Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Server and Cloud Platform template

Dan Plastina
https://twitter.com/TheRMSGuy
https://linkedin.com/in/danpl
Users
Devices
Apps
Data
IT
Employees
Business partners
Customers
Why do you seek to protect information?
96%
Reduce leakage of data shared
with others (B2B collaboration)
Partitioning of sensitive data
from unauthorized users
Prevent malicious employees
from leaking of secrets
Meet compliance
requirements
94%
89%
87%
Survey conducted with:
313 organizations
17,000,000 users
54,000 users on average
My existing DLP protection is too reactive.
Can data be ‘born encrypted’?
How do I prepare for a
fading perimeter?
Data privacy is
mandated!
IT must ‘reason over data’ to stay compliant,
yet we need our sensitive data to be encrypted.
We want small steps to protect
data now! We’re don’t want to slowly
implement the ‘perfect grand solution’.
Peer-to-peer federation is not
practical or scalable.
How do we establish ‘trust’?
Another New Challenge
You have a perimeter
You have managed devices
within a broader perimeter
Your business requires
you to share sensitive
data outside of your control
for B2B/B2C
Our promise
<you> need to share <file types> between yourself and
partners, suppliers, dealers, representatives, etc.
Ease of Use
Persistent protection
Tracking and Compliance
Storage independent solution
Powerful logging for reporting
Works across all platforms
Permit all companies to authenticate
End user use/abuse tracking
Free content consumption
Authorization policies are enforced
Ability to remote kill documents
Consistent user experience
Enable IT to reason over data
Integrated into common
apps/services
Vision: Azure Rights Management
Encryption
Email
Share internally
On any device
Access
control
Policy
enforcement
Document
tracking
Files
Document
revocation
Classification
and labeling
LOB apps
Share externally (B2C)
Share externally (B2B)
In any part of the world
•
•
•
US
EU
APAC
•
•
China
Germany
Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with
the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of
fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose."
Rights management 101
Usage rights and symmetric
key stored in file as ‘license’
Use Rights +
Water
Sugar
Brown #16
Protect
Secret cola formula
License protected
by customer-owned
RSA key
aEZQAR]ibr{qU
@M]BXNoHp9nMD
AtnBfrfC;jx+T
g@XL2,Jzu
()&(*7812(*:
Each file is protected by
a unique AES symmetric
Water
Sugar
Brown #16
Unprotect
Local processing on PCs/devices
Use Rights
+
SDK
Use Rights
+
aEZQAR]ibr{q
U@M]BXNoHp9n
MDAtnBfrfC;j
x+Tg@XL2,Jzu
()&(*7812(*:
File content is never sent
to the RMS server/service.
Apps protected with
RMS enforce rights
Apps use the SDK to
communicate with the
RMS service/servers
Azure RMS
never sees the
file content, only
the license.
Topology
•
Data protection for
organizations at different
stages of cloud adoption
•
Ensures security because
sensitive data is never
sent to the RMS server
•
Integration with on-premises
assets with minimal effort
Authentication & collaboration
BYO Key
Authorization
requests go to
a federation
service
RMS connector
AAD Connect
ADFS
Use Azure AD as the trusted fabric
Azure Active
Directory
On-premises organizations doing full sync
On-premises organizations doing partial sync
Organizations completely in cloud
Organizations created through adhoc sign up
ADFS
…and all of these organizations
can interact with each other.
Minimum sync profile for Azure RMS
 Only PII data is first name, last name, and email address
Cn (common name)
jdoe
displayName
John Doe
Mail
john.doe@contoso.com
proxyAddresses
SMTP:john.doe@contoso.com
userPrincipalName
john.doe@contoso.com
accountEnabled
True
objectSID (sync ID)
01 05 00 05 15 00 00 E2 DB … CF A1 29 71 04 00 00
pwdLastSet
20141013171110.0Z
sourceAnchor (for Licensing)
NyWoidInKk2S4xtxK+GsbQ==
usageLocation (for Licensing)
DE
Take action now
Every day you share sensitive items with
no form of protection.
Act now to protect your information
— even if only with small steps.
Defend your information against internal leakages and outside cyber-attacks.
Protect information with identity-based viewing privileges.
Examples of step-wise approaches
• Start with IT-controlled, DLP-performed protection
• Users experience RMS protected data but don’t have to initiate the protection
• e.g.: DLP in Exchange Online, in Office apps*, and SharePoint online**
• e.g.: FCI protection of data on a file share, MyDocs folder, or Work Folder.
