C01: Office 365 : Data leakage protection, privacy, compliance and regulations• #SPSParis C01• Edge Pereira• 30 Mai 2015 / May 30th, 2015

Merci aux sponsors!

Platinum

Gold / Or

Silver /

Argent

Organizers /

Organisateur

s

Thanks to our sponsors!

Raffl

e /

Tom

bola

10% de remise avec le code SPSPa15 www.sharepointeurope.com

“By far, the most common record type exposed in 2014 were passwords, followed by usernames, email addresses, and PII (name, address, SSN, DOB, phone number, etc.)…”

1 BillionCriminals are starting to favour PII over financial information, because it's easier to sell and leverage

Source: http://www.cio.com/article/2848593/data-breach/nearly-a-billion-records-were-compromised-in-2014.html

Records Compromised in 2014

“It was often said that people were the weakest link in any security chain—and that was true when attacks were less sophisticated. But today, no amount of education will stop hackers from getting into your network.”

$400Million

There were 2,122 confirmed data breaches in 2014

Source: http://www.forbes.com/sites/gilpress/2015/05/22/stopping-data-breaches-whose-job-is-it-anyway/

Losses Due to Data Breaches

“SCAMS strip Australians of at least $80 million a year and gathering a vault of personal information that can be used in fraud sprees.”

$80Million

Criminals are buying and selling names, addresses, birth dates, bank account and other personal details on the black market to commit identity fraud or find scam victims, a report warns.

Source: http://www.heraldsun.com.au/news/law-order/scammers-steal-80-million-a-year-and-personal-information-from-australians/story-fni0fee2-1227358157405

Individual Losses Due to Scammers

Data Breaches

2005 20152007 2009 2011 2013 2014

Source: Liam Clearly BRK2142 Microsoft Ignite

Click icon to add picture

Source: Gartner Report: IT Governance, Risk, and Compliance Management Solutions, http://www.gartner.com/resId=1884814

“Faced with never-ending and expanding regulatory and industry mandates, organizations invest tremendous amounts of energy on audit, compliance, controls, and (in some cases) risk management. At the same time, they seek to free staff resources from mundane tasks such as evidence gathering and simple reporting.”

• Introduction

• Importance of Regulatory and Compliance Controls

• Controls in Office 365

• Demos• Data Loss Prevention• eDiscovery• Auditing• Document Fingerprinting• Encrypted Email

Communications

Our Agenda for Today

• What is compliance?

• What does it mean to an ITPro?

• How can Office 365 help you?

• How to enable compliance controls?

Click to insert photo.

Why are we here?

Who’s Responsible for Data Breaches?

Source: http://www.forbes.com/sites/gilpress/2015/05/22/stopping-data-breaches-whose-job-is-it-anyway/

Compliance – What is it?

Australian Standard AS 3806-2006“The Standard provides principles for the development, implementation and maintenance of effective compliance programs within both public and private organisations. These principles are intended to help organisations identify and remedy any deficiencies in their compliance with laws, regulation and codes, and develop process for continual improvement in this area.”

Areas that fall into compliance scope

• Integrity and anti-fraud

• Bribery and corruption regulation

• Anti-trust and competition regulation

• Privacy regulation

Why do we need to take compliance seriously?

Let’s look at Office 365 customer controls

Identify

Monitor Protect

Educate

So what is Microsoft doing?Office 365 includes many features that support compliance processes, including

eDiscovery

Auditing

Encryption

Information Management

Policies

Records Management

Two faces of compliance in Office 365Built-in Office 365

capabilities (global compliance)

Customer controls for compliance/internal

policies• Access Control

• Auditing and Logging

• Continuity Planning

• Incident Response

• Risk Assessment

• Communications Protection

• Identification and Authorisation

• Information Integrity

• Awareness and Training

• Data Loss Prevention

• Archiving

• eDiscovery

• Encryption

• S/MIME

• Legal Hold

• Rights Management

In practise, it looks like this

What does your organisation get?

• Independent verification

• Regulatory compliance

• Peace of mind

• Improved governance

• Better risk management

• Avoiding prosecution

Sara Aziz Janet DenisSales Finance Sales Manager Legal

Our Demo Participants

Data Loss Prevention

DEMO: Data Loss Prevention

50%Of the IT organizations will use security services firms that specialize in data protection, security risk management and security infrastructure management to enhance their security postures

Source: http://www.gartner.com/newsroom/id/2828722

By 2018, Data Leakage Protection

What is meant by Data Loss Prevention?

Data loss/leak prevention solution is a system that is designed to detect potential data breach / data ex-filtration transmissions and prevent them by monitoring, detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage). “[1]

[1] http://en.wikipedia.org/wiki/Data_loss_prevention_software

Good definitionhttp://csrc.nist.gov/groups/SNS/rbac/documents/data-loss.pdf

eDiscovery

DEMO: eDiscovery

• Operating System and Apps fully patched and up to date

• End-point security tools installed and correctly configured

• Firewall enabled and correctly configured

• Access to required applications only

• Access to “need to know” data

• Compliance Adherence Monitoring

In-use controls (end-point)

• Secure Connections - SSL

• Encryption - Transparent Data Encryption

• Auditing

• Information Management Policies (Retention)

• Access control

At-rest controls

Country PII Financial Health

USA US State Security Breach Laws,US State Social Security Laws, COPPA

GLBA & PCI-DSS (Credit, Debit Card, Checking andSavings, ABA, Swift Code)

