Assume breach, Microsoft’s approach and experience on Cloud Security – Webinar 15 June 2020

< 1 min leestijd

In their third webinar, the Cyber Security Coalition Cloud Security Focus Group had Bart Asnot (Technical Solutions Professional – Security Microsoft) explain how Microsoft looks at cloud security.

Main focus of the presentation was on Microsoft’s ‘Prevent Breach’ and ‘Assume Breach’ philosophies, both preparing for cloud security. ‘Prevent Breach’ we’re all familiar with as its goal is to keep the bad guys out. It is being realized by e.g. code reviews, security testing and techniques alike. ‘Assume Breach’, however, focusses on the preparation of your environment, people, processes and technologies to detect actual attacks and penetrations. By identifying and addressing gaps in all of these you will be able to better detect, respond and recover from attacks and penetrations.

To secure their cloud journey Microsoft adapted the Zero Trust model. Depending on the information you want to access, a specific level of trust is required before access can be granted. By evaluating the user identity requesting access, the device used to do so and the information that is to be accessed, the organizational policy decides if access can be granted and which security policy is to be enforced.

To top things off a demo illustrated some of the use cases mentioned.

(Visited 59 times, 1 visits today)

About the author

Roel Wouters is Group Cloud Risk Manager at KBC Group. During his fourteen year career at KBC he worked as Information Security Officer, ICT-analyst expert and operational risk manager.