Accelerate GDPR compliance with the Microsoft...
Transcript of Accelerate GDPR compliance with the Microsoft...
Accelerate GDPR compliance with the Microsoft CloudOle Tom SeierstadNational Security OfficerMicrosoft Norway
This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.
Leverage guidance from experts
Simplify your privacy journey
GDPRCompliance
GDPRCompliance
GDPRCompliance
Uncover risk & take action
Centralize, Protect, Comply with the Cloud
Centralize processing in a single system, simplifying data management,
governance, classification, and oversight.
Protect data with industry leading encryption and security technology
that’s always up-to-date and assessed by experts.
Utilize services that already comply with complex, internationally-
recognized standards to more easily meet new requirements, such as
facilitating the requests of data subjects.
Maximize your protections
Process all in one place
Streamline your compliance
Protecting customer
privacy with GDPR
99.9% 46%
50% 23%
We will stand behind you with contractual commitments
for our cloud services that:
• Meet stringent security requirements
• Support customers in managing data subject requests
• Provide documentation that enables customers to
demonstrate compliance for all the other requirements
of the GDPR applicable to processors and more
Microsoft was the first major cloud services provider to
make these commitments to its customers. Our goal is to
simplify compliance for our customers with both the
GDPR and other major regulations.
The GDPR commitments are now available in the Online
Services Terms (OST) at www.microsoft.com/licensing
How do I get started?
Identify what personal data you have and
where it residesDiscover1
Govern how personal data is used
and accessedManage2
Establish security controls to prevent, detect,
and respond to vulnerabilities & data breachesProtect3
Keep required documentation, manage data
requests and breach notificationsReport4
Discover:
In-scope:
•
•
•
•
•
•
•
•
•
•
Inventory:
•
•
•
•
•
•
•
Microsoft AzureMicrosoft Azure Data Catalog
Enterprise Mobility + Security (EMS)Microsoft Cloud App Security
Dynamics 365Audit Data & User Activity
Reporting & Analytics
Office & Office 365 Data Loss Prevention
Advanced Data Governance
Office 365 eDiscovery
SQL Server and Azure SQL Database
SQL Query Language
Windows & Windows ServerWindows Search
Example solutions
1
2
Example solutions
Manage:
Data governance:
•
•
•
•
•
•
•
•
Data classification:
•
•
•
•
•
•
•
Microsoft AzureAzure Active Directory
Azure Information Protection
Azure Role-Based Access Control (RBAC)
Enterprise Mobility + Security (EMS)Azure Information Protection
Dynamics 365Security Concepts
Office & Office 365 Advanced Data Governance
Journaling (Exchange Online)
Windows & Windows ServerMicrosoft Data Classification Toolkit
3
Example solutions
Protect:
Preventing data attacks:
•
•
•
•
•
•
•
•
Detecting & responding to breaches:
•
•
•
•
•
•
Microsoft AzureAzure Key VaultAzure Security CenterAzure Storage Services Encryption
Enterprise Mobility + Security (EMS)Azure Active Directory PremiumMicrosoft Intune
Office & Office 365 Advanced Threat ProtectionThreat Intelligence
SQL Server and Azure SQL DatabaseTransparent data encryptionAlways Encrypted
Windows & Windows ServerWindows Defender Advanced Threat ProtectionWindows HelloDevice Guard
4
Example solutions
Record-keeping:
•
•
•
•
•
Reporting tools:
•
•
•
•
•
•
Microsoft Trust CenterService Trust Portal
Microsoft AzureAzure Auditing & LoggingAzure Data LakeAzure Monitor
Enterprise Mobility + Security (EMS)Azure Information Protection
Dynamics 365Reporting & Analytics
Office & Office 365 Service AssuranceOffice 365 Audit LogsCustomer Lockbox
Windows & Windows ServerWindows Defender Advanced Threat Protection
Report:
Data governance &
rights management
Responsibility SaaS PaaS IaaS On-prem
Client endpoints
Account & access
management
Identity & directory
infrastructure
Application
Network controls
Operating system
Physical network
Physical datacenter
CustomerMicrosoft
Physical hosts
West US
West US 2
38 Cloud regions worldwide
Central US
East US
North Central US
Brazil South
West Europe
Japan East
South India
Southeast
Asia
Australia Southeast
Australia East
Central India
West India
Japan West
East Asia
China West1
North EuropeGermany
Northeast2Canada East
Canada Central
South Central US
China East1
Germany
Central2
Korea
South3
East US 2
Korea Central3
United Kingdom West
United Kingdom
South
West Central US
US Gov Virginia
US Gov Iowa
US DoD East
US DoD
West
France3
France3
100+ datacenters
One of 3 largest networks in the world
1China datacenters operated by 21 Vianet
2German data trustee services provided by
T-systems
3France, South Korea and US Gov datacenter
regions have been announced but are not
currently operational
Sovereign datacenters
Global datacenters
US Gov Texas3
US Gov Arizona3
Our commitment to you
To simplify your path to compliance, we are committing to
GDPR compliance across our cloud services when
enforcement begins on May 25, 2018.
We will share our experience in complying with complex
regulations such as the GDPR.
Together with our partners, we are prepared to help you
meet your policy, people, process, and technology goals on
your journey to GDPR.
