Security & Compliance in the Azure Cloud

Security and Compliance Azure was the topic of the 3rd SAM Club Azure User Group meeting, that was kindly held by HEMPSONS at their central London office. The group has grown with several new attendees to this event and it was great to have their insight on the journey to Azure.

Azure Security & Compliance - SAM Club event 9th Apr 2019

The meeting kicked off with a presentation from Stuart Aston, National Security Officer at Microsoft. Discussing how the journey to Azure starts for many companies, it tends to start with Office applications via Office 365, or IaaS as it’s an easy left and shift of on premises services.

Microsoft Service Trust Platform

Stuart introduced the group to a great resource for fact finding around security and compliance of the Microsoft Cloud. This portal provides access to reports such as ISO surveillance, penetration test results and government blueprints.

Microsoft spend $1 billion a year on security to provide assurance to clients that their data will remain safe in the cloud and work closely with Government cybersecurity.

Decisions to make internally when moving to Cloud

Identity – one of the first things to be targeted by hackers. Microsoft highly recommend using Multifactor authentication, it reduces the chances of success two-fold.

Device – Devices need to be secure and software updated, policies such as BYOD need to be reviewed if considering moving to cloud. A BYOD policy equals higher risk – the Martini effect: Anytime, Anyplace Anywhere. The end user device is where most data breaches happen and is where the hackers target. Consider regular health checks on the device and consider if it is safe for the end user to access firm data via that device.

Apps and data – decisions need to change around risk assumption, such as admin users having unrestricted access.

An example was raised of the Ashley Madison website hack, where 37 million user’s personal information was leaked and there were many work email addresses used. One in five people use the same password for work and personal use. How many people in your organisation are doing this?

Azure Sentinal

Stuart recommended a new tool from Microsoft called Azure Sentinal which enables IT to see and stop threats before they happen. It is a Cloud and AI application that provides a bird’s eye view across the enterprise.

Microsoft share threat intelligence and are part of the CISP (Cyber security Information Sharing Partnership) which is an initiative between the government and industry to combat cyber threats.Information is shared on threat intelligence only, not any customer information or data.

Stuart recommended joining CISP if your firm is not already a member.

Microsoft Datacenter security

Stuart discussed the level of physical security at the 39 Microsoft datacenters around the world – such as tank traps, zigzagged roads, biometric and body scans people must get through before even entering the building.

Even then the data is totally anonymous, nobody in the building knows which company’s data is stored on a server and all hard disks that are not in use are destroyed on site.
There are several highly regulated industries already using the Cloud and it’s unlikely that most organisations would have the billions of dollars spent on security that Microsoft do.

Cloud Principles

There is access online to guidance on what to request from suppliers when compiling questions and gaining evidence to present to the board when moving to the cloud to address security and compliance concerns.

Azure Security & Compliance - SAM Club event 9th Apr 2019

Round table discussion

The round table session posed some questions from the group:

Stuart was asked to discuss an example of a use case where there was resistance to moving to the cloud and what the success factors were in converting them.

Cost – Microsoft state it’s generally cheaper to move infrastructure to the cloud
Security – it’s more secure, Microsoft carry out more PAT tests, they have an attack team who regularly try to penetrate their own systems. They have access to threat intelligence and are always using the latest Operating System.
New features are delivered faster in Cloud – this does also provide some level of risk.

Where data is held is the biggest fear for law firms

There are 39 Cloud regions worldwide. When starting with Azure you can decide on which region to use to store your data. Stuart mentioned the Microsoft Dublin data centre case to highlight the lengths Microsoft went to in ensuring an individual customer’s privacy. Microsoft took the case to one of the most expensive courts in the World to challenge a warrant seeking emails belonging to an individual stored in Dublin.

How AI is used to check for malware

Law firms are using Mimecast to protect their email and Microsoft also recommend Defender ATP, plus steps made internally to whitelist and stop people gaining admin access – making hacking harder. Scanning your own services for attacks – defence in depth should be a policy to lower the risks.

