Академический Документы
Профессиональный Документы
Культура Документы
end-to-end IT
Security
Bruce Cowper
Senior Program Manager, Security
Initiative
Microsoft Canada
Agenda
The Microsoft Landscape
IT Environment
Business Challenges
Chief Concerns
Microsoft IT Environment
340,000+
computers
121,000
endusers
98 countries
441
buildings
15,000 Vista
clients
25,000 Office
2007 clients
5,700
Exchange 12
mailboxes
31 Longhorn
servers
46,000,000+
remote
connections
permonth
189,000+
SharePoint
Sites
4 data centers
8,400
production
servers
E-mails per
day:
3,000,000 internal
10,000,000 inbound
9,000,000 filtered
out
33,000,000 IMs
per month
120,000+ email
serveraccounts
Balancing Business
Challenges
Network Attacks Are
Sophisticated
Complex
Covert
Software Dev
business
requirements
Beta
environment
Corporate culture
of
agility and
autonomy
Large population
of
mobile clients
Secure Network
+
Compliance
Define
Operate
Design
How We
Align
Network Security
Monitor, Detect, Respond
Attack & Penetration
Technical Investigations
IDS and A/V
Compliance
Regulatory
Compliance
Respond
Vulnerability
Scanning &
Remediation
Define
Security Architecture
InfoSec Governance
Scorecarding
Assess
Monitor
Operate
Design
Application Threat
Modeling
Engineering Lifecycle
Process & Methods
Pursuing Excellence
Skilled
Intelligent
Informed
Connected
Current
Leveraged
Peopl
e
Technolog
y
Global
Standard
Followed
Process &
Policy
Secure the
Network
Identity &
Access
Management
IP and Data
Protection
Enhanced
Auditing &
Monitoring
Awareness
Secure
Extranet and
Partner
Connections
Secure
Remote
Access
Network
Segmentatio
n
Network
Intrusion
Detection
Systems
Hardening
the Wireless
Network
Identity &
Access
Management
Strong
Passwords
Public Key
Infrastructur
e: Certificate
Services
E-Mail
Hygiene and
Trustworthy
Messaging
IP and Data
Protection
Enhanced
Auditing &
Monitoring
Least
Privileged
Access
Automated
Vulnerability
Scans
Managed
Source Code
Combating
Malware
Security
Development
Lifecycle - IT
Security
Event
Collection
Securing
Mobile
Devices
Futures
Awareness
Information
Security Policies
Training and
Communication
s
Business
Practices
Implementing
Defense in Depth
Security
Management
Secure against
attacks
Protects
confidentiality,
confidentiality,
integrity and
availability of
data and systems
Manageable
Protects from
unwanted
communication
Predictable,
Predictable,
consistent,
responsive service
Commitment to
customer-centric
Interoperability
Controls for
informational
privacy
Maintainable,
Maintainable,
easy to configure
and manage
Recognized
industry leader,
leader,
world-class partner
Products, online
services adhere to
fair information
principles
Resilient,
Resilient, works
despite changes
Open, transparent
Recoverable,
Recoverable,
easily restored
Proven,
Proven, ready to
operate
Excellence in
fundamentals
Best practices,
whitepapers and tools
Security
innovations
Authoritative incident
response
Security awareness
and education
through partnerships
and collaboration
Information sharing
on threat landscape
Service Pack 2
Service Pack 1
4.5B total
executions; 24.5M
disinfections off of
9.6M unique
computers
Dramatically reduced
the number
of Bot infections
As of October 2006
Servic
es
Edge
Ne
tw
o
rk
Ac
c
Server
Applicatio
ns
es
Pr
o
te
c
tio
Enc
rypt
ing
File
Sys
BitL
tem
ock
(EF
er
S)
Informatio
n
Client and Protection
Server OS
(N
AP
)
Identity
Management
Active Directory
Federation Services
(ADFS)
Systems
Management
Guidance
Developer
Tools
Infrastructure Optimization
Model
Uncoordinated,
manual
infrastructure
Cost Center
Managed IT
infrastructure
with limited
automation
Managed and
consolidated IT
infrastructure
with maximum
automation
Fully automated
management,
dynamic resource
usage, business
linked Service Level
Agreements (SLA)
More Efficient
Cost Center
Business
Enabler
Strategic
Asset
Infrastructure Optimization
IT staff taxed by
operational challenges
Users come up with
their own IT solutions
IT processes undefined
High complexity due to
localized processes &
minimal central control
Patch status of
desktops is unknown
No unified directory for
access management
IT Staff manages an
efficient, controlled
environment
Users have tools they
need, high availability, &
access to information
IT is a strategic asset
Users look to IT as a
valued partner to enable
new business initiatives
IO at Microsoft: a Work in
Progress
Microsoft IT is seen by
customers and
developers as a critical
testing ground for new
products
Industry leadership in
security, best practices
(MOF, ITIL)
Users have SLA of
99.99%
Leading Security
response (MSRC)
Centralized directory
Update management
through Systems
Management Server
(SMS)
Operations
$734
16%
$617
36%
$394
Administration
$428
Total Direct Costs
$2,568
$373
8%
$2,356
$366
14%
$2,017
$2,450
$2,952
Total TCO
$5,520
13%
$4,806
$1,306
31%
$3,323
Examples of IO Benefits at
Microsoft
Security
SMS: Patch/Update
Management
Operations
Sever Consolidation
& Operational Efficiencies
deployment time
Productivity
Improved connectivity
through IM, SPS, Remote
Mail, Smart Phones
sites
30% reduction in infrastructure servers
Improved SLA to 99.99%
200% increase in storage capability
Reduced support costs $3 million
Reduced internet costs $6.5 million
(OWA) users
180,000 SharePoint Team Sites
Mobility client satisfaction improved
18%
Key Capabilities
Identity & Access Management
Desktop, Server, & Device Management
Security & Networking
Data Protection & Recovery
Communications & Collaboration
Mediums
Technology
Futures
Participation in
Security-101
Information Security
Futures