Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security and compliance in Office 365 -Part 1

173 views

Published on

Security and compliance in Office 365 -Part 1

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Security and compliance in Office 365 -Part 1

  1. 1. Security and Compliance in Office 365 – Part 1 ReinventingProductivity:Trust By Vignesh Ganesan – Technical Manager (SharePoint & Office 365)
  2. 2. Welcome
  3. 3. @sharepointnerd vignesh.ganesan.14 /Vignesh Ganesan vigganesan89@gmail.com https://vigneshsharepointthoughts.com Active Blogger on C Sharp Corner , European SharePoint Community, Collab 365 & HubFly Blogsite Organizer of SharePoint & Office 365 nerds meetup group - Bangalore Who’s this guy? Vignesh Ganesan Technical Manager-SharePoint & Office 365
  4. 4. This evening , we will discuss …  Understanding the Threat Landscape  Office 365 & Digital Transformation  What’s a Modern Workplace?  What’s the problem that we’re currently facing in a cloud first mobile first world ?  Office 365 -Defense in depth multi-dimensional approach to customer environment  Office 365 – Security and Compliance offerings  CASB-Cloud Access Security Broker  SIEM vs MDR vs CASB  Recap  Conclusion
  5. 5. Which one is the hacker?
  6. 6. Office 365 Helps Lead This Transformation
  7. 7. The Modern Workplace The Classic Workplace The Digital Transformation
  8. 8. What does a Modern Workplace look like ?
  9. 9. What about security?
  10. 10. IN THE PAST, THE FIREWALL WAS THE SECURITY PERIMETER devices datausers apps On-premises / Private cloud
  11. 11. On-premises
  12. 12. THE PROBLEM The security organizations need must be integrated with the productivity tools user use Productivity Security On-premises OR It’s a delicate balance
  13. 13. Information Rights Management The market is segmented and confusing Mobile Device & Application Management Cloud Access Security Broker SIEM Data Loss Prevention User & Entity Behavioral Analytics Mobile Data Loss Prevention Threat Detection Identity governance Single- sign on Cloud Data Loss Prevention Conditional access Discovery Cloud visibility Secure collaboration Cloud anomaly detection Identity & Access Management The market is segmented and confusing
  14. 14. Identity & Access Management Mobile Device & Application Management Data Loss Prevention User & Entity Behavioral Analytics Cloud Access Security Broker Information Rights Management Protect at the front door Detect & remediate attacks Protect your data anywhere Cloud Access Security Broker Mobile Device & App Management Identity & Access Management User & Entity Behavioral Analytics Data Loss Prevention Information Protection
  15. 15. Mobile-first, cloud-first reality Mobile devices 72% of the U.S. workforce will be mobile by 2020, relying on devices other than their laptop to be productive. 72% 1/3 Shadow IT By 2022, a third of successful attacks experienced by enterprises will be on their shadow IT resources. Data breaches 63% of confirmed data breaches involved weak, default, or stolen passwords. 63%
  16. 16. Let’s get into the details now ….
