The document discusses compliance in Office 365. It begins with definitions of terms like data breach and compliance. Statistics are provided on data breaches, including that over 600 million records were breached between 2005-2012 and the rising costs of breaches. The document outlines compliance regulations like PCI, SOX, and HIPAA. It discusses implementing compliance solutions in O365 like data loss prevention, eDiscovery, and auditing. Mobile device management and encryption are also covered. The importance of compliance professionals like CISOs and CPOs establishing a compliance-centered organization is emphasized. Future roadmaps for better sensitive data searching in SharePoint 2016 are noted.

1. Accessible content is available upon request.
Initiation à la conformité dans O365
Hassen Boumaraf, Senior Technical Account Manager
Hassen.Boumaraf@avepoint.com

2. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
Définitions
Quelques chiffres
Roadmap
Office 365 et conformité : Démo
La conformité au coeur de l’organisation

3. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
Définitions

4. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
Métiers Personnelles
Finance : N° de carte
bancaire
Visa, Amex, MasterCard
RH / Médicales
N° de Sécurité Sociale
Denmark Personal
Identification Number

5. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
Métiers Personnelles
PCI – DSS
SOX (Sarbanes-Oxley)
HIPAA
loi Informatique et
Libertés et la Directive
Européenne 95/46/EC

6. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
• “A data breach is a security incident in which sensitive,
protected or confidential data is copied, transmitted,
viewed, stolen or used by an individual unauthorized to
do so”
[U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES Administration for Children and Families]

7. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
• “Compliance means conforming to a rule, such as a
specification, policy, standard or law …”
[Wikipedia]

8. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
• Une information ne doit être que là où elle devrait être
• Une information ne doit être visible que par ceux qui
devraient la voir
[Hassen Boumaraf]
Malheureusement, ce n’est pas toujours le cas

9. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
Quelques chiffres

10. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
Recordsbreached(known)Databreaches (known)
3,525 605,742,928Security
breaches
April20, 2005 to
December20, 2012
RepresentsUnitedStates
Source:http://www.privacyrights.org

11. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
System glitches
Malicious intent Oops!
39%
24%
37%
OnlineTrustAlliance:2013DataProtectionandBreachReadinessGuide

12. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
• 29 entreprises ont participé à l’étude en France
• Coût moyen d’un enregistrement compromis : 134€
• Augmentation de 3.3% par rapport à l’année dernière

13. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

14. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
Comment mettre ces solutions en place dans O365 ?

15. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
O365 et conformité

16. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
• France Driver's License Number
• France National ID Card (CNI)
• France Passport Number
• France Social Security Number (INSEE)SWIFT Code
• Taiwan National ID
• Taiwan Passport Number
• Taiwan Resident Certificate (ARC/TARC) Number
• U.K. Driver's License Number
• U.K. Electoral Roll Number
• U.K. National Health Service Number
• U.K. National Insurance Number (NINO)
• U.S. / U.K. Passport Number
• U.S. Bank Account Number
• U.S. Driver's License Number
• U.S. Individual Taxpayer Identification Number (ITIN)
• U.S. Social Security Number (SSN)

17. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
• Titre/Corps/Pièces
jointes
• Policy Tips
• Justification

18. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
• eDiscovery

19. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
• Audit

20. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

21. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
• Equipe conformité
• Intégration de DLP aux solutions MS
• Centralisation des outils de conformité

22. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

23. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
• Communément : Double authentification

24. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
• Azure Right Management
• Chiffrement de contenu, d’e-mail

25. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
• Mobile Device Management
• Mobilité
• Policy

26. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
La conformité au coeur de l’organisation

27. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
• CISO / RSSI
• CPO / CIL / DPO

28. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

29. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
Roadmap

30. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
• SharePoint 2016- Intégration de la recherche
des données sensibles
O365 roadmap : http://success.office.com/en-
us/roadmap

31. ©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
Q / A