SPUnite17 Secure Collaboration with AIP
-
Upload
nccomms -
Category
Technology
-
view
59 -
download
4
Transcript of SPUnite17 Secure Collaboration with AIP
SECURE COLLABORATION: START CLASSIFYING, LABELING, AND PROTECTING YOUR (MOST VALUABLE) DATA
Bram de Jager Lead Architect
Challenges with the complex environment
Employees
Business partners
Customers
Apps
Devices
Data
Users
Data leaks
Lost device
Compromised identity
Stolen credentials
The problem is ubiquitous
Intellectual Property theft has
increased
56% rise data theft
Accidental or malicious breaches due to lack of internal controls
88% of organizations are Losing control
of data
80% of employees admit to
use non-approved SaaS app 91% of breaches could have
been avoided
Organizations no longer confident in their ability to detect and prevent threats
Saving files to non-approved cloud storage apps is common
Unregulated, unknown
Managed mobile environment
On-premises
Perimeter protection
Identity, device management protection
Hybrid data = new normal
It is harder to protect
DOCUMENT
TRACKING
DOCUMENT
REVOCATION
Monitor &
respond
LABELINGCLASSIFICATION
Classification
& labeling
ENCRYPTION
Protect
ACCESS
CONTROLPOLICY
ENFORCEMENT
Azure InformationProtection
Full Data
LifecycleDOCUMENT
TRACKING
DOCUMENT
REVOCATION LABELING
CLASSIFICATION
ENCRYPTION
ACCESS
CONTROL
POLICY
ENFORCEMENT
SECRET
CONFIDENTIAL
GENERAL
PUBLIC
IT admin sets policies,
templates, and rules
PERSONAL
Classify data based on sensitivity
Start with the data that is most sensitive
IT can set automatic rules; users can complement it
Associate actions such as visual markings and protection
Reclassification
You can override a
classification and
optionally be required
to provide a justification
Automatic
Policies can be set by IT
Admins for automatically
applying classification and
protection to data
Recommended
Based on the content you’re
working on, you can be
prompted with suggested
classification
User set
Users can choose to apply a
sensitivity label to the email
or file they are working on
with a single click
%##&$^#*!~@&
FINANCE
CONFIDENTIAL
%$^#*@&
Persistent labels that travel with the document
Labels are metadata written to
documents
Labels are in clear text so that other
systems such as a DLP engine can
read it and a hash of policies, rules,
and user information
VIEW EDIT COPY PASTE
Email attachment
FILE
Protect data needing protection by:
Encrypting data
Including authentication requirement and a
definition of use rights (permissions) to the data
Providing protection that is persistent and travels
with the data
Personal apps
Corporate apps
DEMO
SET AN INFORMATION
PROTECTION
PLATFORM FOR YOUR
BUSINESS - IN MINUTES
DEMO – SCENARIOS
Manual and default labels
Label action: content marking & RMS protection
Conditions: automatic & recommended
Setting your information protection policy in minutes (administration experience)
USING VARIABLES IN VISUAL MARKINGS
${Item.Label} for the selected label. For example: Internal
${Item.Name} for the file name or email subject. For example: JulySales.docx
${Item.Location} for the path and file name for documents, and the email subject for emails. For example:
\\Sales\2016\Q3\JulyReport.docx
${User.Name} for the owner of the document or email, by the Windows signed in user name. For example:
rsimone
${User.PrincipalName} for the owner of the document or email, by the Azure Information Protection client
signed in email address (UPN). For example: [email protected]
${Event.DateTime} for the date and time when the selected label was set. For example: 8/16/2016 1:30 PM
15
WRAP-UP
AZURE INFORMATION PROTECTION PREMIUM P1/P2
Feature Azure Information
Protection
Premium P1
(EMS E3)
Azure Information
Protection
Premium P2
(EMS E5)
Manual labeling (user driven) Yes Yes
View labels and watermarks in Office Yes Yes
Apply content marking and RMS protection in Office Yes Yes
Automatic and recommended labeling (conditions) Yes
Classification, labeling and protection with MCAS Yes
HYOK (Hold your own key – multi RMS server support) Yes
ROADMAP - H2 CY17 H1 CY18
Unified Classification and Labeling
across Microsoft 365 solutions
(preview)
Native labeling in Office Mac (preview)
AIP scanner for on-premises file shares
(preview)
AIP convergence to 80+ sensitive
information types used in Office 365
Information Protection SDK on Mac,
Windows, Linux (preview)
Native Labeling experience in Word,
PowerPoint & Excel on Max, iOS, Android and
web apps
More automatic DLP integrations with labels
Information Protection SDK on Mac,
Windows, Linux, iOS, Android
KEY TAKEAWAYS
Azure Information Protection is about (Detect), Classify, Label, Protect, and Monitor
& Respond
Helps your organization to understand and really use business information
protection based on data classification
Think about compliancy for the General Data Protection Regulation (GDPR), which
is active as off May 25th 2018
THANK YOU!
@bramdejager
bramdejager.wordpress.com