% SLA
Simple
Management
Safe & Secure
15. Cloud Solutions
SaaS
Applications at Scale
(Software as a Service (End
(End users)
users)
Execution Platforms at Scale
PaaS (Platform as a Service) Developers
(Developers)
Infrastructure at Scale
IaaS (Infrastructure as a Service (Administrators
(System Administrators)
Enabling Technology (Cloud Service Delivery at Scale
(Public / Private Cloud Providers)
Cloud Service Delivery at Scale (Public / Private Cloud Providers)
Cisco Confidential
18. In the Cloud World: Size Matters
• Firstly many vendors are moving to
cloud hosted software
• As such…
– Smaller entities expected to migrate
fully to the cloud (e.g. Office 365)
– Medium entities will typically look at a
cloud or Hybrid solutions
– Larger entities may typically use Private
or Hybrid solutions
19.
20. Identity & the Microsoft Cloud
• Separate credential from on-premises
credential
• Authentication occurs via cloud
directory service
• Password policy is stored in Office 365
• Does not require on-premises server
deployment
• Same credential as on-premises
credential
• Authentication occurs via on-premises
directory service
• Password policy is stored on-premises
• Requires on-premises DirSync server
• Solutions include Dirsync & Password
Sync
• Or Dirsync & On-premises ADFS server
Single Sign On!
21. What is Windows Azure Active Directory?
• Customized Version of ADLDS / ADAM
• Every Office 365 Customer is an Azure AD
Tennant
• Designed primarily to meet the needs of
cloud applications
• Extends Customers Active Directory into
the cloud
• Think of it as a Fish on a Hook!
• Identity as a service: essential part of
Platform as a Service
22. Relationship to Windows Server AD
• On-premises and cloud Active
Directory managed as one
• Directory information
synchronized to cloud, made
available to cloud apps via
roles-based access control
• Federated authentication
enables single sign on to cloud
applications
23. Why is WAAD So important
While enterprises work to consolidate identity system on-premises, cloud apps
are fragmenting identity… again
26. Know where your Data is Stored
10 – 100 Datacenters (DCs) worldwide
Multiple Content Delivery Network (CDN)
“edge nodes” around the world
Datacenter network conn
29. Service Level Agreements (SLAs)
• Contract between customers
and service providers of the
level of service to be provided
• Contains performance metrics
(e.g., uptime, throughput,
response time)
• Problem management details
• Documented security
capabilities
• Contains penalties for nonperformance
30.
31. Privacy in Office 365 & Windows Azure
The Microsoft strategy for privacy is to set a “high bar” around privacy practices that support global
standards for data handling and transfer
No Advertising
No advertising products out of Customer Data.
No scanning of email or documents to build analytics or mine data.
Data Portability
Office 365 Customer Data belongs to the customer.
Customers can export their data at any time.
No Mingling
Choices to keep Office 365 Customer Data separate from consumer services.
32. Comparison to the Consumer Cloud
...Everything is Cloud
Cisco Confidential
33. The Consumer Cloud
The Privacy Dilemma
• Facebook, Google, Skype, Twitter, LinkedIn
etc are all US BASED Companies. Who have
access to your data?
• Social-networking sites allow seemingly
trivial gossip to be distributed to a
worldwide audience, sometimes making
people the butt of rumours shared by
millions of users across the Internet
• Public sharing of private lives has led to a
rethinking of our current conceptions of
privacy
35. The Consumer / Public Cloud Privacy Dilemma
Linked In
Additionally, you grant LinkedIn a nonexclusive, irrevocable, worldwide,
Facebook
perpetual, unlimited, assignable, sublicenseable, fully paid up and royaltyfree right to us to copy, prepare derivative works of, improve, distribute,
“You hereby grant Facebook an irrevocable, perpetual, non-exclusive,
publish, remove, retain, add, process, analyze, use and commercialize, in any
transferable, fully paid, worldwide license (with the right to sublicense) to (a)
way now known or in the future discovered, any information you provide,
use, copy, publish, stream, store, retain, publicly perform or display, transmit,
directly or indirectly to LinkedIn, including but not limited to any user
scan, reformat, modify, edit, frame, translate, excerpt, adapt, create
generated content, ideas, concepts, techniques or data to the services, you
derivative works and distribute (through multiple tiers), any User Content you
submit to LinkedIn, without any further consent, notice and/or
(i) Post on or in connection with the Facebook Service or the promotion
compensation to you or to any third parties. Any information you submit to
thereof subject only
us is at your own risk of loss. to your privacy settings or (ii) enable a user to Post,
including by offering a Share Link on your website and (b)
to use your name, likeness and image for any purpose, including commercial
or advertising, each of (a) and (b) on or in connection with the Facebook
Service or the promotion thereof. You may remove your User Content from
the Site at any time. If you choose to remove your User Content, the license
granted above will automatically expire, however you acknowledge that the
Company may retain archived copies of your User Content.”
39. Edward Snowden
• Revealed classified NSA details
of a global surveillance
apparatus run by the NSA and
its Five Eyes partners, and
numerous commercial and
international partners
• Release was called the most
significant leak in US history
41. Boundless Informant
• Powerful data mining tool for
recording and analysing of
intelligence
• Uses Big Data capture technology
& provides near real time
business intelligence to tactical &
strategic decision makers
• Looks for visible trends, Deep
metadata extraction
• Raw blob data analytics & back
end processing (MapReduce,
HDFS, Cloudbase)
42. The Technology behind Boundless Informant
•
•
•
•
•
CloudBase is an open source data
warehouse system for upto Pb scale
analytics
Built on top of Map-Reduce
architecture
Analyses using ANSI SQL to directly
query large-scale log files arising in web
site, telecommunications or IT
operations
Allows you to query flat log files using
ANSI SQL
Visit CloudBase home page for detailshttp://cloudbase.sourceforge.net
43. The Technology behind Boundless Informant
• MapReduce is based upon
Intel’s Predictive Analytics
platform for the capture and
analysis of Big blob data
• Combines Hardware &
Apache Hadoop Software
• Many applications including
commercial, military, energy
management etc
52. “For to be free is not
merely to cast off one's
chains, but to live in a way
that respects and
enhances the freedom of
others”
Nelson Mandela
53.
54. “If there is no right to
privacy then there can be
no true freedom of
expression and therefore
no true democracy”
Dilma Vana Rousseff
55. Finding the Correct Balance!
Is it right that the foundational Technologies of the Internet, Cryptographic
Algorithms, Domain names, IP Address backbone be dominated by the One
Nation? Perhaps Is it time for this infrastructure to be internationally managed
Independently of any one Country?