SlideShare uma empresa Scribd logo

Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Compliance regulations

Transferir como PPTX, PDF
Edge Pereira
Edge Pereira
Apresentações e oratória
1 de 53
C01: Office 365 : Data leakage protection, privacy, compliance and regulations • #SPSParis C01 • Edge Pereira • 30 Mai 2015 / May 30th, 2015
Merci aux sponsors!Platinum Gold/ Or Silver/ Argent Organizers/ Organisateurs Thanks to our sponsors! Raffle/ Tombola
10% de remise avec le code SPSPa15www.sharepointeurope.com
“By far, the most common record type exposed in 2014 were passwords, followed by usernames, email addresses, and PII (name, address, SSN, DOB, phone number, etc.)…” 1 Billion Criminals are starting to favour PII over financial information, because it's easier to sell and leverage Source: http://www.cio.com/article/2848593/data-breach/nearly-a-billion-records-were-compromised-in-2014.html Records Compromised in 2014
“It was often said that people were the weakest link in any security chain—and that was true when attacks were less sophisticated. But today, no amount of education will stop hackers from getting into your network.” $400 Million There were 2,122 confirmed data breaches in 2014 Source: http://www.forbes.com/sites/gilpress/2015/05/22/stopping-data-breaches-whose-job-is-it-anyway/ Losses Due to Data Breaches
“SCAMS strip Australians of at least $80 million a year and gathering a vault of personal information that can be used in fraud sprees.” $80 Million Criminals are buying and selling names, addresses, birth dates, bank account and other personal details on the black market to commit identity fraud or find scam victims, a report warns. Source: http://www.heraldsun.com.au/news/law-order/scammers-steal-80-million-a-year-and-personal-information-from-australians/story-fni0fee2-1227358157405 Individual Losses Due to Scammers
Data Breaches Source: Liam Clearly BRK2142 Microsoft Ignite
Source: Gartner Report: IT Governance, Risk, and Compliance Management Solutions, http://www.gartner.com/resId=1884814 “Faced with never-ending and expanding regulatory and industry mandates, organizations invest tremendous amounts of energy on audit, compliance, controls, and (in some cases) risk management. At the same time, they seek to free staff resources from mundane tasks such as evidence gathering and simple reporting.”
• Introduction • Importance of Regulatory and Compliance Controls • Controls in Office 365 • Demos • Data Loss Prevention • eDiscovery • Auditing • Document Fingerprinting • Encrypted Email Communications Our Agenda for Today
Why are we here?
Source: http://www.forbes.com/sites/gilpress/2015/05/22/stopping-data-breaches-whose-job-is-it-anyway/
Compliance – What is it?
Why do we need to take compliance seriously?
Let’s look at Office 365 customer controls Identify Monitor Protect Educate
So what is Microsoft doing? eDiscovery Auditing Encryption Information Management Policies Records Management
Two faces of compliance in Office 365 Built-in Office 365 capabilities (global compliance) Customer controls for compliance/internal policies • Access Control • Auditing and Logging • Continuity Planning • Incident Response • Risk Assessment • Communications Protection • Identification and Authorisation • Information Integrity • Awareness and Training • Data Loss Prevention • Archiving • eDiscovery • Encryption • S/MIME • Legal Hold • Rights Management
In practise, it looks like this
What does your organisation get? • Independent verification • Regulatory compliance • Peace of mind • Improved governance • Better risk management • Avoiding prosecution
Sara Aziz Janet Denis Sales Finance Sales Manager Legal Our Demo Participants
Data Loss Prevention
DEMO: Data Loss Prevention
50% Of the IT organizations will use security services firms that specialize in data protection, security risk management and security infrastructure management to enhance their security postures Source: http://www.gartner.com/newsroom/id/2828722 By 2018, Data Leakage Protection
What is meant by Data Loss Prevention? in-use (endpoint actions) in-motion (network traffic) at-rest (data storage) [1] http://en.wikipedia.org/wiki/Data_loss_prevention_software Good definition http://csrc.nist.gov/groups/SNS/rbac/documents/data-loss.pdf
eDiscovery
DEMO: eDiscovery
