This episode is sponsored by the CIO Scoreboard
If you have questions about Microsoft Azure Security you will love this interview with David Cross.
David Cross is the General Manager in charge of Security with Microsoft Azure. He has been the primary inventor of over 25 security patents and is the author of numerous publications and white papers. Prior to Microsoft, he served 5 years with the aviation electronic warfare community with the US Navy. He has a BS in CIS and a MBA.
One of the really fun parts of this interview is actually learning about his invention process as I was very curious about it since he has so many patents!
Learning opportunities are below that include, information show notes, links for videos to access specific Azure related information from the interview.
The Future of Information Sharing and Security
Competitors (eg Microsoft and Google) sharing information – Microsoft founded Interflow to explore this and build sharing capabilities via TAXII and STIX.
Scaling Information Security Expertise
Why “Assuming the Breach” is the right stance to have with IT Security.
To Microsoft this means that the philosophy, mentality and mindset:
- They are always testing themselves
- Perform War-game exercises
- Red Team – to find holes and weaknesses, Identify gaps, points of entry, risks and take them on
- Blue Team – to detect and remediate attacks (planned and unplanned – stealth/ military exercises)
- Compliance – third party outside entities
A Day In the Life of an Incident Responder at Azure
How Microsoft works in partnership with the customer. Listen to examples @13:30
Joint support and help is a big advantage with Microsoft and
Microsoft’s approach to privacy and trust.
Microsoft has no visibility into their VMs
They only watch what is going “out”
Your VMs and Apps are private unless you (ASK) Microsoft.
@16:50 – Integrating Third Party Security Service Providers into the Azure Data Center
You can export data into you log management system or SIEM as well.
Or you can use Microsoft to do this
Do it yourself in Azure or Hybrid on their own premise.
@19:00 Integrating your own own logs into Azure
Combine Microsoft OMS Ops Management Services
Combine On-premise logs and Azure logs into a common tool sets
Focus on making tools work with customer tools
Who owns the data?
You chose location and replication of your data.
The key is Customer has this option of choice where it is stored and replicated.
Can the FBI / Law enforcement walk in and demand to see your data?
@21:40 note from host – “ I love his response here” that is there data and Microsoft refers them to who owns the data. They don’t have persistent access to customer data unless it is approved by the customer.
Mentioned – New Office 365 ‘lockbox’ functionality to enhance and ensure user control
Microsoft Appliance Support on Azure @23:30
Consistency is key for Azure.
Integration of Services match Azure integration
On premise functions have to be same as Cloud
Identity Management Options
Enforce ADFS Active Directory Federation Services for Azure employees accessing resources
Multi-factor access for Azure employees is 100% enforced and (inside or outside the company)
The Two Most Common Intrusions and the two Most Powerful Method to Ensure Security:
Against most common hacks of
- Phishing Attack Malware designed to steal your credentials
- Drive By Malware (via web surfing)– compromise your machine to launch attack once you are online
David discusses how Microsoft Azure uses Multi-factor authentication using ADFS or Azure AD is a huge Spread Bump for potential hackers!
- ADFS – lots of options are available
- Azure Active Directory – uses phone multi factor
DDOS Prevention Capabilities
Individual protection of applications and tenants and IPs need specific capabilities from partners.
Microsoft Azure focus related to DDoS is more global in scope as it relates to protecting Azure customers in a DDoS situation (consumption of bandwidth etc).
Microsoft Azure Security Center – Microsoft is looking at threats around world (MSN, Xbox, Bing, Skype, etc) so they can combine threat intelligence around world.
What is Azure Jit @37:00 Critical Learning Highlights
- A Microsoft Azure tech has No elevated permissions into customer environment
- Internal Jit (just in time) approvals needed to to do troubleshooting. Also refer to PDF slide presentation David gave on this topic at RSA 2015. It is wonderful. Jit explanation is on slide #28 of 47.
- Jit access has to be tied to a customer incident
- Mandatory – Multi-factor access
- Must Define scope
- Only admin functions are allowed for a specified time
Secure Admin workstations
- @38:15 – Azure employees must use secured, signed tools that can access Azure
- They are locked down machines.
- No access to internet
- Prevents ‘drive by’ infections
- Risk is reduced significantly
Machine Learning via Azure – Context is King – Critical tool set for many things @38:30
- Context is critical
- The focus for Microsoft is not to just look for anomalous behavior but to combine multiple context points in order to detect anomalous behavior.
- Context provides power.
- Just looking for anomalies is not good. Context is the missing component.
How David Comes up with great ideas for his security patents @48:45
How to get in touch with David Cross
Follow him on Twitter: @DavidCross_MS
Great Research Resources:
David’s Azure and Security Blog Posts
This episode is sponsored by the CIO Scoreboard
All methods of how to access the show are below:
- Listen on iTunes (for iPhones etc.)
- Listen to it on Stitcher (This is for Android Phone Users. Download the Stitcher app here)
- Stream it on Libsyn
- Listen to it on Soundcloud (This is for listening via PC/Mac Browser)
- Please subscribe here to Bill Murphy’s Redzone Podcast on iTunes
- Subscribe to my RSS Feed here
- Link to LinkedIn blog post
Leave a podcast review here
Bill is dedicated to your success as an IT Business Leader. Follow Bill on LinkedIn and Twitter. Subscribe below for weekly podcast, CIO Mastermind and CISO Mastermind updates delivered to your inbox easily and effortlessly.