  17. 17. DEFENSE IN DEPTH MULTI-DIMENSIONAL APPROACH TO CUSTOMER ENVIRONMENT Physical controls, video surveillance, access control Edge routers, firewalls, intrusion detection, vulnerability scanning Dual-factor authentication, intrusion detection, vulnerability scanning Access control and monitoring, anti-malware, patch and configuration management Secure engineering (SDL), access control and monitoring, anti-malware Account management, training and awareness, screening Threat and vulnerability management, security monitoring, and response, access control and monitoring, file/data integrity, encryption Facility Network perimeter Internal network Host Application Admin Dat a
  18. 18. Always Available Near your users Always Secured
  19. 19. PHYSICAL SECURITY Perimeter security Fire Suppression Multi-factor authentication Extensive monitoring Seismic bracing 24x7 onsite security staff Days of backup power Tens of thousands of servers
  20. 20. NETWORK Backend server and storage Front end server storage Firewall Layer of separation Edge router protection User
  21. 21. HOST/APPLICATION
  22. 22. ‘LOCK BOX’ ZERO ACCESS PRIVILEGE & ROLE BASED ACCESS Grants least privilege required to complete task. Verify eligibility by checking if 1. Background check completed 2. Fingerprinting completed 3. Security training completed Request Approve Request with reason Zero standing privileges Temporar y access granted Manager Just in time access High entropy passwords
  23. 23. Administrators Automatic account deletion Unique accounts Zero access privileges Security Development Cycle Annual training Background checks Screening
  24. 24. Data Customer data isolation Data encryption Operational best practices
  25. 25. CUSTOMER DATA ISOLATION Customer A Designed to support logical isolation of data that multiple customers store in same physical hardware. Intended or unintended mingling of data belonging to a different customer/tenant is prevented by design using Active Directory organizational units 28 Customer B
  26. 26. Data at Rest Disks encrypted with Bitlocker Encrypted shredded storage Data in-transit SSL/TLS Encryption Client to Server Server to Server Data center to Data center( for DR purposes ) AES 265 User Encryption
  27. 27. ENCRYPTED SHREDDED STORAGE A B C D Key Store A B C D Content DB A B C D E
  28. 28. Intelligence powered insights Reduce total cost of ownership Protection beyond Office 365 Areas of Focus
  29. 29. Security & Compliance Center Office 365 Cloud App Security Data Loss Prevention Office Message Encryption Exchange Online Protection Office 365 Advanced Threat Protection Office 365 Threat Intelligence Advanced Data Governance Advanced eDiscovery Compliance Manager Office 365 Security & Compliance Offerings * = new and updated capabilities
  30. 30. With A Focus on Addressing Cyber Threats 4 billion 39 seconds3 $6 trillion 1.37 billion With A Focus on Addressing Cyber Threats
  31. 31. Office 365 Security and Compliance Center Powerful for experts, and simple for generalists to use Scenario oriented workflows with cross-cutting policies spanning features Powerful content discovery across Office 365 workloads Proactive suggestions leveraging Microsoft Security Intelligence Graph NEW Reports with issue call out and recommended remediation's NEW Configuration improvement suggestions NEW More alerts and digest reports
  32. 32. Office 365 Advanced Threat Protection Office 365 Advanced Threat Protection secures your entire Office 365 environment from today’s most advanced and sophisticated threats
  33. 33. effectiveness latency 2014 AV Engines = 3rd Party Threat Protection = Office 365 ATP 100% 0% Safe Attachments Safe Links 20152016 Heuristic Clustering Reputation Blocking Zero-Hour Auto-purge Safe Links for Office Clients Office 365 Malicious Content Detection Linked Content Detonation slow fast Dynamic Email Delivery 2017 Type Blocking Document Preview Enhanced URL Detonation Phish ML Models Threat Intelligence Malware Phish Quarantines Intelligent Security Graph H2 ATP for files in SPO, ODB, and Teams Outlook Native Link Rendering Explorer Internal Safe Links WDAV+WDATP Endpoint Protection
  34. 34. Threat Intelligence Office 365 hosts one of the largest enterprise email services and productivity suites in the world, and manages content created on millions of devices. In the course of protecting this information, Microsoft has built a vast repository of threat intelligence data, and the systems needed to spot patterns that correspond to attack behaviors and suspicious activity. Threat Intelligence leverages the Microsoft Intelligent Security Graph, which analyzes billions of data points from Microsoft global data centers, Office clients, email, user authentications, signals from our Windows and Azure ecosystems and other incidents that impact the Office 365 ecosystem. NEW Threat Tracker NEW Threat Trend Insights NEW New real-time activity (user/content) intelligence
  35. 35. Data Loss Prevention Detect sensitive information across Office 365 Choose from 80+ sensitive information types – or create your own Customize policies, exclusions and actions Block accidental sharing and educate users View and monitor reports, alerts, events NEW Custom sensitive information types NEW HIPAA sensitive information types NEW Large dictionary support
  36. 36. Detect ProtectClassify Monitor C L O U DD E V I C E S O N P R E M I S E S Scan & detect sensitive data based on policy Classify data and apply labels based on sensitivity Apply protection actions, including encryption, access restrictions Reporting, alerts, remediation Azure Information Protection Comprehensive protection of sensitive data throughout the lifecycle – inside and outside the organization
  37. 37. Data governance challenges In the modern world of digital communication, the amount of electronic data grows exponentially, leading the company to do a daunting job of deciding what to keep and what not to keep – not to expose their organizations to unwanted risks without proactive data retention policies.