• Operating System and Apps fully patched and up to date • End-point security tools installed and correctly configured • Firewall enabled and correctly configured • Access to required applications only • Access to “need to know” data • Compliance Adherence Monitoring In-use controls (end-point)
At-rest controls
Country PII Financial Health USA US State Security Breach Laws, US State Social Security Laws, COPPA GLBA & PCI-DSS (Credit, Debit Card, Checking and Savings, ABA, Swift Code) Limited Investment: US HIPPA, UK Health Service, Canada Health Insurance card Rely on Partners and ISVs Germany EU data protection, Drivers License, Passport National Id EU Credit, Debit Card, IBAN, VAT, BIC, Swift Code UK Data Protection Act, UK National Insurance, Tax Id, UK Driver License, Passport EU Credit, Debit Card, IBAN, BIC, VAT, Swift Code Canada PIPED Act, Social Insurance, Drivers License Credit Card, Swift Code France EU data protection, Data Protection Act, National Id (INSEE), Drivers License, Passport EU Credit, Debit Card, IBAN, BIC, VAT, Swift Code Japan PIPA, Resident Registration, Social Insurance, Passport, Driving License Credit Card, Bank Account, Swift Code Built-in DLP content areas
Establishing DLP Design and implement • Determine sensitive information types and related policies or regulations • Establish policies to protect sensitive data • Implement Office 365 DLP features Operate • Detect sensitive data in email • Detect sensitive data with document fingerprinting • User awareness with Outlook Policy tips
What do we mean by eDiscovery? Source: Wikipedia (http://en.wikipedia.org/wiki/Electronic_discovery)
eDiscovery Process Find relevant content (documents, emails, Lync conversions)DISCOVERY PRESERVATION Place content on legal hold to prevent content modification and/or removal Collect and send relevant content for processing Prepare files for review PRODUCTION REVIEW Lawyers determine which content will be supplied to opposition Provide relevant content to opposition COLLECTION PROCESSING
Office 365 eDiscovery Centre
In-place Hold
Auditing
Reporting and Auditing
SharePoint – Auditing Features
SharePoint Audit Reports
Find what you need • •
Export for action
eDiscovery Considerations • Recoverable Items quotas separate from mailbox quotas and need to be monitored • In-Place Hold vs. Single Item Recovery vs. Retention Hold • Hybrid data sources
DEMO: Document Fingerprinting
eDiscovery Reports
Risk mitigation • Centrally managed proactive enforcement • Reduced collection touch points • Consistent and repeatable Minimised business impact • Transparent to users • Minimises the need for offline copies, until they are needed • Instantly searchable/exportable Lower cost! Important Benefits
DEMO: Encrypted Email Communications
Q & A
• Introduction • Importance of Regulatory and Compliance Controls • Controls in Office 365 • Demos • Data Loss Prevention • eDiscovery • Auditing • Document Fingerprinting • Encrypted Email Communications Wrap Up
Learn More TechEd 2014 Office 365 Security and Compliance https://channel9.msdn.com/Events/TechEd/Australia/2014/OSS 304 Office 365 Trust Centre http://office.microsoft.com/en-au/business/office-365-trust- center-cloud-computing-security-FX103030390.aspx Office Blogs http://blogs.office.com/2013/10/23/cloud-services-you-can- trust-security-compliance-and-privacy-in-office-365/ Governance, risk management, and compliance http://en.wikipedia.org/wiki/Governance,_risk_management, _and_compliance Office 365 Service Descriptions http://technet.microsoft.com/en- us/library/jj819284%28v=technet.10%29 Useful Links
Thank you ! Merci ! Online evaluation form Evaluations en ligne http://tinyurl.com/SPSParis2015
DLP extensibility points
Content Analysis Process Joseph F. Foster Visa: 4485 3647 3952 7352 Expires: 2/2012 Get Content 4485 3647 3952 7352  a 16 digit number is detected RegEx Analysis 1. 4485 3647 3952 7352  matches checksum 2. 1234 1234 1234 1234  does NOT match Function Analysis 1. Keyword Visa is near the number 2. A regular expression for date (2/2012) is near the number Additional Evidence 1. There is a regular expression that matches a check sum 2. Additional evidence increases confidence Verdict
Office 365 Message Encryption – Encrypt messages to any SMTP address Information Rights Management – Encrypt content and restrict usage; usually within own organization or trusted partners S/MIME – Sign and encrypt messages to users using certificates Encryption Solutions in Office 365
Registry Key Outlook Client

