Scribd
Upload
229 views25 pages

Data Security Powerpoint

This document provides an overview of Microsoft Corporation, including the products and services they offer such as operating systems, productivity applications, and cloud-based solutions. It then discusses Microsoft's approach to data security, describing the multi-layered design including technologies like Microsoft Defender for Cloud, Azure Active Directory, Azure Firewall, and Azure Key Vault. Specific threats are outlined for each layer along with example technologies to mitigate those threats. Virtual private networks (VPNs) are described as a way to securely connect to corporate networks over the internet.

Uploaded by

leanna hoyte
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
229 views25 pages

Data Security Powerpoint

This document provides an overview of Microsoft Corporation, including the products and services they offer such as operating systems, productivity applications, and cloud-based solutions. It then discusses Microsoft's approach to data security, describing the multi-layered design including technologies like Microsoft Defender for Cloud, Azure Active Directory, Azure Firewall, and Azure Key Vault. Specific threats are outlined for each layer along with example technologies to mitigate those threats. Virtual private networks (VPNs) are described as a way to securely connect to corporate networks over the internet.

Uploaded by

leanna hoyte
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Welcome to Microsoft Corporation

Done by:
Leanna Hoyte
Darrin Griffith
Lamar Jack
Description of
Company

• We generate revenue by
developing, licensing, and
supporting software,
hardware, and online
advertising.
Products we Offer

• Our products include operating


systems, server applications,
productivity applications, business
solution applications, desktop and
server management tools,
software development tools, video
games, and online advertising.
Our Services

Cloud-based solutions provide


customers with software, services
and content over the Internet, with
revenue from usage fees and
advertising.
Microsoft Risk Assessment
Brief Description

• MSRA is designed to evaluate


the effectiveness of a security
strategy by evaluating the
defense-in-depth concept.
Data Security Threats that affect
Microsoft

• Lost Device(s):

Mobile or remote employees can access data remotely from an


infected PC, compromising the security of the data.
• Identity theft:

Stolen credentials allow attackers to gain access to sensitive


information while impersonating an employee.
Contin

• Internal Threat:

The threat originates from within the organization itself and includes acts of espionage or various
methods of employee data theft.

• External Sharing of sensitive information:

Compromised employees or industrial spies may share sensitive data with outsiders, posing a serious
threat to data security.

07/17/2023
7
Microsoft Multi-Layered Data
Security Design

• Microsoft Defender for Cloud:

Unified infrastructure security


management system provides advanced
threat protection across hybrid workloads.

• Azure Active Directory:

The Microsoft cloud-based identity and


access management service.
Contin

• Azure Firewall:

A cloud-native, intelligent network firewall


security service that provides threat
protection for your cloud workloads that run
in Azure.

•  Azure Key Vault:

Key Vault is a secure store for tokens,


passwords, certificates, API keys, and
encryption keys.

07/17/2023
9
Microsoft Data Security
Policy

• Security policies set standards


and define procedures for
network and data protection.
Threats that are mitigated at the “Microsoft
Defender for Cloud” Layer

• Phishing and social engineering attacks:

Microsoft Defender for Cloud can detect and block phishing emails and
other social engineering attacks.
• Malware and viruses:

The solution uses machine learning and advanced technologies to detect


and block malware and viruses in real-time, preventing infections and
protecting against data theft.
Contin

• Identity-based attacks:

Microsoft Defender for Cloud can detect and respond


to identity-based attacks, such as stolen credentials or
brute-force attacks, that attempt to gain access to
sensitive data or systems.

07/17/2023
12
Two Technologies that can be
implemented to mitigate or
counteract at this layer

• Behavioral analysis:

Microsoft Defender for Cloud uses behavioral


analysis to detect potential threats and block
them.

