• Like

Learning about Security and Compliance in Office 365

  • 75 views
Uploaded on

You will learn: …

You will learn:
The type of businesses that are well suited for a move to the cloud
How to decide when you should make the move to the cloud
Ways the cloud can help your business meet government compliance recommendations
How storing your data in the cloud can be even more secure than storing them on premises
Why Microsoft's datacenter can be more secure than your companies datacenter
A unified discovery center for all of the following:
E-mail (Exchange)
Documents (SharePoint)
IM/Chat (Lync)

More in: Software
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
75
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
3
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Aptera Presents: Security and Compliance in Office 365 Mark Gordon Enterprise Architect How storing your data in the cloud can be even more secure than storing them on premises
  • 2. Agenda • Businesses Security and Compliance needs • Office 365 Security and Compliance • Demonstration of Compliance Capabilities • Next Steps
  • 3. Common Examples of Compliance Regulations Transparency/Audit • 21 CFR Part 11 AuditTrail • SEC • SAS 70Type I andType II Privacy/Non Disclosure •HIPAA •ITAR •FISMA •FERPA •EU model clauses •Gramm-Leach-Blily Legal • Hold and E Discovery • Three common types of compliance concerns • Most businesses will have some of all three • Office 365 can be part of compliant solutions for these regulations
  • 4. Common Compliance Requirements that can be met in Office 365 SeeTHIS link for a framework to build your compliance plan Healthcare • HIPAA • FISMA • Legal Discovery • 21 CFR Part 11 AuditTrail HighTech/Manufacturing • ITAR • ISO 27001 • Legal Discovery • EU Model Clauses Finance • PCI • Gramm–Leach–Bliley Act • Legal Discovery • Internal/External Audit • Compliance starts with and is most importantly corporate policy • Compliance is implemented through IT systems • If your technology is not compliant you are not compliant • Just because your technology is compliant does not make you compliant
  • 5. Office 365Trust Center – http:trustoffice365.com Office 365 Compliance • HIPAA Business Associate Agreement • ISO 27001 • EU Model Clauses • DPA-Data Processing Agreement • FISMA • ITAR • FERPA • External Audit
  • 6. Office 365 Security • Modular Datacenters – No access to individual computing components – Very small IT staff onsite • PhysicalAccess Controls – Biometric – RFID – Location known and recorded at all times • Physical Security • Redundancy and Disaster Recovery • Network
  • 7. SecurityThreats and Countermeasures Threats • Stolen Password • Data Leakage • UnsecureTransport • Lost Devices – Computer – Mobile – USB Drive • Disk Failures • Internal theft of Data • Blind Subpoena • DOS / Unavailability Countermeasures • Two FactorAuthentication • Mail Encryption • DLP Policy • Remote DeviceWipe • Hard Drive Encryption • Portable File Encryption • Redundant Storage • Physical and Employee Security • Encryption inTransit • Encryption at Rest • Throttling / 99.98 quarterly uptime
  • 8. Protecting from Stolen Passwords: Multi-factor Authentication Implementation • Built in to Office 365 • Works with your locally managed AD accounts • Simple to implement • Implement forGlobal Administrators or any other users who have access to high risk information • User can change 2nd factor method Requirements • Access to phone or mobile device • Options – Text – Application – Phone Call
  • 9. Multi-factor Authentication Demo
  • 10. Protecting e-mail and documents in transit: Encryption Options • E-mail – Office 365 Mail Encryption – TLSTransport Rules • Documents/Communications – All client traffic encrypted • Lync • Outlook • Office • Browser • Encrypted mail is hosted on a web server from the Microsoft Datacenter • Recipients get e-mail with a link to the message • TLS is easier for the recipient and can be secure
  • 11. DLP - Encrypted E-mail andTLS Demo
  • 12. Protecting against lost or stolen devices Device Security Policy • Device Password • Remote DeviceWipe • Bad Password Count Lockout • Bad Password Count Reset RemoteWipe • Can be done from any browser by the device owner or an administrator
  • 13. Remote DeviceWipe Demo
  • 14. Protecting Files on any media or device Information Rights Management • Portable Encryption – Works on any device or storage medium • Access to document can be revoked – Person leaves company or project – Document can expire • Granular access rights – Read – Copy – Print – Forward
  • 15. Portable File Encryption Demo
  • 16. E-Discovery – Hold – Retention Policy E-Discovery • DiscoveryAgents • Email, Documents, Lync • Search options • Exporting results In Place Hold • By search criteria • Mailbox legal hold – Retention period Retention Policy • Defines when items are destroyed or moved • Can be managed by user and/or set by policy
  • 17. Discovery-Hold-Retention Demo
  • 18. Encryption at Rest BYOE – BringYour Own Encryption Provider Encryption at Rest • Protects against – Physical access to disks • Does not protect against – Blind Subpoena – Programmatic Access to your Data – Administrator Access to your Data • Native Support for – Read/Write – Search and Index – Remote Access BYOE • Protects against – Physical access to disks – Blind Subpoena – Programmatic Access to your Data – Administrator Access to your Data • Must Allow Support for – Read/Write – Search and Index – Remote Access
  • 19. BYOE Architecture e-mail From: Mia To:Vincent Vincent, attached is the customer’s SSN and Credit- Card information. From: Mia To:Vincent 躎疓拺鴵鍔漼軴唺傖듌鐴 給섐럑蜖虝私乴諡䂸䄙舅 矇潹솴湶썙鑡㨜争껎㾔뻚 From: Mia To:Vincent 躎疓拺鴵鍔漼軴唺傖듌鐴 給섐럑蜖虝私乴諡䂸䄙舅 矇潹솴湶썙鑡㨜争껎㾔뻚 From: Mia To:Vincent Vincent, attached is the customer’s SSN and Credit- Card information. From: Mia To:Vincent 躎疓拺鴵鍔漼軴唺傖듌鐴 給섐럑蜖虝私乴諡䂸䄙舅 矇潹솴湶썙鑡㨜争껎㾔뻚
  • 20. Action Plan Identify Owners for • Document/mail retention • Legal Hold/Discovery • Compliance • Security Policy • Disaster Recovery Define your Corporate • Compliance requirements • Security Policy • Retention Policy • Legal/Discovery-Hold Policy • Disaster Recovery Plan Match against currently systems • Compliance capabilities • Security capabilities • Retention capabilities • Legal/Discovery-Hold capabilities Evaluate Office 365 Capabilities • Compliance • Security • Availability/Recovery • Retention • Legal
  • 21. Next Step: Free Aptera Compliance and Security Strategy Review SurfaceWinner! Questions? Email: secure@apterainc.com Phone: 260-739-1949
  • 22. References • Free 30 day Office 365Trial • Office 365 Service Updates • Office 365 Service Descriptions • Office 365 Privacy, Security and Compliance • Office 365 security white paper