Recomendados

Office 365 DLP Makes Data Protection Cool Again!
Office 365 DLP Makes Data Protection Cool Again!Office 365 DLP Makes Data Protection Cool Again!
Office 365 DLP Makes Data Protection Cool Again!
Edge Pereira
 
Data Loss Prevention in O365
Data Loss Prevention in O365Data Loss Prevention in O365
Data Loss Prevention in O365
Don Daubert
 
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Data Loss Prevention in SharePoint 2016 Webinar with Crow CanyonData Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Vlad Catrinescu
 
DLP
DLPDLP
DLP
saurabh.sood
 
Office365 security in depth
Office365 security in depthOffice365 security in depth
Office365 security in depth
Alberto Pascual
 
Kyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epoKyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor
 
Communication Compliance in Microsoft 365
Communication Compliance in Microsoft 365Communication Compliance in Microsoft 365
Communication Compliance in Microsoft 365
Joanne Klein
 
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Symantec APJ
 

Recomendados

Office 365 DLP Makes Data Protection Cool Again!
Office 365 DLP Makes Data Protection Cool Again!Office 365 DLP Makes Data Protection Cool Again!
Office 365 DLP Makes Data Protection Cool Again!
Edge Pereira
 
Data Loss Prevention in O365
Data Loss Prevention in O365Data Loss Prevention in O365
Data Loss Prevention in O365
Don Daubert
 
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Data Loss Prevention in SharePoint 2016 Webinar with Crow CanyonData Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Data Loss Prevention in SharePoint 2016 Webinar with Crow Canyon
Vlad Catrinescu
 
DLP
DLPDLP
DLP
saurabh.sood
 
Office365 security in depth
Office365 security in depthOffice365 security in depth
Office365 security in depth
Alberto Pascual
 
Kyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epoKyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor – increasing your security posture using mc afee epo
Kyle Taylor
 
Communication Compliance in Microsoft 365
Communication Compliance in Microsoft 365Communication Compliance in Microsoft 365
Communication Compliance in Microsoft 365
Joanne Klein
 
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Symantec APJ
 
Intro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance CenterIntro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance Center
Craig Jahnke
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Robert Crane
 
Reducing the Chance of an Office 365 Security Breach
Reducing the Chance of an Office 365 Security BreachReducing the Chance of an Office 365 Security Breach
Reducing the Chance of an Office 365 Security Breach
Quest
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)
Sarfaraz Chougule
 
Metrics, Risk Management & DLP
Metrics, Risk Management & DLPMetrics, Risk Management & DLP
Metrics, Risk Management & DLP
Robert Kloots
 
ISSA DLP Presentation - Oxford Consulting Group
ISSA DLP Presentation - Oxford Consulting GroupISSA DLP Presentation - Oxford Consulting Group
ISSA DLP Presentation - Oxford Consulting Group
aengelbert
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022
lior mazor
 
Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14
Symantec
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11
Symantec
 
Tips for a successful SharePoint Migration strategy
Tips for a successful SharePoint Migration strategyTips for a successful SharePoint Migration strategy
Tips for a successful SharePoint Migration strategy
Don Daubert
 
Enough Talk – Solving GDPR Problems Through Metadata-Driven Compliance Webinar
Enough Talk – Solving GDPR Problems Through Metadata-Driven Compliance WebinarEnough Talk – Solving GDPR Problems Through Metadata-Driven Compliance Webinar
Enough Talk – Solving GDPR Problems Through Metadata-Driven Compliance Webinar
Concept Searching, Inc
 
DLP Data leak prevention
DLP Data leak preventionDLP Data leak prevention
DLP Data leak prevention
Ariel Evans
 
Microsoft 365 Compliance
Microsoft 365 ComplianceMicrosoft 365 Compliance
Microsoft 365 Compliance
David J Rosenthal
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentation
Shariyaz Abdeen
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from Symantec
Arrow ECS UK
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
Priyanka Aash
 
Accellion Infographic: The Effects of Mobile on the Enterprise
Accellion Infographic: The Effects of Mobile on the EnterpriseAccellion Infographic: The Effects of Mobile on the Enterprise
Accellion Infographic: The Effects of Mobile on the Enterprise
Proofpoint
 
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the Outside
DLT Solutions
 
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Christian Buckley
 
Andy Malone - Microsoft office 365 security deep dive
Andy Malone - Microsoft office 365 security deep diveAndy Malone - Microsoft office 365 security deep dive
Andy Malone - Microsoft office 365 security deep dive
Nordic Infrastructure Conference
 
FireEye Engineering
FireEye Engineering FireEye Engineering
FireEye Engineering
Lauren Traurig
 

Mais conteúdo relacionado

Mais procurados

Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14
Symantec
 
Enough Talk – Solving GDPR Problems Through Metadata-Driven Compliance Webinar
Enough Talk – Solving GDPR Problems Through Metadata-Driven Compliance WebinarEnough Talk – Solving GDPR Problems Through Metadata-Driven Compliance Webinar
Enough Talk – Solving GDPR Problems Through Metadata-Driven Compliance Webinar
Concept Searching, Inc
 
