C01 office 365, DLP data loss preventions, privacy, compliance, regulations
-
Upload
edge-pereira -
Category
Presentations & Public Speaking
-
view
72 -
download
0
Transcript of C01 office 365, DLP data loss preventions, privacy, compliance, regulations
C01: Office 365 : Data leakage protection, privacy, compliance and regulations• #SPSParis C01• Edge Pereira• 30 Mai 2015 / May 30th, 2015
Merci aux sponsors!
Platinum
Gold / Or
Silver /
Argent
Organizers /
Organisateur
s
Thanks to our sponsors!
Raffl
e /
Tom
bola
“By far, the most common record type exposed in 2014 were passwords, followed by usernames, email addresses, and PII (name, address, SSN, DOB, phone number, etc.)…”
1 BillionCriminals are starting to favour PII over financial information, because it's easier to sell and leverage
Source: http://www.cio.com/article/2848593/data-breach/nearly-a-billion-records-were-compromised-in-2014.html
Records Compromised in 2014
“It was often said that people were the weakest link in any security chain—and that was true when attacks were less sophisticated. But today, no amount of education will stop hackers from getting into your network.”
$400Million
There were 2,122 confirmed data breaches in 2014
Source: http://www.forbes.com/sites/gilpress/2015/05/22/stopping-data-breaches-whose-job-is-it-anyway/
Losses Due to Data Breaches
“SCAMS strip Australians of at least $80 million a year and gathering a vault of personal information that can be used in fraud sprees.”
$80Million
Criminals are buying and selling names, addresses, birth dates, bank account and other personal details on the black market to commit identity fraud or find scam victims, a report warns.
Source: http://www.heraldsun.com.au/news/law-order/scammers-steal-80-million-a-year-and-personal-information-from-australians/story-fni0fee2-1227358157405
Individual Losses Due to Scammers
Click icon to add picture
Source: Gartner Report: IT Governance, Risk, and Compliance Management Solutions, http://www.gartner.com/resId=1884814
“Faced with never-ending and expanding regulatory and industry mandates, organizations invest tremendous amounts of energy on audit, compliance, controls, and (in some cases) risk management. At the same time, they seek to free staff resources from mundane tasks such as evidence gathering and simple reporting.”
• Introduction
• Importance of Regulatory and Compliance Controls
• Controls in Office 365
• Demos• Data Loss Prevention• eDiscovery• Auditing• Document Fingerprinting• Encrypted Email
Communications
Our Agenda for Today
• What is compliance?
• What does it mean to an ITPro?
• How can Office 365 help you?
• How to enable compliance controls?
Click to insert photo.
Why are we here?
Who’s Responsible for Data Breaches?
Source: http://www.forbes.com/sites/gilpress/2015/05/22/stopping-data-breaches-whose-job-is-it-anyway/
Compliance – What is it?
Australian Standard AS 3806-2006“The Standard provides principles for the development, implementation and maintenance of effective compliance programs within both public and private organisations. These principles are intended to help organisations identify and remedy any deficiencies in their compliance with laws, regulation and codes, and develop process for continual improvement in this area.”
Areas that fall into compliance scope
• Integrity and anti-fraud
• Bribery and corruption regulation
• Anti-trust and competition regulation
• Privacy regulation
Why do we need to take compliance seriously?
So what is Microsoft doing?Office 365 includes many features that support compliance processes, including
eDiscovery
Auditing
Encryption
Information Management
Policies
Records Management
Two faces of compliance in Office 365Built-in Office 365
capabilities (global compliance)
Customer controls for compliance/internal
policies• Access Control
• Auditing and Logging
• Continuity Planning
• Incident Response
• Risk Assessment
• Communications Protection
• Identification and Authorisation
• Information Integrity
• Awareness and Training
• Data Loss Prevention
• Archiving
• eDiscovery
• Encryption
• S/MIME
• Legal Hold
• Rights Management
What does your organisation get?
• Independent verification
• Regulatory compliance
• Peace of mind
• Improved governance
• Better risk management
• Avoiding prosecution
50%Of the IT organizations will use security services firms that specialize in data protection, security risk management and security infrastructure management to enhance their security postures
Source: http://www.gartner.com/newsroom/id/2828722
By 2018, Data Leakage Protection
What is meant by Data Loss Prevention?
Data loss/leak prevention solution is a system that is designed to detect potential data breach / data ex-filtration transmissions and prevent them by monitoring, detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage). “[1]
[1] http://en.wikipedia.org/wiki/Data_loss_prevention_software
Good definitionhttp://csrc.nist.gov/groups/SNS/rbac/documents/data-loss.pdf
• Operating System and Apps fully patched and up to date
• End-point security tools installed and correctly configured
• Firewall enabled and correctly configured
• Access to required applications only
• Access to “need to know” data
• Compliance Adherence Monitoring
In-use controls (end-point)
• Secure Connections - SSL
• Encryption - Transparent Data Encryption
• Auditing
• Information Management Policies (Retention)
• Access control
At-rest controls
Country PII Financial Health
USA US State Security Breach Laws,US State Social Security Laws, COPPA
GLBA & PCI-DSS (Credit, Debit Card, Checking andSavings, ABA, Swift Code)
Limited Investment: US HIPPA, UK Health Service,Canada Health Insurance card
Rely on Partners and ISVs
Germany EU data protection,Drivers License, Passport National Id
EU Credit, Debit Card,IBAN, VAT, BIC, Swift Code
UKData Protection Act,UK National Insurance, Tax Id, UK Driver License, Passport
EU Credit, Debit Card,IBAN, BIC, VAT, Swift Code
Canada PIPED Act,Social Insurance, Drivers License
Credit Card, Swift Code
FranceEU data protection, Data Protection Act,National Id (INSEE),Drivers License, Passport
EU Credit, Debit Card,IBAN, BIC, VAT,Swift Code
JapanPIPA, Resident Registration, Social Insurance, Passport, Driving License
Credit Card,Bank Account,Swift Code
Built-in DLP content areas
Establishing DLP
Design and implement• Determine sensitive information
types and related policies or regulations
• Establish policies to protect sensitive data
• Implement Office 365 DLP featuresOperate
• Detect sensitive data in email
• Detect sensitive data with document fingerprinting
• User awareness with Outlook Policy tips
What do we mean by eDiscovery?