HIPAA /
HITECH ActFERPA
GxP
21 CFR Part 11
Singapore
MTCS
UK
G-Cloud
Australia
IRAP/CCSL
FISC Japan
New Zealand
GCIO
China
GB 18030
EU
Model Clauses
ENISA
IAF
Argentina
PDPA
Japan CS
Mark Gold
CDSAShared
Assessments
Japan My
Number Act
FACT UK GLBA
Spain
ENS
PCI DSS
Level 1MARS-E FFIEC
China
TRUCS
Canada
Privacy Laws
MPAA
Privacy
Shield
India
MeitY
Germany IT
Grundschutz
workbook
Spain
DPA
HITRUST IG Toolkit UK
China
DJCP
ITARSection 508
VPATSP 800-171 FIPS 140-2
High
JAB P-ATOCJIS
DoD DISA
SRG Level 2
DoD DISA
SRG Level 4IRS 1075
DoD DISA
SRG Level 5
Moderate
JAB P-ATO
GLO
BA
LU
S G
OV
IND
US
TR
YR
EG
ION
AL
ISO 27001
SOC 1
Type 2ISO 27018CSA STAR
Self-AssessmentISO 27017SOC 2
Type 2SOC 3ISO 22301
CSA STAR
Certification
CSA STAR
AttestationISO 9001
Azure has the deepest and most comprehensive compliance coverage in the industry
Microsoft.com/GDPR
• Integrate Azure search for hosted applications to locate personal data across user-defined indexes
• Trace and identify personal data stored in different data sources
Search & identify
personal data
Protect data in the cloud
Control access
Detect & Remediate
threats
Classify data
Record-keeping
• Securely manage access to your data, applications and other resources
• Enforce separation of duties
• Easily determine and assign relative values to your data
• Employ advanced encryption, cryptography, and monitoring
• Restore data availability with a variety of recovery and Geo-redundant storage options
• Proactively prevent, detect and respond quickly to threats
• Deliver verifiable transparency and delivers tamper-resistant insights with activity log
• Leverage comprehensive compliance and privacy documentation for Azure
Discover Manage Protect Report
• Utilize eDiscovery templates to identify types of personal data
• Easily find, classify, set policies on and manage data with Advanced Data Governance
Identify personal data
Control access
Safeguard environment
Set retention policies
Respond to threats
Transparency assurances
Classify content
Record-keeping
• Use Advanced eDiscovery to export and/or delete personal data from Exchange, SharePoint, etc.
• Archive and preserve content across your Office 365 systems
• Automatically protect against accidental disclosure by enforcing policy on sensitive data
• Protect email from today’s sophisticated malware attacks with Advanced Threat Protection
• Prevent sensitive records from being used by unauthorized users with Data Loss Protection
• Proactively uncover and protect against advanced threats and risks with Threat Intelligence and Advanced Security Management
• Conduct risk assessments using built-in tools in the Service Assurance Dashboard
• Track and report on user activities with detailed Audit Logs
Discover Manage Protect Report
• Quickly identify sensitive data across your environment with Azure Information Protection
• Discover cloud apps in your environment
• Gain deeper visibility into user activity
Identify personal data
Protect data, identities, devices &
apps
Detect threats & remediate
Gain rich logging & reporting
• Deliver consistent data protection with Azure Information Protection
• Protect personal data with risk-based conditional access and Privileged Identity Management
• Protect data in mobile devices and mobile apps with Microsoft Intune
• Detect data breaches with behavioral analytics and anomaly detection technologies
• Gain rich logging and reporting to analyze how sensitive data is distributed
• Monitor activities on shared data and revoke access in unexpected events with Azure Information Protection
Classify & label data
• Define a classification scheme for better data manageability
• Use Azure Information Protection to configure policies for classifying, labeling and protecting personal data
Discover Manage Protect Report
• Easily query databases to uncover personal data
• Tag data with sensitivity labels using Extended Properties
Identify and track
personal data
Safeguard data
Respond to breaches
• Encrypt data whether at rest, in transit or in client applications
• Track and log database events to identify potential threats or security violations
• Use continuously learning algorithms to identify unusual or suspicious activity
• Track and report on all database activities with granularly configurable auditing
• Securely authenticate to your database and apply granular authorization policies
• Restrict access to users using Dynamic Data Masking and Row-Level Security
Control access
Record-keeping
Discover Manage Protect Report
• Create reports that uncover personal data
• Discover, analyze and visualize personal data using Power BI
Record-keeping
• Securely manage access to your data by roles, applications and other resources
• Classify data and protect against accidental disclosure
• Protect data by limiting access based on user roles
• Restrict access to specific high-impact fields or records
• Monitor service health and stay-up-to-date on the latest security updates
• Explore Microsoft’s comprehensive documentation on Dynamics 365’s compliance, security, privacy and trust offerings
Discover Manage Protect Report
Define access privileges
Monitor service status
Control access
Classify content
Identify personal data
• Uncover personal data on local and connected machines
Locate personal data
Safeguard environment
Respond to threats
Record-keeping
• Move from password to more secure forms of authentication
• Protect devices with both detection-based solutions and secure-by-design techniques
• Prevent data from leaking to unauthorized documents or locations
• Easily detect, investigate, contain and respond to data breaches on your network
• Audit detailed user and application actions to meet reporting auditing requirements
• Utilize sample search expression and rules to ease compliance requirements
Meet compliance
requirements
Discover Manage Protect Report