Microsoft 365 Compliance
Microsoft 365 ComplianceMicrosoft 365 Compliance
Microsoft 365 Compliance
David J Rosenthal
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from Symantec
Arrow ECS UK
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
Priyanka Aash
 
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore
 

Mais procurados (20)

Intro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance CenterIntro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance Center
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
 
Reducing the Chance of an Office 365 Security Breach
Reducing the Chance of an Office 365 Security BreachReducing the Chance of an Office 365 Security Breach
Reducing the Chance of an Office 365 Security Breach
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)
 
Metrics, Risk Management & DLP
Metrics, Risk Management & DLPMetrics, Risk Management & DLP
Metrics, Risk Management & DLP
 
ISSA DLP Presentation - Oxford Consulting Group
ISSA DLP Presentation - Oxford Consulting GroupISSA DLP Presentation - Oxford Consulting Group
ISSA DLP Presentation - Oxford Consulting Group
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022
 
Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11
 
Tips for a successful SharePoint Migration strategy
Tips for a successful SharePoint Migration strategyTips for a successful SharePoint Migration strategy
Tips for a successful SharePoint Migration strategy
 
Enough Talk – Solving GDPR Problems Through Metadata-Driven Compliance Webinar
Enough Talk – Solving GDPR Problems Through Metadata-Driven Compliance WebinarEnough Talk – Solving GDPR Problems Through Metadata-Driven Compliance Webinar
Enough Talk – Solving GDPR Problems Through Metadata-Driven Compliance Webinar
 
DLP Data leak prevention
DLP Data leak preventionDLP Data leak prevention
DLP Data leak prevention
 
Microsoft 365 Compliance
Microsoft 365 ComplianceMicrosoft 365 Compliance
Microsoft 365 Compliance
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentation
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from Symantec
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
 
Accellion Infographic: The Effects of Mobile on the Enterprise
Accellion Infographic: The Effects of Mobile on the EnterpriseAccellion Infographic: The Effects of Mobile on the Enterprise
Accellion Infographic: The Effects of Mobile on the Enterprise
 
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the Outside
 
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
 

Destaque

Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
centralohioissa
 
10 Things Many IT Professionals Don’t Know About Office 365
10 Things Many IT Professionals Don’t Know About Office 36510 Things Many IT Professionals Don’t Know About Office 365
10 Things Many IT Professionals Don’t Know About Office 365
Richard Harbridge
 

Destaque (16)

Andy Malone - Microsoft office 365 security deep dive
Andy Malone - Microsoft office 365 security deep diveAndy Malone - Microsoft office 365 security deep dive
Andy Malone - Microsoft office 365 security deep dive
 
FireEye Engineering
FireEye Engineering FireEye Engineering
FireEye Engineering
 
FireEye Systems Engineer
FireEye Systems EngineerFireEye Systems Engineer
FireEye Systems Engineer
 
[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
 
Email Security Best Practices
Email Security Best PracticesEmail Security Best Practices
Email Security Best Practices
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted Attacks
 
[Connect(); // Japan 2016] Microsoft の AI 開発最新アップデート ~ Cognitive Services からA...
[Connect(); // Japan 2016] Microsoft の AI 開発最新アップデート ~ Cognitive Services からA...[Connect(); // Japan 2016] Microsoft の AI 開発最新アップデート ~ Cognitive Services からA...
[Connect(); // Japan 2016] Microsoft の AI 開発最新アップデート ~ Cognitive Services からA...
 
Fire Eye Appliance Quick Start
Fire Eye Appliance Quick StartFire Eye Appliance Quick Start
Fire Eye Appliance Quick Start
 
FireEye
FireEyeFireEye
FireEye
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment Experience
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
 
FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not FireEye - Breaches are inevitable, but the outcome is not
FireEye - Breaches are inevitable, but the outcome is not
 
10 Things Many IT Professionals Don’t Know About Office 365
10 Things Many IT Professionals Don’t Know About Office 36510 Things Many IT Professionals Don’t Know About Office 365
10 Things Many IT Professionals Don’t Know About Office 365
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
 
TEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkTEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of Work
 

Semelhante a Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Compliance regulations

Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...
Edge Pereira
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
Resilient Systems
 
Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint Webinar
Concept Searching, Inc
 
Information security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioInformation security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maio
AntonioMaio2
 
Transform Unstructured Data Into Relevant Data with IBM StoredIQ
Transform Unstructured Data Into Relevant Data with IBM StoredIQTransform Unstructured Data Into Relevant Data with IBM StoredIQ
Transform Unstructured Data Into Relevant Data with IBM StoredIQ
Perficient, Inc.
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
IBM Security
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
Precisely
 

Semelhante a Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Compliance regulations (20)

Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...Office 365 : Data leakage control, privacy, compliance and regulations in the...
Office 365 : Data leakage control, privacy, compliance and regulations in the...
 
BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAP
 
IAM
IAMIAM
IAM
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENT
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and Espionage
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5
 
ACEDS-Zylab 4-3-15 Webcast
ACEDS-Zylab 4-3-15 Webcast ACEDS-Zylab 4-3-15 Webcast
ACEDS-Zylab 4-3-15 Webcast
 
Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint Webinar
 
Information security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioInformation security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maio
 
Privacy for tech startups
Privacy for tech startups Privacy for tech startups
Privacy for tech startups
 
Transform Unstructured Data Into Relevant Data with IBM StoredIQ
Transform Unstructured Data Into Relevant Data with IBM StoredIQTransform Unstructured Data Into Relevant Data with IBM StoredIQ
Transform Unstructured Data Into Relevant Data with IBM StoredIQ
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
 
Building & Running A Successful Identity Program
Building & Running A Successful Identity ProgramBuilding & Running A Successful Identity Program
Building & Running A Successful Identity Program
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your Business
 
Falcon.io | 2021 Trends Virtual Summit - Data Privacy
Falcon.io | 2021 Trends Virtual Summit - Data PrivacyFalcon.io | 2021 Trends Virtual Summit - Data Privacy
Falcon.io | 2021 Trends Virtual Summit - Data Privacy
 

Mais de Edge Pereira

Mais de Edge Pereira (11)

From Ashley madison to_panama_papers - Office 365 bringing sexy back to eDisc...
From Ashley madison to_panama_papers - Office 365 bringing sexy back to eDisc...From Ashley madison to_panama_papers - Office 365 bringing sexy back to eDisc...
From Ashley madison to_panama_papers - Office 365 bringing sexy back to eDisc...
 
2017 Collab365 - How the Jedi Use Project Online to Manage Projects
2017 Collab365 - How the Jedi Use Project Online to Manage Projects2017 Collab365 - How the Jedi Use Project Online to Manage Projects
2017 Collab365 - How the Jedi Use Project Online to Manage Projects
 
2017 Collab365 Conference - 10 myths about moving your project management to ...
2017 Collab365 Conference - 10 myths about moving your project management to ...2017 Collab365 Conference - 10 myths about moving your project management to ...
2017 Collab365 Conference - 10 myths about moving your project management to ...
 
The Future of InfoPath - Edge Pereira
The Future of InfoPath - Edge PereiraThe Future of InfoPath - Edge Pereira
The Future of InfoPath - Edge Pereira
 
Project portfolio management in the cloud
Project portfolio management in the cloudProject portfolio management in the cloud
Project portfolio management in the cloud
 
Microsoft EMS - Everybody Together Now - Edge Pereira - Microsoft Office 365 ...
Microsoft EMS - Everybody Together Now - Edge Pereira - Microsoft Office 365 ...Microsoft EMS - Everybody Together Now - Edge Pereira - Microsoft Office 365 ...
Microsoft EMS - Everybody Together Now - Edge Pereira - Microsoft Office 365 ...
 
When a Data Breach Happens, What's Your Plan?
When a Data Breach Happens, What's Your Plan?When a Data Breach Happens, What's Your Plan?
When a Data Breach Happens, What's Your Plan?
 
Office 365 Canberra - eDiscovery and Privacy: All your data are belong to us
Office 365 Canberra - eDiscovery and Privacy: All your data are belong to usOffice 365 Canberra - eDiscovery and Privacy: All your data are belong to us
Office 365 Canberra - eDiscovery and Privacy: All your data are belong to us
 
Office 365 Makes Data Protection Cool Again
Office 365 Makes Data Protection Cool AgainOffice 365 Makes Data Protection Cool Again
Office 365 Makes Data Protection Cool Again
 
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft off...
 