Multifactor Authentication outage

Microsoft’s outage of the MFA service caused users a lot of problems with accessing Office applications. Stuart said that whilst this was not good enough – it happened, and organisations should plan for offline working in case of any outage incidence.

OneDrive is a back up solution so that users can access office applications.

How can the IT dept keep up with the complexity of new features from Microsoft?

There are notifications from Microsoft of new features and Roadmaps provide details of the new features coming up, these are now drip-fed throughout the year rather than in one hit. Need to monitor and prioritise which vendors to invest time in tracking.

To help with training and implementing Azure and new features the following resources are available:

Microsoft direct account team
Fast track Azure Team
Online Learning – MSLearn
The Trust portal is a useful tool for presenting to the board, it can help you put together a matrix of questions and evidence to present to them.
Office 365 Security and Compliance guide

Next meeting

The meeting rounded up with an agreement on the next topic : Chatbots – how they are implemented and real use cases.

To find out what was discussed at our previous meetings, please see our recent blog posts – Azure User Group Meeting and Azure Dev Test. If you are interested in attending the next meeting please register.

SAM Club Kickers Fantasy Premier League Winner announced

What a final week of the season… Great comebacks from both Liverpool and Spurs in the Champions League to reach the final. And then Arsenal and Chelsea also getting through to the final of the Europa League. With all the talk about Brexit, it is a bit ironic that English Clubs are dominating European Football….

Back to the Premiership – what a season for both Manchester City and Liverpool. It is amazing that Liverpool’s 97 points would have won them every single Premier League title apart from last season and this season. So Manchester City have won the Premiership for the last two seasons.

Now onto The SAM Club Kickers final positions. And it is congratulations to Jonathan Bush who takes the title for the 2nd year running…..emulating Manchester City. The trophy will be on its way to you shortly.

Have a great summer, keep an eye on the transfer activity (unless you are a Chelsea fan….although it looks like Hazard is on his way!) and look out for information on next seasons Fantasy Football Competition.

Noticed how Ian has managed to get himself in the top 10 snapshot 😉

SAM Club Kickers Fantasy Premier league winner

Visual Studio 2019 now available

Microsoft announced that Visual Studio 2019 is available to download as of 2nd April 2019. With improvements on the previous version, Visual Studio 2019 enables users to get into code more quickly by making it easier to use.

Visual Studio 2019

Visual Studio is licensed per developer and provides Azure Credit for subscribers:

  • US$50 for Visual Studio Professions (standard subscription)
  • US$150 for Visual Studio Enterprise (standard subscription)

Note: Overages are billed after the monthly credit has been consumed.

If you are considering Azure for Dev & Test purposes, then check out our blog from our recent Azure User Group meeting on this subject.

Visual Studio is also the perfect solution for gaining access to the latest Microsoft releases for Dev & Test use (Windows Server, SQL Server etc).  See the latest version of the benefits by subscription level here.

If you would like to know more about licensing Visual Studio or to get advice on your current licensing position, please get in touch.

System Center 2019 now available

Microsoft announced the general availability of System Center 2019 on 14th March 2019. As customers grow their deployments in the public cloud and on-premises data centres, management tools are evolving to meet customer needs. System Center continues to play an important role in managing the on-premises data centre and the evolving needs with the adoption of the public cloud.

System Center 2019

Some of the features include:

  • Tools to monitor and manage data centers
  • Support and manage capabilities in the latest versions of Windows Server
  • Enable hybrid management and monitoring capabilities with Azure

System Center 2019 is in the LTSC (Long Term Servicing Channel) which provides 5 years of standard and 5 years of extended support.

Click here for further information on the announcement and how System Center can benefit your organisation.

If you would like independent advice on your current licensing position, please get in touch. We offer an independent SAM Managed Service or can work with clients on a project basis for upcoming Microsoft renewals and compliance reviews.

