SECURE COLLABORATION: START CLASSIFYING, LABELING, AND PROTECTING YOUR (MOST VALUABLE) DATA

Bram de Jager Lead Architect

Challenges with the complex environment

Employees

Business partners

Customers

Apps

Devices

Data

Users

Data leaks

Lost device

Compromised identity

Stolen credentials

The problem is ubiquitous

Intellectual Property theft has

increased

56% rise data theft

Accidental or malicious breaches due to lack of internal controls

88% of organizations are Losing control

of data

80% of employees admit to

use non-approved SaaS app 91% of breaches could have

been avoided

Organizations no longer confident in their ability to detect and prevent threats

Saving files to non-approved cloud storage apps is common

Unregulated, unknown

Managed mobile environment

On-premises

Perimeter protection

Identity, device management protection

Hybrid data = new normal

It is harder to protect

DOCUMENT

TRACKING

DOCUMENT

REVOCATION

Monitor &

respond

LABELINGCLASSIFICATION

Classification

& labeling

ENCRYPTION

Protect

ACCESS

CONTROLPOLICY

ENFORCEMENT

Azure InformationProtection

Full Data

LifecycleDOCUMENT

TRACKING

DOCUMENT

REVOCATION LABELING

CLASSIFICATION

ENCRYPTION

ACCESS

CONTROL

POLICY

ENFORCEMENT

SECRET

CONFIDENTIAL

GENERAL

PUBLIC

IT admin sets policies,

templates, and rules

PERSONAL

Classify data based on sensitivity

Start with the data that is most sensitive

IT can set automatic rules; users can complement it

Associate actions such as visual markings and protection

Reclassification

You can override a

classification and

optionally be required

to provide a justification

Automatic

Policies can be set by IT

Admins for automatically

applying classification and

protection to data

Recommended

Based on the content you’re

working on, you can be

prompted with suggested

classification

User set

Users can choose to apply a

sensitivity label to the email

or file they are working on

with a single click

%##&$^#*!~@&

FINANCE

CONFIDENTIAL

%$^#*@&

Persistent labels that travel with the document

Labels are metadata written to

documents

Labels are in clear text so that other

systems such as a DLP engine can

read it and a hash of policies, rules,

and user information

VIEW EDIT COPY PASTE

Email attachment

FILE

Protect data needing protection by:

Encrypting data

Including authentication requirement and a

definition of use rights (permissions) to the data

Providing protection that is persistent and travels

with the data

Personal apps

Corporate apps

DEMO

SET AN INFORMATION

PROTECTION

PLATFORM FOR YOUR

BUSINESS - IN MINUTES

DEMO – SCENARIOS

Manual and default labels

Label action: content marking & RMS protection

Conditions: automatic & recommended

Setting your information protection policy in minutes (administration experience)

USING VARIABLES IN VISUAL MARKINGS

${Item.Label} for the selected label. For example: Internal

${Item.Name} for the file name or email subject. For example: JulySales.docx

${Item.Location} for the path and file name for documents, and the email subject for emails. For example:

\\Sales\2016\Q3\JulyReport.docx

${User.Name} for the owner of the document or email, by the Windows signed in user name. For example:

rsimone

${User.PrincipalName} for the owner of the document or email, by the Azure Information Protection client

signed in email address (UPN). For example: rsimone@vanarsdelltd.com

${Event.DateTime} for the date and time when the selected label was set. For example: 8/16/2016 1:30 PM

15

WRAP-UP

AZURE INFORMATION PROTECTION PREMIUM P1/P2

Feature Azure Information

Protection

Premium P1

(EMS E3)

Azure Information

Protection

Premium P2

(EMS E5)

Manual labeling (user driven) Yes Yes

View labels and watermarks in Office Yes Yes

Apply content marking and RMS protection in Office Yes Yes

Automatic and recommended labeling (conditions) Yes

Classification, labeling and protection with MCAS Yes

HYOK (Hold your own key – multi RMS server support) Yes

ROADMAP - H2 CY17 H1 CY18

Unified Classification and Labeling

across Microsoft 365 solutions

(preview)

Native labeling in Office Mac (preview)

AIP scanner for on-premises file shares

(preview)

AIP convergence to 80+ sensitive

information types used in Office 365

Information Protection SDK on Mac,

Windows, Linux (preview)

Native Labeling experience in Word,

PowerPoint & Excel on Max, iOS, Android and

web apps

More automatic DLP integrations with labels

Information Protection SDK on Mac,

Windows, Linux, iOS, Android

KEY TAKEAWAYS

Azure Information Protection is about (Detect), Classify, Label, Protect, and Monitor

& Respond

Helps your organization to understand and really use business information

protection based on data classification

Think about compliancy for the General Data Protection Regulation (GDPR), which

is active as off May 25th 2018

THANK YOU!

@bramdejager

bram.dejager@delaware.pro

bramdejager.wordpress.com