C01 office 365, DLP data loss preventions, privacy, compliance, regulations
C01 office 365, DLP data loss preventions, privacy, compliance, regulationsC01 office 365, DLP data loss preventions, privacy, compliance, regulations
C01 office 365, DLP data loss preventions, privacy, compliance, regulations
 

Último

Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Kayode Fayemi
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Delhi Call girls
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
raffaeleoman
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
Kayode Fayemi
 

Último (20)

Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptx
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animals
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 

Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Compliance regulations

  • 1. C01: Office 365 : Data leakage protection, privacy, compliance and regulations • #SPSParis C01 • Edge Pereira • 30 Mai 2015 / May 30th, 2015
  • 3. 10% de remise avec le code SPSPa15www.sharepointeurope.com
  • 4.
  • 5. “By far, the most common record type exposed in 2014 were passwords, followed by usernames, email addresses, and PII (name, address, SSN, DOB, phone number, etc.)…” 1 Billion Criminals are starting to favour PII over financial information, because it's easier to sell and leverage Source: http://www.cio.com/article/2848593/data-breach/nearly-a-billion-records-were-compromised-in-2014.html Records Compromised in 2014
  • 6. “It was often said that people were the weakest link in any security chain—and that was true when attacks were less sophisticated. But today, no amount of education will stop hackers from getting into your network.” $400 Million There were 2,122 confirmed data breaches in 2014 Source: http://www.forbes.com/sites/gilpress/2015/05/22/stopping-data-breaches-whose-job-is-it-anyway/ Losses Due to Data Breaches
  • 7. “SCAMS strip Australians of at least $80 million a year and gathering a vault of personal information that can be used in fraud sprees.” $80 Million Criminals are buying and selling names, addresses, birth dates, bank account and other personal details on the black market to commit identity fraud or find scam victims, a report warns. Source: http://www.heraldsun.com.au/news/law-order/scammers-steal-80-million-a-year-and-personal-information-from-australians/story-fni0fee2-1227358157405 Individual Losses Due to Scammers
  • 8. Data Breaches Source: Liam Clearly BRK2142 Microsoft Ignite
  • 9. Source: Gartner Report: IT Governance, Risk, and Compliance Management Solutions, http://www.gartner.com/resId=1884814 “Faced with never-ending and expanding regulatory and industry mandates, organizations invest tremendous amounts of energy on audit, compliance, controls, and (in some cases) risk management. At the same time, they seek to free staff resources from mundane tasks such as evidence gathering and simple reporting.”
  • 10. • Introduction • Importance of Regulatory and Compliance Controls • Controls in Office 365 • Demos • Data Loss Prevention • eDiscovery • Auditing • Document Fingerprinting • Encrypted Email Communications Our Agenda for Today
  • 11. Why are we here?
  • 14. Why do we need to take compliance seriously?
  • 15. Let’s look at Office 365 customer controls Identify Monitor Protect Educate
  • 16. So what is Microsoft doing? eDiscovery Auditing Encryption Information Management Policies Records Management
  • 17. Two faces of compliance in Office 365 Built-in Office 365 capabilities (global compliance) Customer controls for compliance/internal policies • Access Control • Auditing and Logging • Continuity Planning • Incident Response • Risk Assessment • Communications Protection • Identification and Authorisation • Information Integrity • Awareness and Training • Data Loss Prevention • Archiving • eDiscovery • Encryption • S/MIME • Legal Hold • Rights Management
  • 18. In practise, it looks like this
  • 19. What does your organisation get? • Independent verification • Regulatory compliance • Peace of mind • Improved governance • Better risk management • Avoiding prosecution
  • 20. Sara Aziz Janet Denis Sales Finance Sales Manager Legal Our Demo Participants
  • 23. 50% Of the IT organizations will use security services firms that specialize in data protection, security risk management and security infrastructure management to enhance their security postures Source: http://www.gartner.com/newsroom/id/2828722 By 2018, Data Leakage Protection