  38. 38. What is Data Governance ?in Office 365? Advanced data governance enables our customers to achieve organizational compliance by intelligently leveraging machine assisted insights to find, import, classify, set policy and take action on the data that is most important to them IT Administrator Compliance Officer Records Manager Information Worker Building Blocks of Office 365 Data Governance: Personas of Office 365 Data Governance:
  39. 39. Office 365 Data Governance framework Import • Intelligent import of on-premises Microsoft and 3rd party data Classification, Policy & Sensitive Types • Manual and auto- classification of content to apply right governance policies Retention, Archival & Disposition • System enforced lifecycle, disposition workflows and defensible deletion process Dashboard, Insights & Reporting • Monitoring, reports and intelligent trend identification and suggestions Audit, Supervision & Defensibility • Data investigations, forensics, automated audit alerts and notifications
  40. 40. Secure Score Insights into your security position One place to understand your security position and what features you have enabled. Guidance to increase your security level Learn what security features are available to reduce risk while helping you balance productivity and security.
  41. 41. Microsoft 365 provides an information protection strategy to help with the GDPR
  42. 42. Compliance Manager An intelligent score assessing your compliance posture against evolving regulations Recommended actions to improve your data protection capabilities Streamlined workflow and audit-ready reports Compliance Manager Preview is a dashboard that provides a summary of your data protection and compliance stature and recommendations to improve data protection and compliance. This is a recommendation, it is up to you to evaluate its effectiveness in your regulatory environment prior to implementation. Recommendations from Compliance Manager Preview should not be interpreted as a guarantee of compliance.
  43. 43. Employees want to work from mobile devices
  44. 44. Intune helps with that
  45. 45. Microsoft Enterprise Mobility + Security Apps Risk MICROSOFT INTUNE Make sure your devices are compliant and secure, while protecting data at the application level AZURE ACTIVE DIRECTORY Ensure only authorized users are granted access to personal data using risk-based conditional access MICROSOFT CLOUD APP SECURITY Gain deep visibility, strong controls and enhanced threat protection for data stored in cloud apps AZURE INFORMATION PROTECTION Classify, label, protect and audit data for persistent security throughout the complete data lifecycle MICROSOFT ADVANCED THREAT ANALYTICS Detect breaches before they cause damage by identifying abnormal behavior, known malicious attacks and security issues ! Device ! Access granted to data CONDITIONAL ACCESS Classify LabelAudit Protect ! ! Location
  46. 46. IF Privileged user? Credentials found in public? Accessing sensitive app? Unmanaged device? Malware detected? IP detected in Botnet? Impossible travel? Anonymous client? High Medium Low User risk 10TB per day THEN Require MFA Allow access Deny access Force password reset****** Limit access High Medium Low Session risk CONDITIONAL ACCESS
  47. 47. Bengaluru Airport 3 hours Layoff at Amsterdam Airport Frankfurt Airport My Hotel An illustration of how your data follows you with Office 365 :
  48. 48. CASB – Cloud Access Security Broker :  A CASB helps IT departments monitor cloud service usage and implement centralized controls to ensure that cloud services are used securely. What does a CASB do? CASBs provide a solution to many of the security problems posed by the use of cloud services – both sanctioned and unsanctioned. They do this by interposing themselves between end users – whether they are on desktops on the corporate network or on mobile devices connecting using unknown networks – or by harnessing the power of the cloud provider's own API. Gartner suggests that CASBs should offer organizations:  Visibility into cloud usage throughout the organization  A way to ensure and prove compliance with all regulatory requirements  A way to ensure that data is stored securely in the cloud  A satisfactory level of threat protection to ensure that the security risk of using the cloud is acceptable
