Edge Pereiraedge@superedge.net

Our Agenda for Today (plan)

• Data Loss Prevention• eDiscovery• Auditing• Document Fingerprinting• Encrypted Emails

Source: Gartner Report: IT Governance, Risk, and Compliance Management Solutions, http://www.gartner.com/resId=1884814

“Faced with never-ending and expanding regulatory and industry mandates, organizations invest tremendous amounts of energy on audit, compliance, controls, and (in some cases) risk management. At the same time, they seek to free staff resources from mundane tasks such as evidence gathering and simple reporting.”

“By far, the most common record type exposed in 2014 were passwords, followed by usernames, email addresses, and PII (name, address, SSN, DOB, phone number, etc.)…”

1 BillionCriminals are starting to favor PII over financial information, because it's easier to sell and leverage

Source: http://www.cio.com/article/2848593/data-breach/nearly-a-billion-records-were-compromised-in-2014.html

Records Compromised in 2014

Why are we here?

Compliance – What is it?

Why do we need to take compliance seriously?

So what is Microsoft doing?

eDiscovery

Auditing

Encryption

Information Management

Policies

Records Management

Two faces of compliance in Office 365

Built-in Office 365 capabilities (global compliance)

Customer controls for compliance/internal policies

• Access Control

• Auditing and Logging

• Continuity Planning

• Incident Response

• Risk Assessment

• Communications Protection

• Identification and Authorisation

• Information Integrity

• Awareness and Training

• Data Loss Prevention

• Archiving

• eDiscovery

• Encryption

• S/MIME

• Legal Hold

• Rights Management

In practise, it looks like this

What does your organisation get?

•

•

•

•

•

•

So what does all that boil down to for ITPro’s?

It is all about customer controls!

Remembering

“A control is a process, function, in fact anything that supports maintaining compliance”

Lets look at Office 365 customer controls

Identify Monitor Protect Educate

Data Loss Prevention

50%Of the IT organizations will use security services firms that specialize in data protection, security risk management and security infrastructure management to enhance their security postures

Source: http://www.gartner.com/newsroom/id/2828722

By 2018, Data Leakage Protection

What is meant by Data Loss Prevention?

in-use (endpoint actions) in-motion (network traffic) at-rest (data storage)

[1] http://en.wikipedia.org/wiki/Data_loss_prevention_software

“Quotation...”Good definition

http://csrc.nist.gov/groups/SNS/rbac/documents/data-loss.pdf

In-use controls (end-point)

• Operating System and Apps fully patched and up to date • End-point security tools installed and correctly configured• Firewall enabled and correctly configured• Access to required applications only• Access to “need to know” data• Compliance Adherence Monitoring

At-rest controls

Country PII Financial Health

USAUS State Security Breach Laws,US State Social Security Laws, COPPA

GLBA & PCI-DSS (Credit, Debit Card, Checking andSavings, ABA, Swift Code)

Limited Investment: US HIPPA, UK Health Service,Canada Health Insurance card

Rely on Partners and ISVs

GermanyEU data protection,Drivers License, Passport National Id

EU Credit, Debit Card,IBAN, VAT, BIC, Swift Code

UKData Protection Act,UK National Insurance, Tax Id, UKDriver License, Passport

EU Credit, Debit Card,IBAN, BIC, VAT, Swift Code

CanadaPIPED Act,Social Insurance, Drivers License

Credit Card,Swift Code

France

EU data protection, Data Protection Act,National Id (INSEE),Drivers License, Passport

EU Credit, Debit Card,IBAN, BIC, VAT,Swift Code

JapanPIPA, Resident Registration, Social Insurance, Passport, Driving License

Credit Card,Bank Account,Swift Code

Establishing DLP

•

•

•

Australian sensitive information types provided by Microsoft

• Bank Account Number• Driver's License Number• Medicare Account

Number• Passport Number• Tax File Number

DEMO: Data Loss Prevention

eDiscovery

What do we means by eDiscovery?

[2] Wikipedia (http://en.wikipedia.org/wiki/Electronic_discovery)

eDiscovery Process

Find relevant content (documents, emails, Lync conversions)DISCOVERY

PRESERVATION

Place content on legal hold to prevent content modificationand/or removal

Collect and send relevant content for processing

Prepare files for review

PRODUCTION

REVIEW

Lawyers determine which content will be supplied to opposition

Provide relevant content to opposition

COLLECTION

PROCESSING

Office 365 eDiscovery Centre

In-place Hold

Find what you need

•

•

Export for action

eDiscovery Considerations

• Recoverable Items quotas separate from mailbox quotas and need to be monitored

• In-Place Hold vs. Single Item Recovery vs. Retention Hold• Hybrid data sources

eDiscovery Reports

Important Benefits

• Centrally managed proactive enforcement

• Reduced collection touch points

• Consistent and repeatable

• Transparent to users

• Minimises the need for offline copies, until they are needed

• Instantly searchable/exportable

DEMO: eDiscovery

Auditing

Reporting and Auditing

SharePoint – Auditing Features

SharePoint Audit Reports

DEMO: Document Fingerprinting

DEMO: Encrypted Email

Q & A

Wrap Up

• Data Loss Prevention• eDiscovery• Auditing• Document Fingerprinting• Encrypted Emails

Edge Pereiraedge@superedge.net

www.facebook.com/edgepmo

www.twitter.com/superedge

www.superedge.net

Learn More

TechEd 2014 Office 365 Security and Compliance

https://channel9.msdn.com/Events/TechEd/Australia/2014/OSS304

Office 365 Trust Centrehttp://office.microsoft.com/en-au/business/office-365-trust-center-cloud-computing-security-FX103030390.aspx

Office Blogshttp://blogs.office.com/2013/10/23/cloud-services-you-can-trust-security-compliance-and-privacy-in-office-365/

Governance, risk management, and compliance

http://en.wikipedia.org/wiki/Governance,_risk_management,

_and_compliance

Office 365 Service Descriptions

http://technet.microsoft.com/en-

us/library/jj819284%28v=technet.10%29

Useful Links

DLP extensibility points

Content Analysis Process

Content analysis process

Joseph F. FosterVisa: 4485 3647 3952 7352Expires: 2/2012

Get Content

4485 3647 3952 7352 a 16 digit number is detected

RegEx Analysis

1. 4485 3647 3952 7352 matches checksum2. 1234 1234 1234 1234 does NOT match

Function Analysis

1. Keyword Visa is near the number2. A regular expression for date (2/2012)

is near the number

AdditionalEvidence

1. There is a regular expression that matches a check sum

2. Additional evidence increases confidenceVerdict

Office 365 Message Encryption – Encrypt messages to any SMTP address

Information Rights Management – Encrypt content and restrict usage; usually within own organization or trusted partners

S/MIME – Sign and encrypt messages to users using certificates

Encryption Solutions in Office 365

Registry Key Outlook Client