  • 24. What is meant by Data Loss Prevention? in-use (endpoint actions) in-motion (network traffic) at-rest (data storage) [1] http://en.wikipedia.org/wiki/Data_loss_prevention_software Good definition http://csrc.nist.gov/groups/SNS/rbac/documents/data-loss.pdf
  • 27. • Operating System and Apps fully patched and up to date • End-point security tools installed and correctly configured • Firewall enabled and correctly configured • Access to required applications only • Access to “need to know” data • Compliance Adherence Monitoring In-use controls (end-point)
  • 29. Country PII Financial Health USA US State Security Breach Laws, US State Social Security Laws, COPPA GLBA & PCI-DSS (Credit, Debit Card, Checking and Savings, ABA, Swift Code) Limited Investment: US HIPPA, UK Health Service, Canada Health Insurance card Rely on Partners and ISVs Germany EU data protection, Drivers License, Passport National Id EU Credit, Debit Card, IBAN, VAT, BIC, Swift Code UK Data Protection Act, UK National Insurance, Tax Id, UK Driver License, Passport EU Credit, Debit Card, IBAN, BIC, VAT, Swift Code Canada PIPED Act, Social Insurance, Drivers License Credit Card, Swift Code France EU data protection, Data Protection Act, National Id (INSEE), Drivers License, Passport EU Credit, Debit Card, IBAN, BIC, VAT, Swift Code Japan PIPA, Resident Registration, Social Insurance, Passport, Driving License Credit Card, Bank Account, Swift Code Built-in DLP content areas
  • 30. Establishing DLP Design and implement • Determine sensitive information types and related policies or regulations • Establish policies to protect sensitive data • Implement Office 365 DLP features Operate • Detect sensitive data in email • Detect sensitive data with document fingerprinting • User awareness with Outlook Policy tips
  • 31. What do we mean by eDiscovery? Source: Wikipedia (http://en.wikipedia.org/wiki/Electronic_discovery)
  • 32. eDiscovery Process Find relevant content (documents, emails, Lync conversions)DISCOVERY PRESERVATION Place content on legal hold to prevent content modification and/or removal Collect and send relevant content for processing Prepare files for review PRODUCTION REVIEW Lawyers determine which content will be supplied to opposition Provide relevant content to opposition COLLECTION PROCESSING
  • 39. Find what you need • •
  • 41. eDiscovery Considerations • Recoverable Items quotas separate from mailbox quotas and need to be monitored • In-Place Hold vs. Single Item Recovery vs. Retention Hold • Hybrid data sources
  • 44. Risk mitigation • Centrally managed proactive enforcement • Reduced collection touch points • Consistent and repeatable Minimised business impact • Transparent to users • Minimises the need for offline copies, until they are needed • Instantly searchable/exportable Lower cost! Important Benefits
  • 46. Q & A
  • 47. • Introduction • Importance of Regulatory and Compliance Controls • Controls in Office 365 • Demos • Data Loss Prevention • eDiscovery • Auditing • Document Fingerprinting • Encrypted Email Communications Wrap Up
  • 48. Learn More TechEd 2014 Office 365 Security and Compliance https://channel9.msdn.com/Events/TechEd/Australia/2014/OSS 304 Office 365 Trust Centre http://office.microsoft.com/en-au/business/office-365-trust- center-cloud-computing-security-FX103030390.aspx Office Blogs http://blogs.office.com/2013/10/23/cloud-services-you-can- trust-security-compliance-and-privacy-in-office-365/ Governance, risk management, and compliance http://en.wikipedia.org/wiki/Governance,_risk_management, _and_compliance Office 365 Service Descriptions http://technet.microsoft.com/en- us/library/jj819284%28v=technet.10%29 Useful Links
  • 49. Thank you ! Merci ! Online evaluation form Evaluations en ligne http://tinyurl.com/SPSParis2015
  • 51. Content Analysis Process Joseph F. Foster Visa: 4485 3647 3952 7352 Expires: 2/2012 Get Content 4485 3647 3952 7352  a 16 digit number is detected RegEx Analysis 1. 4485 3647 3952 7352  matches checksum 2. 1234 1234 1234 1234  does NOT match Function Analysis 1. Keyword Visa is near the number 2. A regular expression for date (2/2012) is near the number Additional Evidence 1. There is a regular expression that matches a check sum 2. Additional evidence increases confidence Verdict
  • 52. Office 365 Message Encryption – Encrypt messages to any SMTP address Information Rights Management – Encrypt content and restrict usage; usually within own organization or trusted partners S/MIME – Sign and encrypt messages to users using certificates Encryption Solutions in Office 365