• Teach the critical few user initiating B2B to ‘share protected’
•
•
•
•
A small percentage of users do most of the sensitive B2B sharing
e.g: Automotive dealership price lists / sales incentives
e.g: Vendor bid manager
e.g: SAP reporting
• Enable broader RMS where users initiate themselves
• Let users opt-in initially. Tracking, remote kill, Do-not-forward are strong benefits
Top RMS Use Cases
•
•
•
•
•
•
•
•
•
Control sensitive email flow, internally, across all devices
Share an Office file with external users
Board of Directors email communications
Document use tracking, abuse detection, and revocation
Business-to-Customer secure email (and replies)
Control the download of files stored in SharePoint
Securing reports generated from SAP
Protecting files on a user’s ‘Documents’ folder, file share
Share CAD drawings, Redacted PDFs, and analyst reports.
Vision: Azure Rights Management
Encryption
Email
Share internally
On any device
Access
control
Policy
enforcement
Document
tracking
Files
Document
revocation
Classification
and labeling
LOB apps
Share externally (B2C)
Share externally (B2B)
In any part of the world
•
•
•
US
EU
APAC
•
•
China
Germany
Next steps
Follow @ https://twitter.com/TheRMSGuy
Learn more @ http://www.Microsoft.com/rms
Discover @ http://curah.microsoft.com/56313
For questions email AskIPteam@Microsoft.com
IT Pro blog @ http://blogs.technet.com/b/rms
Get involved @ https://www.yammer.com/AskIPteam
Sign up @ http://portal.aadrm.com
Download @ http://portal.aadrm.com/home/download
© 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be
interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Resources – RMS
•
•
•
•
•
•
•
•
•
•
Azure RMS
RMS App
RMS App (Mobile)
Doc Tracking
Templates
Onboarding
Migration Toolkit
BYOK
Cmdlets
RMS SDK
Quick activation, B2B trust –enabled
RMS task assistant and viewer on all platforms
RMS task assistant and viewer on all platforms
Permits viewing file usage / remote revocation
Global and departmental policies
Easier pilots, partial deployments
AD RMS to Azure RMS phased migration
Bring your own HSM-backed key to the cloud
Power Shell commands for task automation
Enable your own applications (LOB)
Resources – Office and Windows
•
•
•
•
•
•
•
•
•
Apps (Word, etc)
Outlook / OWA
Exchange
SharePoint
Office DLP
OME
EDP
File Classification
OneDrive
Word, Excel, PowerPoint on all platforms.
Outlook on all platforms; Web email
Mail service with an RMS-aware pipeline
Doc Library
Office 365 Data Loss Prevention
Office Message Encryption enables B2C
Windows10 Enterprise Data Protection w/RMS
DLP over file servers, My Docs, & Work Folder
Protection of data on OneDrive
Resources – Partner ISVs
•
Secude
•
Secure Island
Classification and RMS ‘enhancer’
Titus
Classification and RMS ‘enhancer’
Watchful Software Classification and RMS ‘enhancer’
•
•
•
•
•
Foxit
Foxit Redaction
Gigatrust
Protection of reports leaving SAP
PDF Reader with built-in RMS
Redacted PDF with ‘view all content ’ mode
Adobe Reader PDF extension for RMS
Related documents
Open Source In State and Local Government - Mil-OSS
Open Source In State and Local Government - Mil-OSS
R.E.A.L. at RMS 'R.E.A.L.' stands for the most important behavioral
R.E.A.L. at RMS 'R.E.A.L.' stands for the most important behavioral
Letter - Bells Line of Road temporary speed limit change – due to
Letter - Bells Line of Road temporary speed limit change – due to
Quiz #2 Genomics and Bioinformatics
Quiz #2 Genomics and Bioinformatics
WEIGHTED MEAN - For averaging data w pre
WEIGHTED MEAN - For averaging data w pre
M.Phil. in Economics: International Trade 2009 10 Problem Set II
M.Phil. in Economics: International Trade 2009 10 Problem Set II
Week 06 Lab
Week 06 Lab
CORRECTING RMS VALUE OF A SINE WAVEFORM SAMPLED DUE LIMITED NUMBER
CORRECTING RMS VALUE OF A SINE WAVEFORM SAMPLED DUE LIMITED NUMBER
Turbulence-induced Vibration
Turbulence-induced Vibration
Download