Security and Azure: Understanding Microsoft's Responsibility and defining Your Responsibility
In the cloud, a new matrix of responsibilities must be planned for. Unlike an on-premises environment where the responsibility is squarely on the environment owner, in the cloud security responsibility is shared with responsibilities shifting depending on the type of cloud service (IaaS, PaaS, SaaS) being leveraged.
In this session, we will talk about the responsibility Microsoft has in ensuring the Azure platform is secure and the processes, controls, and compliance that Microsoft leverages to provide this security. Then using the NIST Cyber Security Framework as a guide, we will talk about the customer's responsibility and the capabilities, solutions, and considerations that must be planned for when adopting cloud services. Mapping to the NIST cyber security framework (Identify, Protect Detect, and Respond) is intended to offer a real world take that audiences will be able to form a functional vision around, something that can built on in the real world.