Veritas announced the End of Standard Support for Backup Exec 16 with effect from 2nd April 2019

The latest release of Backup Exec is 20.3

Veritas Backup Exec 16 Ened of support

Existing customers with active maintenance may be entitled to upgrade at no charge. Veritas Support is available to assist customers who are actively upgrading from Backup Exec 16 to Backup Exec 20.x. Upgrade Support is limited to upgrade assistance and does not include step-by-step guidance nor consultancy about the upgrade process nor troubleshooting Backup Exec 16.

Customers running Backup Exec 16 who wish to migrate their existing jobs and backup data to new hardware can follow the steps provided in the articles below as appropriate for their environment:

• Article 100020224 – How to migrate (move) Backup Exec from one system to another with the same version of BE, Windows and same or different computer names
• Article 100001807 – How to migrate Backup Exec to another server with a different Windows OS version
• Article 100020072 – How to migrate (move) Backup Exec from one version to another on a different server with a different server name
• Article 100012412 – How to migrate (move) Backup Exec from one computer to another using the same version of Backup Exec and Windows, and the same computer name
• Article 100017867 – How to Copy the Backup Exec Database (BEDB) from an existing Backup Exec Server to a new Media Server with the same or different server name
• Article 100027163 – Disaster recovery of Deduplication Disk Storage in Backup Exec 2012 and above
• Backup Exec Administrator’s Guide, Duplicating backup sets or a job history manually

As from 2nd April 2019, requests for support for Backup Exec 16 releases will be denied by Veritas Customer Care unless the customer has a valid Extended Technical Support contract in addition to a valid maintenance agreement. Please see the links below for more information.

Veritas Technical Support Solutions Handbook

Veritas Product Lifecycle:
Veritas Services and Operations Readiness Tools
Veritas End of Life Policy
Veritas End of Life Table

Please contact The SAM Club at info@thesamclub.co.uk if we might help you understand:-

• Your Backup Exec Licenses
• Releases that you are entitled to
• Your Support & Maintenance Renewal Dates
• If you’re confused by the data in your MyVeritas licensing portal – we provide a Licensing Portal Health Check & Clean-up Service
• Explore converting your Agents & Options licensing model to the Capacity (per Terabyte) licensing model & if this might result in ease of use and/or renewal cost savings

Azure User Group Meeting

The SAM Club’s first Azure User Group Meeting was held at Microsoft, 2 Kingdom Street, Paddington, London, W2 6BD on Thursday 24th January 2019 with several of our clients in attendance.
Azure User Group event - The SAM Club
The objective of the Azure User Group is to help educate and provide a means of communication with Microsoft and peers on the Azure Infrastructure solution.

Microsoft started off talking through some use cases of Legal Services clients who have made a transition to Azure – including Taylor Wessing, Farrer and other clients who cannot be named.

Another firm was mentioned but is to remain anonymous, who run their production workload on-premise, but are using AI to get better insight into identifying fraudulent claims. AI augments work in the middle office to flag claims that could be fraudulent based on intelligent analytics. They have already flagged over 100 cases using the technology.
Azure User Group attendees - The SAM Club
Open discussions followed which touched on the following subjects:

Security

A big concern amongst the Legal firms; was Client and Personal confidential data in the Public Cloud & Security.

Microsoft discussed the level of security in their datacentres from a physical aspect, the datacentres are protected to military levels and are not found on maps. Any visitors to the datacentres are checked out and all electronic devices are taken from them before they can enter. All data held within the datacentres is anonymised, so no member of staff could identify which data set belongs to which organisation.

Compliance

Legal firms are regularly audited by their biggest clients, particularly big banks which may be using Azure themselves. However, the compliance teams don’t understand Azure and want to be able to see and access the data.

A point was raised to Microsoft to educate the Compliance industry – Microsoft do have a large list of compliance accreditations and can discuss compliance organisations such as SOX, SRA & Banks.
Partners in legal firms are more concerned about where data resides and if something goes wrong; it is their reputation on the line.