Limited Investment: US HIPPA, UK Health Service,Canada Health Insurance card

Rely on Partners and ISVs

Germany EU data protection,Drivers License, Passport National Id

EU Credit, Debit Card,IBAN, VAT, BIC, Swift Code

UKData Protection Act,UK National Insurance, Tax Id, UK Driver License, Passport

EU Credit, Debit Card,IBAN, BIC, VAT, Swift Code

Canada PIPED Act,Social Insurance, Drivers License

Credit Card, Swift Code

FranceEU data protection, Data Protection Act,National Id (INSEE),Drivers License, Passport

EU Credit, Debit Card,IBAN, BIC, VAT,Swift Code

JapanPIPA, Resident Registration, Social Insurance, Passport, Driving License

Credit Card,Bank Account,Swift Code

Built-in DLP content areas

Establishing DLP

Design and implement• Determine sensitive information

types and related policies or regulations

• Establish policies to protect sensitive data

• Implement Office 365 DLP featuresOperate

• Detect sensitive data in email

• Detect sensitive data with document fingerprinting

• User awareness with Outlook Policy tips

What do we mean by eDiscovery?

“Electronic discovery (or e-discovery or eDiscovery) refers to discovery in civil litigation or government investigations which deals with the exchange of information in electronic format (often referred to as electronically stored information or ESI).”

Source: Wikipedia (http://en.wikipedia.org/wiki/Electronic_discovery)

eDiscovery ProcessFind relevant content (documents, emails, Lync conversions)DISCOVERY

PRESERVATIONPlace content on legal hold to prevent content modification and/or removal

Collect and send relevant content for processing

Prepare files for review

PRODUCTION

REVIEWLawyers determine which content will be supplied to opposition

Provide relevant content to opposition

COLLECTION

PROCESSING

SharePoint Template that creates a site customised for Case Management

• Assists the creation of “Cases”

• Grants specific user permissions to manage the Cases

• Identifies and Holds Exchange, SharePoint and OneDrive for Business data

• Searches and Exports data of interest

Office 365 eDiscovery Centre

Provide a high level of immutability by:

• Preserving data in source

• Protecting from deletion

• Protecting from tampering

Provides easy management via:

• Rich query, location and time based content target

• Across Exchange, Lync and SharePoint

• Using Exchange Admin or eDiscovery Centres

In-place Hold

Auditing

Reporting and Auditing• Comprehensive view of DLP policy

performance• Downloadable Excel workbook• Drill into specific departures from policy to

gain business insights

SharePoint – Auditing Features

• SharePoint must have auditing enabled at a Site Collection level.

• Document and Items

• List, libraries and sites

SharePoint Audit Reports

Find what you need• Real time search• Rich query capability (text, time, source)

Download directly from data source

Take the data offline as:

• Native files (.docs, .xlsx, etc)

• Outlook Personal Information Store (.pst)

• Web Archive (.MHT)

• Comma Separated Values (.csv)

• Lists or Feeds

• Electronic Discover Reference Model XML (v1.1)

Export for action

eDiscovery Considerations

• Roles• There will be a storage impacts• Recoverable Items quotas separate from mailbox

quotas and need to be monitored• In-Place Hold vs. Single Item Recovery vs. Retention

Hold• Hybrid data sources

DEMO: Document Fingerprinting

• Content modifications

• Content type and list modifications 

• Content viewing

• Deletion 

• Custom reports

• Expiration and Disposition 

• Policy modifications

• Auditing settings

• Security settings

eDiscovery Reports

Risk mitigation• Centrally managed proactive

enforcement • Reduced collection touch

points• Consistent and repeatable

Minimised business impact• Transparent to users• Minimises the need for

offline copies, until they are needed

• Instantly searchable/exportable

Lower cost!

Important Benefits

DEMO: Encrypted EmailCommunications

Q & A

• Introduction

• Importance of Regulatory and Compliance Controls

• Controls in Office 365

• Demos• Data Loss Prevention• eDiscovery• Auditing• Document Fingerprinting• Encrypted Email

Communications

Wrap Up

Learn MoreTechEd 2014 Office 365 Security and Compliance

https://channel9.msdn.com/Events/TechEd/Australia/2014/OSS304

Office 365 Trust Centrehttp://office.microsoft.com/en-au/business/office-365-trust-center-cloud-computing-security-FX103030390.aspx

Office Blogshttp://blogs.office.com/2013/10/23/cloud-services-you-can-trust-security-compliance-and-privacy-in-office-365/

Governance, risk management, and compliance

http://en.wikipedia.org/wiki/Governance,_risk_management,_and_compliance

Office 365 Service Descriptions

http://technet.microsoft.com/en-us/library/jj819284%28v=technet.10%29

Useful Links

Thank you !

Merci !

Online evaluation formEvaluations en ligne

http://tinyurl.com/SPSParis2015

DLP extensibility points

Content Analysis ProcessJoseph F. FosterVisa: 4485 3647 3952 7352Expires: 2/2012

Get Content

4485 3647 3952 7352 a 16 digit number is detected

RegEx Analysis

1. 4485 3647 3952 7352 matches checksum2. 1234 1234 1234 1234 does NOT match

Function Analysis

1. Keyword Visa is near the number2. A regular expression for date (2/2012)

is near the number

Additional Evidence

1. There is a regular expression that matches a check sum

2. Additional evidence increases confidenceVerdict

Office 365 Message Encryption – Encrypt messages to any SMTP address

Personal account statement from a financial institution

Information Rights Management – Encrypt content and restrict usage; usually within own organization or trusted partners

Internal company confidential memo

S/MIME – Sign and encrypt messages to users using certificates

Peer to peer signed communication within a government agency

Encryption Solutions in Office 365

Registry Key Outlook Client