Edge Pereira
edge.pereira@avanade.com
Twitter: @superedge
Our Agenda for Today (plan)
•
•
•
•
•
Data Loss Prevention
eDiscovery
Auditing
Document Fingerprinting
Encrypted Emails
“Faced with never-ending and expanding regulatory and industry
mandates, organizations invest tremendous amounts of energy on
audit, compliance, controls, and (in some cases) risk management.
At the same time, they seek to free staff resources from mundane
tasks such as evidence gathering and simple reporting.”
Source: Gartner Report: IT Governance, Risk, and Compliance Management Solutions, http://www.gartner.com/resId=1884814
Records Compromised in 2014
“By far, the most common record type exposed in 2014 were passwords, followed by usernames, email addresses, and PII (name,
address, SSN, DOB, phone number, etc.)…”
1 Billion
Criminals are starting to favor PII
over financial information, because
it's easier to sell and leverage
Source: http://www.cio.com/article/2848593/data-breach/nearly-a-billion-records-were-compromised-in-2014.html
Why are we here?
Compliance – What is it?
Why do we need to take compliance seriously?
So what is Microsoft doing?
eDiscovery
Encryption
Information
Management
Policies
Records Management
Auditing
Two faces of compliance in Office 365
Built-in Office 365 capabilities
(global compliance)
Customer controls for
compliance/internal policies
•
Access Control
•
Data Loss Prevention
•
Auditing and Logging
•
Archiving
•
Continuity Planning
•
eDiscovery
•
Incident Response
•
Encryption
•
Risk Assessment
•
S/MIME
•
Communications Protection
•
Legal Hold
•
Identification and Authorisation
•
Rights Management
•
Information Integrity
•
Awareness and Training
In practise, it looks like this
What does your organisation get?
•
•
•
•
•
•
So what does all that boil down to for ITPro’s?
It is all about customer controls!
Remembering
“A control is a process, function, in fact anything that supports
maintaining compliance”
Lets look at Office 365 customer controls
Identify
Monitor
Protect
Educate
Data Loss
Prevention
By 2018, Data Leakage Protection
50%
Of the IT organizations will use security services firms that
specialize in data protection, security risk management and
security infrastructure management to enhance their security
postures
Source: http://www.gartner.com/newsroom/id/2828722
What is meant by Data Loss Prevention?
(network traffic)
at-rest (data storage)
in-use (endpoint actions) in-motion
“Quotation...”
Good definition
http://csrc.nist.gov/groups/SNS/rbac/documents/data-loss.pdf
[1]
http://en.wikipedia.org/wiki/Data_loss_prevention_software
In-use controls (end-point)
•
•
•
•
•
•
Operating System and Apps fully patched and up to date
End-point security tools installed and correctly configured
Firewall enabled and correctly configured
Access to required applications only
Access to “need to know” data
Compliance Adherence Monitoring
At-rest controls
Country
PII
Financial
USA
US State Security Breach Laws,
US State Social Security Laws, COPPA
GLBA & PCI-DSS
(Credit, Debit Card, Checking
and
Savings, ABA, Swift Code)
Germany
EU data protection,
Drivers License, Passport National Id
EU Credit, Debit Card,
IBAN, VAT, BIC, Swift Code
UK
Canada
France
Japan
Data Protection Act,
UK National Insurance, Tax Id, UK
Driver License, Passport
EU Credit, Debit Card,
IBAN, BIC, VAT, Swift Code
PIPED Act,
Social Insurance, Drivers License
Credit Card,
Swift Code
EU data protection,
Data Protection Act,
National Id (INSEE),
Drivers License, Passport
EU Credit, Debit Card,
IBAN, BIC, VAT,
Swift Code
PIPA,
Resident Registration, Social
Insurance, Passport, Driving License
Credit Card,
Bank Account,
Swift Code
Health
Limited Investment:
US HIPPA,
UK Health Service,
Canada Health Insurance
card
Rely on Partners and ISVs
Establishing DLP
•
•
•
Australian sensitive
information types
provided by Microsoft
• Bank Account Number
• Driver's License Number
• Medicare Account
Number
• Passport Number
• Tax File Number
DEMO: Data Loss
Prevention
eDiscovery
What do we means by eDiscovery?
[2]
Wikipedia (http://en.wikipedia.org/wiki/Electronic_discovery)
eDiscovery Process
DISCOVERY
Find relevant content (documents, emails, Lync conversions)
PRESERVATION
Place content on legal hold to prevent content modification
and/or removal
COLLECTION
Collect and send relevant content for processing
PROCESSING
Prepare files for review
REVIEW
PRODUCTION
Lawyers determine which content will be
supplied to opposition
Provide relevant content to opposition
Office 365 eDiscovery Centre
In-place Hold
Find what you need
•
•
Export for action
eDiscovery Considerations
•
•
•
Recoverable Items quotas separate from mailbox quotas and
need to be monitored
In-Place Hold vs. Single Item Recovery vs. Retention Hold
Hybrid data sources
eDiscovery Reports
Important Benefits
•
•
•
Centrally managed proactive enforcement
Reduced collection touch points
Consistent and repeatable
•
•
•
Transparent to users
Minimises the need for offline copies, until they are needed
Instantly searchable/exportable
DEMO:
eDiscovery
Auditing
Reporting and Auditing
SharePoint – Auditing Features
SharePoint Audit Reports
DEMO: Document
Fingerprinting
DEMO: Encrypted
Email
Q&A
Wrap Up
•
•
•
•
•
Data Loss Prevention
eDiscovery
Auditing
Document Fingerprinting
Encrypted Emails
Edge Pereira
edge@superedge.net
www.facebook.com/edgepmo
www.twitter.com/superedge
www.superedge.net
DLP extensibility points
Content Analysis Process
Get
Content
Joseph F. Foster
Visa: 4485 3647 3952 7352
Expires: 2/2012
RegEx
Analysis
4485 3647 3952 7352  a 16 digit number
is detected
Function
Analysis
1. 4485 3647 3952 7352  matches checksum
2. 1234 1234 1234 1234  does NOT match
Additional
Evidence
1. Keyword Visa is near the number
2. A regular expression for date (2/2012)
is near the number
Verdict
1. There is a regular expression that matches
a check sum
2. Additional evidence increases confidence
Content analysis process
Encryption Solutions in Office 365
Office 365 Message Encryption – Encrypt messages to any SMTP address
Information Rights Management – Encrypt content and restrict usage; usually
within own organization or trusted partners
S/MIME – Sign and encrypt messages to users using certificates
Registry Key Outlook Client