Notas do Editor

  1. Template may not be modified Twitter hashtag: #spsparis for all sessions Keep the flags corresponding to your session
  2. Data travels with you. Transparent, with controls applied automatically. Anywhere in the world.
  3. From mainstream products
  4. Encryption at Rest: Uses Transparent Data Encryption (TDE). TDE leverages from a server level certificate to do page level encryption on the raw sharepoint database files. Using a symmetric key stored in the SharePoint master database in the form of a certificate. Data is encrypted in AES or 3DES and the original certificate is required to access the database.     Secure Connections: Done via Secure Socket Layer (SSL). SSL performs a certificate exchange process to validate the server's authenticity and encrypt the data passed across the servers, encrypting the information transmitted between them. Attackers trying to use sniff the trafic using WireShark or some similar tool would only see unintelligible content.
  5. Improvement from Litigation hold. While in Exchange 2010, administrators could only either hold all mailbox data indefinitely or until the hold was removed, in Exchange 2013 In-Place Hold allows administrators to specify what to hold and for how long to hold it for. This allows administrators to create granular hold policies to preserve mailbox items in the following scenarios: Indefinite In-Place Hold is similar to litigation hold in Exchange 2010 as it is intended to preserve all mailbox items indefinitely, during which period items are never deleted; Query-based In-Place Hold preserves items based on specified query parameters such as keywords, senders and recipients, start and end dates, and also item types such as e-mails, calendar items, etc. After a query-based In-Place Hold is created, all existing and future mailbox items (including e-mails received at a later date) that match the query parameters are preserved. Note that a query-based hold cannot be used to place unsearchable items on hold (items that could not be indexed by Exchange Search); Time-based In-Place Hold allows administrators to specify an exact duration of time to hold items for. The duration is calculated from the date a mailbox item is received or created. For example, if a mailbox is placed on a time-based hold with a retention period of 365 days and an e-mail is deleted after 300 days from the date it was received, it is held for an additional 65 days before being permanently deleted; Multiple holds - place a user on multiple holds to meet different case requirements. In this scenario, search parameters of all In-Place Holds are applied together using an OR operator. If a mailbox is placed on more than five holds, all items are held until the holds are removed, replicating the indefinite hold behavior until the number of holds on the mailbox is reduced to five or less. Preserving Lync Content Exchange 2013, Lync 2013 and SharePoint 2013 provide an integrated preservation and eDiscovery experience that allows administrators to preserve and search items across the different data stores. As such, Exchange 2013 allows the archive of Lync 2013 content in Exchange, removing the requirement of having a separate SQL Server database to store archived Lync content. When placing a mailbox on In-Place Hold, Lync content (such as instant messaging conversations and files shared in online meetings) are archived in the mailbox. Searching the mailbox using the eDiscovery Center in SharePoint 2013 or In-Place eDiscovery in Exchange 2013, any archived Lync content matching the search query is also returned. To enable archiving of Lync 2013 content in Exchange 2013, administrators must configure Lync integration with Exchange.
  6. Placing all users on hold for a fixed duration Placing a user on multiple In-Place Holds In-Place Hold and Litigation Hold Recoverable Items include:- Deletions Purges Discovery Hold Versions Audits Calendar logging ALL SEACHABLE While in Exchange 2010, administrators could only either hold all mailbox data indefinitely or until the hold was removed, in Exchange 2013 In-Place Hold allows administrators to specify what to hold and for how long to hold it for. This allows administrators to create granular hold policies to preserve mailbox items in the following scenarios: Indefinite In-Place Hold is similar to litigation hold in Exchange 2010 as it is intended to preserve all mailbox items indefinitely, during which period items are never deleted; Query-based In-Place Hold preserves items based on specified query parameters such as keywords, senders and recipients, start and end dates, and also item types such as e-mails, calendar items, etc. After a query-based In-Place Hold is created, all existing and future mailbox items (including e-mails received at a later date) that match the query parameters are preserved. Note that a query-based hold cannot be used to place unsearchable items on hold (items that could not be indexed by Exchange Search); Time-based In-Place Hold allows administrators to specify an exact duration of time to hold items for. The duration is calculated from the date a mailbox item is received or created. For example, if a mailbox is placed on a time-based hold with a retention period of 365 days and an e-mail is deleted after 300 days from the date it was received, it is held for an additional 65 days before being permanently deleted; Multiple holds - place a user on multiple holds to meet different case requirements. In this scenario, search parameters of all In-Place Holds are applied together using an OR operator. If a mailbox is placed on more than five holds, all items are held until the holds are removed, replicating the indefinite hold behavior until the number of holds on the mailbox is reduced to five or less. Preserving Lync Content Exchange 2013, Lync 2013 and SharePoint 2013 provide an integrated preservation and eDiscovery experience that allows administrators to preserve and search items across the different data stores. As such, Exchange 2013 allows the archive of Lync 2013 content in Exchange, removing the requirement of having a separate SQL Server database to store archived Lync content. When placing a mailbox on In-Place Hold, Lync content (such as instant messaging conversations and files shared in online meetings) are archived in the mailbox. Searching the mailbox using the eDiscovery Center in SharePoint 2013 or In-Place eDiscovery in Exchange 2013, any archived Lync content matching the search query is also returned. To enable archiving of Lync 2013 content in Exchange 2013, administrators must configure Lync integration with Exchange.