Edge Pereira [email protected]
Office 365 : Data leakage control, privacy, compliance and regulations in the cloud
Jul 16, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Our Agenda for Today (plan)
• Data Loss Prevention• eDiscovery• Auditing• Document Fingerprinting• Encrypted Emails
Source: Gartner Report: IT Governance, Risk, and Compliance Management Solutions, http://www.gartner.com/resId=1884814
“Faced with never-ending and expanding regulatory and industry mandates, organizations invest tremendous amounts of energy on audit, compliance, controls, and (in some cases) risk management. At the same time, they seek to free staff resources from mundane tasks such as evidence gathering and simple reporting.”
“By far, the most common record type exposed in 2014 were passwords, followed by usernames, email addresses, and PII (name, address, SSN, DOB, phone number, etc.)…”
1 BillionCriminals are starting to favor PII over financial information, because it's easier to sell and leverage
Source: http://www.cio.com/article/2848593/data-breach/nearly-a-billion-records-were-compromised-in-2014.html
Records Compromised in 2014
Why are we here?
Compliance – What is it?
Why do we need to take compliance seriously?
So what is Microsoft doing?
eDiscovery
Auditing
Encryption
Information Management
Policies
Records Management
Two faces of compliance in Office 365
Built-in Office 365 capabilities (global compliance)
Customer controls for compliance/internal policies
• Access Control
• Auditing and Logging
• Continuity Planning
• Incident Response
• Risk Assessment
• Communications Protection
• Identification and Authorisation
• Information Integrity
• Awareness and Training
• Data Loss Prevention
• Archiving
• eDiscovery
• Encryption
• S/MIME
• Legal Hold
• Rights Management
In practise, it looks like this
What does your organisation get?
•
•
•
•
•
•
So what does all that boil down to for ITPro’s?
It is all about customer controls!
Remembering
“A control is a process, function, in fact anything that supports maintaining compliance”
Lets look at Office 365 customer controls
Identify Monitor Protect Educate
Data Loss Prevention
50%Of the IT organizations will use security services firms that specialize in data protection, security risk management and security infrastructure management to enhance their security postures
Source: http://www.gartner.com/newsroom/id/2828722
By 2018, Data Leakage Protection
What is meant by Data Loss Prevention?
in-use (endpoint actions) in-motion (network traffic) at-rest (data storage)
[1] http://en.wikipedia.org/wiki/Data_loss_prevention_software
“Quotation...”Good definition
http://csrc.nist.gov/groups/SNS/rbac/documents/data-loss.pdf
In-use controls (end-point)
• Operating System and Apps fully patched and up to date • End-point security tools installed and correctly configured• Firewall enabled and correctly configured• Access to required applications only• Access to “need to know” data• Compliance Adherence Monitoring
At-rest controls
Country PII Financial Health
USAUS State Security Breach Laws,US State Social Security Laws, COPPA
GLBA & PCI-DSS (Credit, Debit Card, Checking andSavings, ABA, Swift Code)
Limited Investment: US HIPPA, UK Health Service,Canada Health Insurance card
Rely on Partners and ISVs
GermanyEU data protection,Drivers License, Passport National Id
EU Credit, Debit Card,IBAN, VAT, BIC, Swift Code
UKData Protection Act,UK National Insurance, Tax Id, UKDriver License, Passport
EU Credit, Debit Card,IBAN, BIC, VAT, Swift Code
CanadaPIPED Act,Social Insurance, Drivers License
Credit Card,Swift Code
France
EU data protection, Data Protection Act,National Id (INSEE),Drivers License, Passport
EU Credit, Debit Card,IBAN, BIC, VAT,Swift Code
JapanPIPA, Resident Registration, Social Insurance, Passport, Driving License
Credit Card,Bank Account,Swift Code
Establishing DLP
•
•
•
Australian sensitive information types provided by Microsoft
• Bank Account Number• Driver's License Number• Medicare Account
Number• Passport Number• Tax File Number
DEMO: Data Loss Prevention
eDiscovery
What do we means by eDiscovery?
[2] Wikipedia (http://en.wikipedia.org/wiki/Electronic_discovery)
eDiscovery Process
Find relevant content (documents, emails, Lync conversions)DISCOVERY
PRESERVATION
Place content on legal hold to prevent content modificationand/or removal
Collect and send relevant content for processing
Prepare files for review
PRODUCTION
REVIEW
Lawyers determine which content will be supplied to opposition
Provide relevant content to opposition
COLLECTION
PROCESSING
Office 365 eDiscovery Centre
In-place Hold
Find what you need
•
•
Export for action
eDiscovery Considerations
• Recoverable Items quotas separate from mailbox quotas and need to be monitored
• In-Place Hold vs. Single Item Recovery vs. Retention Hold• Hybrid data sources
eDiscovery Reports
Important Benefits
• Centrally managed proactive enforcement
• Reduced collection touch points
• Consistent and repeatable
• Transparent to users
• Minimises the need for offline copies, until they are needed
• Instantly searchable/exportable
DEMO: eDiscovery
Auditing
Reporting and Auditing
SharePoint – Auditing Features
SharePoint Audit Reports
DEMO: Document Fingerprinting
DEMO: Encrypted Email
Q & A
Wrap Up
• Data Loss Prevention• eDiscovery• Auditing• Document Fingerprinting• Encrypted Emails
Learn More
TechEd 2014 Office 365 Security and Compliance
https://channel9.msdn.com/Events/TechEd/Australia/2014/OSS304
Office 365 Trust Centrehttp://office.microsoft.com/en-au/business/office-365-trust-center-cloud-computing-security-FX103030390.aspx
Office Blogshttp://blogs.office.com/2013/10/23/cloud-services-you-can-trust-security-compliance-and-privacy-in-office-365/
Governance, risk management, and compliance
http://en.wikipedia.org/wiki/Governance,_risk_management,
_and_compliance
Office 365 Service Descriptions
http://technet.microsoft.com/en-
us/library/jj819284%28v=technet.10%29
Useful Links
DLP extensibility points
Content Analysis Process
Content analysis process
Joseph F. FosterVisa: 4485 3647 3952 7352Expires: 2/2012
Get Content
4485 3647 3952 7352 a 16 digit number is detected
RegEx Analysis
1. 4485 3647 3952 7352 matches checksum2. 1234 1234 1234 1234 does NOT match
Function Analysis
1. Keyword Visa is near the number2. A regular expression for date (2/2012)
is near the number
AdditionalEvidence
1. There is a regular expression that matches a check sum
2. Additional evidence increases confidenceVerdict
Office 365 Message Encryption – Encrypt messages to any SMTP address
Information Rights Management – Encrypt content and restrict usage; usually within own organization or trusted partners
S/MIME – Sign and encrypt messages to users using certificates
Encryption Solutions in Office 365
Registry Key Outlook Client
Related Documents