  49. 49. Six CASB vendors to consider
  50. 50. Microsoft Cloud App Security Discover and assess risks Control access in real time Detect threats Protect your information Identify cloud apps on your network, gain visibility into shadow IT, and get risk assessments and ongoing analytics. Manage and limit cloud app access based on conditions and session context, including user identity, device, and location. Identify high-risk usage and detect unusual behavior using Microsoft threat intelligence and research. Get granular control over data and use built-in or custom policies for data sharing and data loss prevention. Threat detection: Microsoft Intelligent Security Graph, Office ATP Information Protection: Office 365 & Azure Information Protection Identity: Azure AD and Conditional Access To your cloud appsExtend Microsoft security + more
  51. 51. A comprehensive, intelligent security solution that extends the visibility, real-time control, and security you have in your on-premises network to your cloud applications ControlDiscover Protect
  52. 52. SIEM –Security Incident Event Management
  53. 53. MDR-Managed Detection and Response
  54. 54. Customer Lockbox in Office 365
  55. 55. Microsoft Enterprise Mobility + Security Technology Benefit E3 E5 AzureActive Directory PremiumP1 Secure single sign-on to cloud and on-premises app MFA, conditional access, and advanced security reporting ● ● AzureActive Directory PremiumP2 Identity and access management with advanced protection for users and privileged identities ● MicrosoftIntune &ConfigMgr Mobile device, app, and PC management to protect company apps and data ● ● AzureInformationProtectionP1 Encryption for all files and storage locations Cloud-based file tracking ● ● AzureInformationProtectionP2 Intelligent classification and encryption for files shared inside and outside your organization ● MicrosoftCloudAppSecurity Enterprise-grade visibility, control, and protection for your cloud applications ● MicrosoftAdvancedThreat Analytics Protection from advanced targeted attacks leveraging user and entity behavioral analytics ● ● Identity and access management Unified Endpoint Management Information protection Threat protection EMS –Licensing Details
  56. 56. Recap: Understanding the Security Landscape Office 365 & Digital Transformation What’s a Modern Workplace? What’s the problem that we’re currently facing in a cloud first mobile first world ? Office 365 -Defense in depth multi-dimensional approach to customer environment Office 365 – Security and Compliance offerings CASB-Cloud Access Security Broker
  57. 57. RED TEAM VS BLUE TEAM
  58. 58. Conclusion: “You have to evaluate security & compliance not as an expense, but as a money saver. Sure, managing compliance takes resources, but it’s nowhere near as expensive as the costs associated with a breach” Tech Community :_ https://techcommunity.microsoft.com/t5/Security-Privacy-Compliance/ct-p/SecurityPrivacyCompliance Trust Center :_ https://products.office.com/en-in/business/office-365-trust-center-security Office 365 Trust Center :_ https://products.office.com/en-in/business/office-365-trust-center-welcome Top 10 security and privacy features in Office 365 :_ https://products.office.com/en-in/business/office-365-trust-center-top- 10-trust-tenets-cloud-security-and-privacy Red Team and Blue Team in Microsoft :_ https://channel9.msdn.com/Shows/Azure-Friday/Red-vs-Blue-Internal-security- penetration-testing-of-Microsoft-Azure
  59. 59. What’s coming next ? Part 2: Exchange Online Protection Office 365 Advanced Threat Protection Office 365 Threat Intelligence GDPR-Compliance Manager Tool Part 3: Data Loss Prevention Office Message Encryption Office 365 Customer Key Azure Information Protection Part4: Advanced Data Governance Advanced eDiscovery Microsoft Cloud App Security CASB , SIEM & MDR
  60. 60. Thankyou….

×