Follow me on Twitter @AntonioMaio2

Tuesday, May 5, 2015

Notes from Microsoft Ignite
Enterprise Grade Data Protection in Office 365 Today and Beyond

Microsoft Ignite is proving to be an exciting conference with new technologies and announcements about how Microsoft is evolving their technology stack to help us collaborate in new and better ways. I'm at the conference attending sessions on security, data protection, migration and other topics and want to share my notes so that they may be a resource to others as well.

Presented: Tuesday May 5, 2015
  • Rudra Mitra, Office 365 Information Protection Team, Microsoft
  • Levon Esibov, Office 365 Group Program Manager of Information Protection
  • Kamal Janardhan, Office 365 Group Program Manager of Information Protection
  • Asfa Kashi, Office 365 Group Program Manager of Information Protection

The New Era of Information Protection is Here!

- The team started with the question: "How can I protect my data?"
- Showing/Demoing a lot of early progress, early code here
- Microsoft is considering both inadvertent/accidental data leakage and adversarial/malicious hacking

  • Built in security
  • Privacy by design
  • Continuous compliance

- These are table stakes for any cloud service!
- Need to consider: how do I build more trust for where my data is going

Information Protection solutions result typically in providing Operational Controls to IT Professionals!

Information Protection Considerations

1. People's work expectations
  • Data which used to be within our organizational boundaries - now we need ot think about where is my data going
  • Information explosion- next decade man kinds data will increase 44 times; number of IT pros will only grow by 1.4 times
  • 87% of senior managers admin to regularly uploading work files to personal email or cloud accounts
  • 58% have accidentally sent info to the wrong person
  • Devices are outnumbering people: 20B by 2020
  • Think of your data flowing through a network

2. Threat Landscape
  • How is this data valuable to others?
  • 3525 known security breaches between Apr 2005 and Dec 2012 (only those disclosed) - probably 10x more
  • 600 M breached records in US
  • (average) cost of 1 breached record $194

3. Industry regulations and standards
  • How do I need to comply with the regulations that are important for my business
  • 90% us corp currently engaged in litigation
  • 147 average number of active lawsuits for companies larger than $1B
  • $1M average per case cost of eDiscovery
  • Change is constant - how do I stay ahead of all these concepts?

- Microsoft Promise: everywhere your data exists, moves, and is shared, we will protect it
- Protecting data from a compliance point of view and security point of view, no matter where it lives and where it flows

Office 365 Unique Approach

- Pervasive - Built in compliance and security foundation with unified experiences across services and applications
  • Built into O365 and with unified policy management
  • Available across services and applications in different platforms
  • Policy tied to data, travels with data - Author policies once!
  • Have policies flow with the data, across applications
  • Don't have to think of policy separately for SharePoint, Exchange, Office documents, etc.

- Transparent 0 Proactive Visibility into data and activities with your data
  • IT can quickly and accurately discover data required for compliance
  • Organizations have visibility into user and operation events impacting data
  • Organizations can import and correlate operational events across multiple services themselves or with the help of partners

- People-centric - people are part of the solution and involved in maintaining security and compliance
  • Ensure that worker productivity is not compromised at the cost of compliance and security - enable productivity while providing security
  • Corporate data will be accessed and available on personal devices
  • Train users is important and providing them with build in protection - train them in context

- Who are our users?
  • Business decision/IT decision maker
  • Compliance Officer
  • IT Administrators - How do I meet the security need for the data? How do I better serve my users?
  • Information Workers/Small Businesses

DEMO: (IT Administrator) Office 365 Compliance Center

- Archiving Mailboxes - very simple to archive mailbox of a user with single click
  • Don't need to import data or ensure data is sync'ed
  • Already existing feature - what's new?!
  • Moving forward: Exchange will automatically scale mailboxes when start to approach limit/threshold

- Preservation Policy - need to ensure a specific user's information/communications are preserved even if he tries to delete them
  • Can configure preservation of SharePoint and OneDrive for business site as well
  • Can specify keywords and start/end dates as part of policies
  • Once configured, policy will be applied across multiple workloads (exchange, SharePoint, Skype for Business, OneDrive for Business)
  • Can manage retention tags, policies

- Advanced Threat Protection
  • If enabled, suspected attachments or malware from email will be detonated in a safe sandbox
  • Can enable monitor, block or replace mode
  • Sharing suspected malware with clients - Can configure an admin's mailbox that will receive a sample of the email or attachment that was considered malicious; which was detonated in the sandbox

- Safe links - evaluates reputation of URLs as emails pass thru their system
  • If suspected unsafe link, will replace URL in an email once it arrives in O365 so that when clicked by end users will take them to O365 site describing unsafe URL
  • Admin can specify exceptions (ex. don't replace URLs with
  • Admin can configure if user should be warned or blocked
  • Can track and trace all URLs, all sites clicked on by end users

- URL Trace Site
  • Can discover, who in a given period of time, clicked on a particular link - and can search by link
  • Can see a comprehensive list of all URLs clicked by end users
  • If users fall victim to a phishing attack, can discover which other internal users may have also fallen victim by the same attack!