“Electronic discovery (or e-discovery or eDiscovery) refers to discovery in civil litigation or government investigations which deals with the exchange of information in electronic format (often referred to as electronically stored information or ESI).”
Source: Wikipedia (http://en.wikipedia.org/wiki/Electronic_discovery)
eDiscovery ProcessFind relevant content (documents, emails, Lync conversions)DISCOVERY
PRESERVATIONPlace content on legal hold to prevent content modification and/or removal
Collect and send relevant content for processing
Prepare files for review
PRODUCTION
REVIEWLawyers determine which content will be supplied to opposition
Provide relevant content to opposition
COLLECTION
PROCESSING
SharePoint Template that creates a site customised for Case Management
• Assists the creation of “Cases”
• Grants specific user permissions to manage the Cases
• Identifies and Holds Exchange, SharePoint and OneDrive for Business data
• Searches and Exports data of interest
Office 365 eDiscovery Centre
Provide a high level of immutability by:
• Preserving data in source
• Protecting from deletion
• Protecting from tampering
Provides easy management via:
• Rich query, location and time based content target
• Across Exchange, Lync and SharePoint
• Using Exchange Admin or eDiscovery Centres
In-place Hold
Reporting and Auditing• Comprehensive view of DLP policy
performance• Downloadable Excel workbook• Drill into specific departures from policy to
gain business insights
SharePoint – Auditing Features
• SharePoint must have auditing enabled at a Site Collection level.
• Document and Items
• List, libraries and sites
Download directly from data source
Take the data offline as:
• Native files (.docs, .xlsx, etc)
• Outlook Personal Information Store (.pst)
• Web Archive (.MHT)
• Comma Separated Values (.csv)
• Lists or Feeds
• Electronic Discover Reference Model XML (v1.1)
Export for action
eDiscovery Considerations
• Roles• There will be a storage impacts• Recoverable Items quotas separate from mailbox
quotas and need to be monitored• In-Place Hold vs. Single Item Recovery vs. Retention
Hold• Hybrid data sources
• Content modifications
• Content type and list modifications
• Content viewing
• Deletion
• Custom reports
• Expiration and Disposition
• Policy modifications
• Auditing settings
• Security settings
eDiscovery Reports
Risk mitigation• Centrally managed proactive
enforcement • Reduced collection touch
points• Consistent and repeatable
Minimised business impact• Transparent to users• Minimises the need for
offline copies, until they are needed
• Instantly searchable/exportable
Lower cost!
Important Benefits
• Introduction
• Importance of Regulatory and Compliance Controls
• Controls in Office 365
• Demos• Data Loss Prevention• eDiscovery• Auditing• Document Fingerprinting• Encrypted Email
Communications
Wrap Up
Learn MoreTechEd 2014 Office 365 Security and Compliance
https://channel9.msdn.com/Events/TechEd/Australia/2014/OSS304
Office 365 Trust Centrehttp://office.microsoft.com/en-au/business/office-365-trust-center-cloud-computing-security-FX103030390.aspx
Office Blogshttp://blogs.office.com/2013/10/23/cloud-services-you-can-trust-security-compliance-and-privacy-in-office-365/
Governance, risk management, and compliance
http://en.wikipedia.org/wiki/Governance,_risk_management,_and_compliance
Office 365 Service Descriptions
http://technet.microsoft.com/en-us/library/jj819284%28v=technet.10%29
Useful Links
Thank you !
Merci !
Online evaluation formEvaluations en ligne
http://tinyurl.com/SPSParis2015
Content Analysis ProcessJoseph F. FosterVisa: 4485 3647 3952 7352Expires: 2/2012
Get Content
4485 3647 3952 7352 a 16 digit number is detected
RegEx Analysis
1. 4485 3647 3952 7352 matches checksum2. 1234 1234 1234 1234 does NOT match
Function Analysis
1. Keyword Visa is near the number2. A regular expression for date (2/2012)
is near the number
Additional Evidence
1. There is a regular expression that matches a check sum
2. Additional evidence increases confidenceVerdict
Office 365 Message Encryption – Encrypt messages to any SMTP address
Personal account statement from a financial institution
Information Rights Management – Encrypt content and restrict usage; usually within own organization or trusted partners
Internal company confidential memo
S/MIME – Sign and encrypt messages to users using certificates
Peer to peer signed communication within a government agency
Encryption Solutions in Office 365