Resilience

It was mentioned that Azure and Office 365 does take away control with getting the infrastructure back up if there are outages. But there is nothing the IT team can do and feel powerless. With a new site going live it can leave confidence a bit shaky. There needs to be more detailed information available from Microsoft in these situations to help manage expectations.

Microsoft mentioned that they replicate an organisations server in the cloud two times to ensure resilience.

Blockers

Microsoft advised that they are actively working with vendors to ensure their applications are available and can be run within the Public Cloud.

Auto scaling and Optimisation of VMs in Azure

Optimisation of workloads was not seen as a big concern for legal firms as they don’t have a ‘Black Friday effect’ sometimes there is a slow down in app performance if a SQL report is run and fee earners all launch an app at the same time. Microsoft talked about daily peaks and troughs in app usage and possible savings Azure can offer in working out compute costs.

The next meeting

The Azure User Group attendees agreed that the discussions were informative and would like to continue monthly initially. The next agenda topic was agreed to focus on Test and Development environments and the benefits of Azure.

Here are some testimonials from the event
“Great kick off to the Azure User Group. Found it very insightful. Looking forward to the next one and hopefully using the sessions to assist us with our thought process for moving to Azure. Looking forward to the next meeting.”

“I found the Azure User Group meeting extremely useful, as it was good to meet up and discuss with fellow counterparts in other organisations that are in similar positions and are able to share their experiences. Also, being able to provide feedback to Microsoft face to face and how they can help was also very beneficial. Can’t wait for the next one”

If you have not already subscribed to our blog subscribe here to keep up to date with the Azure User Group updates and if you are interested in attending please get in touch.

Azure Cloud Solution Provider vs EA

Azure Cloud Solution Provider
The Azure Cloud Solution Provider (CSP) is being mentioned more by the Licensing Solutions Partners (LSP) when discussing Microsoft renewal options. At The SAM Club we have been asked several times – what the difference is between the Azure Cloud Solutions Provider and the Enterprise Agreement (EA). Recently Microsoft have produced a PDF to help differentiate between the options.

Having analysed this further, we have the following observations which should be considered:

  • The EA is now for a minimum of 500 Users. Organisations that are below 500 Users with an existing EA which expires before 30th June 2019 are allowed to renew their EA one more time.
  • The CSP doesn’t provide a from SA SKU. For example, an organisation that is licensed for Office Pro Plus and Enterprise CAL Suite with SA wouldn’t gain a price reduction for owning these products with current SA.
    However there may be an option/benefit to resell the existing Microsoft Licenses when moving to Office 365 for example.
  • A CSP allows the LSP to determine their own pricing and can provide support for an inclusive / additional fee. Are you reviewing your options adequately?
  • Do you have seasonal staff increases? The CSP option allows for the number of licenses to be trued up or down on a monthly basis.
  • Price Protection – The CSP only provides for 12 months whereas the EA is for the 3 year term.
  • The EA allows for On-premises Server Installation Rights with Microsoft 365 E3/E5: Exchange, SharePoint, Skype for Business Servers. This is not available via the CSP for Microsoft 365 E3/E5 plans.

If you are unsure which agreement is best for your organisation, or would like an independent view of your options, then please do not hesitate to contact The SAM Club.

SAM Club Merry Christmas and a look back on the year – 2018

Merry Christmas - SAM Club 2018 update
Well the year is winding down, less than a week until Christmas. So, we thought we would do a roundup of the SAM Club’s year.

We have had a year of growth and are very excited for what 2019 will bring.

Some of our achievements:

• Increased our client base by 25%

• For 15% of our clients, we have assisted with and completed sign off for a Microsoft Compliance Review

• Worked with 28% of our clients on their Microsoft Enterprise Agreements – reviewing their installations, discussing their future requirements and advising on ideas / solutions. Including completely relicensing SQL Servers for 2 clients which resulted in large cost savings for them

In April we opened our new office at Kings Court, Stevenage. It’s a managed office with great facilities and services that we love working in. To coincide with the new office, we expanded our team to include our new Business Support Assistant, Neeley Casserly – who is helping to keep our clients’ licensing and SAM Workbooks up to date.

