Presented: Tuesday May 5, 2015
Presenters:
- Rudra Mitra, Office 365 Information Protection Team, Microsoft
- Levon Esibov, Office 365 Group Program Manager of Information Protection
- Kamal Janardhan, Office 365 Group Program Manager of Information Protection
- Asfa Kashi, Office 365 Group Program Manager of Information Protection
The New Era of Information Protection is Here!
- The team started with the question: "How can I protect my data?"- Showing/Demoing a lot of early progress, early code here
- Microsoft is considering both inadvertent/accidental data leakage and adversarial/malicious hacking
Trust
- Built in security
- Privacy by design
- Continuous compliance
- These are table stakes for any cloud service!
- Need to consider: how do I build more trust for where my data is going
Information Protection solutions result typically in providing Operational Controls to IT Professionals!
Information Protection Considerations
1. People's work expectations
- Data which used to be within our organizational boundaries - now we need ot think about where is my data going
- Information explosion- next decade man kinds data will increase 44 times; number of IT pros will only grow by 1.4 times
- 87% of senior managers admin to regularly uploading work files to personal email or cloud accounts
- 58% have accidentally sent info to the wrong person
- Devices are outnumbering people: 20B by 2020
- Think of your data flowing through a network
2. Threat Landscape
- How is this data valuable to others?
- 3525 known security breaches between Apr 2005 and Dec 2012 (only those disclosed) - probably 10x more
- 600 M breached records in US
- (average) cost of 1 breached record $194
3. Industry regulations and standards
- How do I need to comply with the regulations that are important for my business
- 90% us corp currently engaged in litigation
- 147 average number of active lawsuits for companies larger than $1B
- $1M average per case cost of eDiscovery
- Change is constant - how do I stay ahead of all these concepts?
- Microsoft Promise: everywhere your data exists, moves, and is shared, we will protect it
- Protecting data from a compliance point of view and security point of view, no matter where it lives and where it flows
Office 365 Unique Approach
- Pervasive - Built in compliance and security foundation with unified experiences across services and applications- Built into O365 and with unified policy management
- Available across services and applications in different platforms
- Policy tied to data, travels with data - Author policies once!
- Have policies flow with the data, across applications
- Don't have to think of policy separately for SharePoint, Exchange, Office documents, etc.
- Transparent 0 Proactive Visibility into data and activities with your data
- IT can quickly and accurately discover data required for compliance
- Organizations have visibility into user and operation events impacting data
- Organizations can import and correlate operational events across multiple services themselves or with the help of partners
- People-centric - people are part of the solution and involved in maintaining security and compliance
- Ensure that worker productivity is not compromised at the cost of compliance and security - enable productivity while providing security
- Corporate data will be accessed and available on personal devices
- Train users is important and providing them with build in protection - train them in context
- Who are our users?
- Business decision/IT decision maker
- Compliance Officer
- IT Administrators - How do I meet the security need for the data? How do I better serve my users?
- Information Workers/Small Businesses
DEMO: (IT Administrator) Office 365 Compliance Center
- Archiving Mailboxes - very simple to archive mailbox of a user with single click- Don't need to import data or ensure data is sync'ed
- Already existing feature - what's new?!
- Moving forward: Exchange will automatically scale mailboxes when start to approach limit/threshold
- Preservation Policy - need to ensure a specific user's information/communications are preserved even if he tries to delete them
- Can configure preservation of SharePoint and OneDrive for business site as well
- Can specify keywords and start/end dates as part of policies
- Once configured, policy will be applied across multiple workloads (exchange, SharePoint, Skype for Business, OneDrive for Business)
- Can manage retention tags, policies
- Advanced Threat Protection
- If enabled, suspected attachments or malware from email will be detonated in a safe sandbox
- Can enable monitor, block or replace mode
- Sharing suspected malware with clients - Can configure an admin's mailbox that will receive a sample of the email or attachment that was considered malicious; which was detonated in the sandbox
- Safe links - evaluates reputation of URLs as emails pass thru their system
- If suspected unsafe link, will replace URL in an email once it arrives in O365 so that when clicked by end users will take them to O365 site describing unsafe URL
- Admin can specify exceptions (ex. don't replace URLs with microsoft.com)
- Admin can configure if user should be warned or blocked
- Can track and trace all URLs, all sites clicked on by end users
- URL Trace Site
- Can discover, who in a given period of time, clicked on a particular link - and can search by link
- Can see a comprehensive list of all URLs clicked by end users
- If users fall victim to a phishing attack, can discover which other internal users may have also fallen victim by the same attack!