  • Compliance Center
  • Automatic Archive Scaling
  • Advanced Thread Protection - General Availability in June 2015

DEMO: (Compliance Officer) Office 365 Compliance Center

- How do I get my existing data into Office 365 and into the Compliance Boundary (PST files, mail archives, Facebook or twitter feeds, etc.)

- Announcement: Enabling drive shipping for email content into O365
  • Ship data on a physical drive to Microsoft, in order to get existing data into the Compliance Boundary
  • Data is encrypted with a key that client defines/owns as part of drive preparation
  • Create a mapping file; Get FedEx routing number - all within Compliance Center

- Compliance Search capability
  • Across Exchange, SharePoint, OneDrive and Skype for Business, and extending search into the shipped physical data drive
  • Ex. Was anything with a specific keyword shared out of the organization?
  • In search results, can scroll through messages, documents, get previews and see search keywords highlighted
  • Allows large amounts of data to be analyzed

- Partner: Equiveo Zoom E-Discovery Solution
  • Can search not only for individual results, but also for themes (ex. contract negotiations, agreements
  • Can see overlap between themes
  • Can then narrow down by year once have an already narrowed down scope
  • Can narrow down content quickly without having to review every piece of content

- Announcement; Office 365 Activity Report
  • New pipeline - any action taken within any workload is now stored within a new Compliance Store
  • Data is exposed through the activity report experience (searches every single action taken by SharePoint, Exchange, OneDrive)

- How do you answer the questions:
  • What did this user do within 365?
  • What did this document have done to it within O365?
  • Allow data to be accessbile to partners and clients

- Announcement: Office 365 Activity API
  • With single API end point will be able to export, search, stream all activity data within O365
  • Can use Microsoft's experience or partner experiences or your own
  • Partner: BetterCloud - console showing actions done within O365 to content; provides an admin dashboard; who are admins that have global permissions
  • See all actions taken within last hour or less
  • Can see activity or lifecycle of a piece of content

Partner: Loric
  • Console which shows you anomalies in your system (ex. 100 failed logons, users/document violating policy, document/user sharing content and correlation of anomalies
  • Shows threats or slight deviations from normal behaviors
  • Can graph anomalies across time (failed logons over time) and correlate with other activities like logon from geographic locations, and content being shared outside or mail going outside the organization

- Client always owns their data - Microsoft is just the custodian of that data.

  • Drive Shipping for O365
  • O365 eDiscovery
  • Auditing for AAD
  • Auditing API

Demo: (IT Admins) Office 365 Compliance Center

- Office 365 DLP policies (in limited preview today)
  • Many built in policies
  • Sensitive types built in - don't have to be an expert in compliance standards
  • Can tune policies to the organization if needed
  • PCI-DSS policies - looking at 1 rule - notification and policy tips
  • Can configure a notification to be sent when a policy is violated (can notify site owner, IT admins, compliance officer) and display a policy tip
  • Can enable policy override to make impromptu policy decisions in specific cases
  • As you attach documents to emails, attachments are automatically scanned before sending email and policy tip will be automatically displayed (same as Exchange 2013)
  • System will block sensitive attachments to be sent - policy tips now appearing in SharePoint and OneDrive
  • Blocked email notification has link to take you to SharePoint to the document - policy tip displayed in SharePoint when following the link
  • Policy Action will lock down the document in OneDrive for Business or SharePoint
  • OWA also displays Policy warnings and enforces policy actions (lock down)
  • Client Office Apps (Word, Excel, PowerPoint) also display policy workings and enforce policy actions (lockdown)
  • DLP policies enforced across all O365 workloads
  • Personal devices (iPad, IOS devices, Windows devices)
  • Can keep personal and corporate data separate
  • Can remotely wipe corporate data when leaving organization and leave personal data intact
  • Safe Links - When clicking links, DLP policies are enforced - users taken to Microsoft site protecting them from the malicious link

You can watch the entire presentation here:


No comments:

Post a Comment