Some of our improved business processes:

• Implemented an online accounts system for the SAM Club

• We have now made the SAM Workbooks accessible via a link. So our clients can always see the latest version of their workbook in real time

• Installed Webroot to secure our laptops

• GDPR – as everyone had to tackle this year, we climbed the GDPR mountain, researched and implemented the required processes to ensure we are compliant

We have written more blog articles, providing our clients with regular updates on product lifecycles, new product releases, licensing changes and some great licensing tips. There will be more to come next year, and we have had some great feedback on the topics covered so far. Suggestions are always welcome.

Thank you to all our clients and partners, old and new for 2018. We wish you all a very Merry Christmas and a happy, healthy and prosperous New Year. We look forward to working with you all, for what will be a great 2019!

If you haven’t already signed up to receive our Blog updates then please sign up here.

Changes to Software Assurance benefits for Exchange 2019

The latest Microsoft Product Terms for November 2018, show some additional Software Assurance benefits for Exchange, see page 25. Microsoft update their Product Terms monthly and with the recent Microsoft product announcements, The SAM Club we have been looking for any useful information. We have found that the below benefits are now available for customers with active Software Assurance on Exchange 2019 products.

SAM Club Exchange Server 2019

4.1 Exchange Enterprise CAL with Services 2019 Supplemental Terms and Conditions

Exchange Server Enterprise CAL with active SA coverage includes the rights to Data Loss Prevention and Exchange Online Protection.

4.2 Exchange Online Voice Mail Service

Customers with active SA coverage for Exchange Server Standard 2019 or Exchange Server Enterprise 2019 may use the Exchange Online Voice Mail Service to access voice messages from Outlook. Use of this Online Service is subject to the OST

Exchange 2019 has recently been released by Microsoft, see more on our article about the release.

Microsoft announce the release of Exchange Server 2019, Skype for Business Server 2019, SharePoint Server 2019, and Project Server 2019

Microsoft Exchange Server 2019, Skype for Business Server 2019, SharePoint Server 2019, and Project Server 2019 are all now available to commercial customers. The products can now be downloaded from the Volume Licensing Service Center or the Business Center (MPSA)

SAM Club Microsoft Office 2019 Servers available

Some of the new features are listed below for these Servers, with links to more detailed release pages for each product.

Exchange Server 2019

Exchange Server 2019 includes scale and performance enhancements, new and improved search powered by Bing technology, new options to restrict the forwarding of meeting requests, and increased control over “out of office” settings.

Skype for Business Server 2019

Skype for Business Server 2019 provides on-premises and hybrid customers with additional security, quality, and performance features to improve the hybrid scenario.  New features include Cloud Voicemail, Cloud Call Data Connector, Streamlined Migration to Teams, and support for TLS 1.2.

SharePoint Server 2019

SharePoint Server 2019 brings the ease of use of SharePoint Online to on-premises customers.  For end users, the new release delivers modern libraries, lists, and communication sites.  IT professionals will see improved performance and scale with simplified management. And developers will now be able to build for both cloud and on-premise environments with deeper SharePoint Framework integration.

Project Server 2019

Project Server 2019 offers a robust end-to-end project and portfolio management solution, with strong collaboration capabilities powered by SharePoint Server 2019. Updates include enhancements to performance and scalability, improved reporting, and an expanded set of APIs.

The licensing models remain the same but please get in touch if you would like to understand more about your licensing options.

You can read about other recent releases from Microsoft for Office 2019 and Windows Server 2019 on our blog.

Source: https://techcommunity.microsoft.com/t5/Office-365-Blog/Office-2019-servers-available-for-commercial-customers/ba-p/275879