• Machine learning:

Machine learning is used by Microsoft Defender


for Cloud to detect and respond to threats, such
as phishing emails, login attempts, and network
activity.
Threats that are mitigated at the “Azure Active
Dictionary” Layer

• Password attacks:

Azure AD provides features to protect against password attacks, such as password


complexity requirements, password expiration policies, and MFA.
• Insider threats:

Azure AD provides tools to monitor and control user access to resources to prevent
insider threats.
• Malware and phishing attacks:

Azure AD integrates with Microsoft Defender for Endpoint and Office 365 to protect
against malware and phishing attacks.
Two Technologies that can be
implemented to mitigate or
counteract at this layer

• Multi-Factor Authentication (MFA):

MFA is a security technology that requires users to


provide two or more forms of authentication to access
resources, even if an attacker has compromised their
password.

• Conditional Access:

Conditional Access allows administrators to define


access policies based on user location, device, or risk
level to prevent unauthorized access and reduce data
breaches.
Threats that are mitigated at the “Azure
Firewall” Layer

• DDoS attacks:

Azure Firewall can help mitigate DDoS attacks by blocking malicious IP addresses and limiting traffic based on source IP address.

• Network-based attacks:

Azure Firewall can protect against network-based attacks and restrict traffic to specific ports and protocols to prevent
unauthorized access.

• Insider threats:

Azure Firewall can protect against insider threats by using network segmentation and access controls to restrict access
to resources.
Two Technologies that can be
implemented to mitigate or
counteract at this layer

• Network Security Groups (NSGs):

Administrators can use NSGs to restrict traffic


based on IP address, port, and protocol to reduce
the attack surface and protect against network-
based attacks.

• Threat Intelligence:

Azure Firewall can use threat intelligence feeds


to identify and block traffic from known
malicious IP addresses and domains, reducing
risk and improving security posture.
Threats that are mitigated at the “Azure
Key Vault” Layer
• Unauthorized access to secrets:

Azure Key Vault provides role-based access control and access policies to limit access to
secrets and ensure only authorized users can access them.

• Key compromise:

Azure Key Vault uses HSMs to protect against key theft and tampering.

• Insider threats:

Audit logging and monitoring can help identify and investigate potential insider threats.
Two Technologies that can be
implemented to mitigate or
counteract at this layer

• Multi-Factor Authentication (MFA):

Azure Key Vault can be configured to


require MFA for access to secrets,
reducing risk and improving security.
• Key Rotation:

Azure Key Vault can automatically rotate


keys and certificates to reduce risk of key
compromise and improve security.
What is a VPN?

• Virtual Private Network

VPNs provide secure access to corporate


networks and encrypt data between cloud
services and on-premises infrastructure.
How does a VPN work?

• A VPN (Virtual Private Network)


works by establishing a secure,
encrypted tunnel between two
devices or networks over the
internet. When a VPN
connection is established, all data
sent between the two devices is
encrypted and secured,
protecting it from interception
and unauthorized access.
Layer the VPN would be
implemented at

• Azure Firewall Layer


Threats that would be mitigated or counteract by
implementing a VPN at this layer

• Eavesdropping

VPNs provide a secure, encrypted tunnel to protect data from eavesdropping.


• Man-in-the-middle attacks:

VPNs protect data from man-in-the-middle attacks by encrypting and securing it.
• Unauthorized access:

VPNs can help prevent unauthorized access to corporate resources by requiring


multi-factor authentication.
Two Disadvantages or Shortcomings of the Technology

• Slower network performance:

VPNs can slow down network


performance when transmitting large
amounts of data or using bandwidth-
intensive applications.
• Security risks if not configured properly:

VPNs can be insecure if not


configured properly, allowing
attackers to bypass security
measures and exploit vulnerabilities.
Two possible ways the
Technology can be improved

• Implementing better encryption algorithms:

VPNs can provide strong encryption without


sacrificing network performance by using
more efficient encryption algorithms.
• Implementing better security controls:

Organizations should implement better


security controls and monitor VPN
connections for potential security breaches.

You might also like