Announcements
- Compliance Center
- Automatic Archive Scaling
- Advanced Thread Protection - General Availability in June 2015
DEMO: (Compliance Officer) Office 365 Compliance Center
- How do I get my existing data into Office 365 and into the Compliance Boundary (PST files, mail archives, Facebook or twitter feeds, etc.)- Announcement: Enabling drive shipping for email content into O365
- Ship data on a physical drive to Microsoft, in order to get existing data into the Compliance Boundary
- Data is encrypted with a key that client defines/owns as part of drive preparation
- Create a mapping file; Get FedEx routing number - all within Compliance Center
- Compliance Search capability
- Across Exchange, SharePoint, OneDrive and Skype for Business, and extending search into the shipped physical data drive
- Ex. Was anything with a specific keyword shared out of the organization?
- In search results, can scroll through messages, documents, get previews and see search keywords highlighted
- Allows large amounts of data to be analyzed
- Partner: Equiveo Zoom E-Discovery Solution
- Can search not only for individual results, but also for themes (ex. contract negotiations, agreements
- Can see overlap between themes
- Can then narrow down by year once have an already narrowed down scope
- Can narrow down content quickly without having to review every piece of content
- Announcement; Office 365 Activity Report
- New pipeline - any action taken within any workload is now stored within a new Compliance Store
- Data is exposed through the activity report experience (searches every single action taken by SharePoint, Exchange, OneDrive)
- How do you answer the questions:
- What did this user do within 365?
- What did this document have done to it within O365?
- Allow data to be accessbile to partners and clients
- Announcement: Office 365 Activity API
- With single API end point will be able to export, search, stream all activity data within O365
- Can use Microsoft's experience or partner experiences or your own
- Partner: BetterCloud - console showing actions done within O365 to content; provides an admin dashboard; who are admins that have global permissions
- See all actions taken within last hour or less
- Can see activity or lifecycle of a piece of content
Partner: Loric
- Console which shows you anomalies in your system (ex. 100 failed logons, users/document violating policy, document/user sharing content and correlation of anomalies
- Shows threats or slight deviations from normal behaviors
- Can graph anomalies across time (failed logons over time) and correlate with other activities like logon from geographic locations, and content being shared outside or mail going outside the organization
- Client always owns their data - Microsoft is just the custodian of that data.
Summary:
- Drive Shipping for O365
- O365 eDiscovery
- Auditing for AAD
- Auditing API
Demo: (IT Admins) Office 365 Compliance Center
- Office 365 DLP policies (in limited preview today)- Many built in policies
- Sensitive types built in - don't have to be an expert in compliance standards
- Can tune policies to the organization if needed
- PCI-DSS policies - looking at 1 rule - notification and policy tips
- Can configure a notification to be sent when a policy is violated (can notify site owner, IT admins, compliance officer) and display a policy tip
- Can enable policy override to make impromptu policy decisions in specific cases
- As you attach documents to emails, attachments are automatically scanned before sending email and policy tip will be automatically displayed (same as Exchange 2013)
- System will block sensitive attachments to be sent - policy tips now appearing in SharePoint and OneDrive
- Blocked email notification has link to take you to SharePoint to the document - policy tip displayed in SharePoint when following the link
- Policy Action will lock down the document in OneDrive for Business or SharePoint
- OWA also displays Policy warnings and enforces policy actions (lock down)
- Client Office Apps (Word, Excel, PowerPoint) also display policy workings and enforce policy actions (lockdown)
- DLP policies enforced across all O365 workloads
- Personal devices (iPad, IOS devices, Windows devices)
- Can keep personal and corporate data separate
- Can remotely wipe corporate data when leaving organization and leave personal data intact
- Safe Links - When clicking links, DLP policies are enforced - users taken to Microsoft site protecting them from the malicious link
You can watch the entire presentation here: http://channel9.msdn.com/Events/Ignite/2015/BRK2159
Enjoy!
-Antonio
No comments:
Post a Comment