Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

0

Share

Download to read offline

One name unify them all

Download to read offline

We are living a complete digital transformation where people are not restricted by apps or devices or even location. Work can be done anywhere and on any device which leads to greater security concerns regarding this business data living on mobile devices and shared with external (sometimes not trusted users). Microsoft Unified Labeling protection leverages the power of the cloud and ease of use (a few clicks for implementation) to provide a complete Information Protection solution. Now with the new unified Azure label client, users can administer the labels from one location while being integrated across the whole Microsoft platform. Attendees will learn how to configure Unified labels with real case scenarios.

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

One name unify them all

  1. 1. • Microsoft MVP | CISSP | CISM | CCISO | MCSE | PMP…………. • EC-Council CCISO Advisory Board • CISO100 and CISO50 Award Winner • Speaker (ITCamp, MS Ignite Tour, CISO Africa, SharePoint Saturday, CSCAMP…….) • Blogger @ https://itcalls.net • /AhmedNabilMahmoud • @ITCalls_anabil
  2. 2. Data is exploding It’s created, stored, and shared everywhere Platforms SaaS Remote Corporate Structured Private cloud SMS Vendors Unstructured Public Emails Documents Records
  3. 3. Discovering and managing data is challenging 88% of organizations no longer have confidence to detect and prevent loss of sensitive data¹ >80% of corporate data is “dark” – it’s not classified, protected or governed² #1 Protecting and governing sensitive data is biggest concern in complying with regulations 1. Forrester. Security Concerns, Approaches and Technology Adoption. December 2018 2. IBM. Future of Cognitive Computing. November 2015 3. Microsoft GDPR research, 2017
  4. 4. Data regulations are increasing around the world Protection of Personal Information Act 2013 (POPI) Australia Privacy Principles 2014 General Data Privacy Law Data Protection in Act (pending) Federal Data Protection Law 2000 California Consumer Privacy Act (CCPA) 2018 Personal Information Protection and Electronic Documents Act (PIPEDA) Act on Protection of Personal Information (APPI) 2017 Personal Information Protection Act (PIPA) 2011 Personal Information Security Specification 2018 Personal Data Protection Act (PDPA 2012) Personal Data Protection Bill 2018 The Privacy Protection Act (PPA) 2017 General Data Protection Regulation (GDPR 2016)
  5. 5. What’s your strategy for protecting and governing sensitive and business critical data? Do you know where your business critical and sensitive data resides and what is being done with it? Do you have control of this data as it travels inside and outside of your organization? Are you using multiple solutions to classify, label, and protect this data?
  6. 6. Information Protection & Governance Protect and govern data —wherever it lives 88% Understand your data landscape and identify important data across your hybrid environment Automatically retain, delete, and store data and records in compliant manner Apply flexible protection actions including encryption, access restrictions and visual markings Powered by an intelligent platform KNOW YOUR DATA 88% GOVERN YOUR DATA PROTECT YOUR DATA Unified approach to automatic data classification, policy management, analytics and APIs
  7. 7. Information Protection & Governance Protect and govern data —anywhere it lives 88% KNOW YOUR DATA 88% GOVERN YOUR DATA PROTECT YOUR DATA
  8. 8. Customer lifecycle for Classification, Labeling and Protection of sensitive files DEFINE CLASSIFICATION SCHEME DEFINE ALL CLASSIFICATION POLICY CONDITIONS CREATE/TEST AND DEPLOY CLASSIFICATION POLICY ONGOING USAGE, MONITORING AND REMEDIATION
  9. 9. Office 365 Information Protection Windows Information Protection Azure Information Protection What Where How Microsoft information protection—the way it was
  10. 10. What Where How Office 365 Information Protection Windows Information Protection Azure Information Protection Microsoft information protection—now
  11. 11. Demo How Client Look like ?
  12. 12. Know Your Data
  13. 13. How can I see what happens to my data over its lifecycle? Where can I classify my data? What methods can I use to classify my data? Know your Data
  14. 14. Know your data – Top of mind questions Where is my sensitive data located? What are the risky activities happening in my organization – files shared externally, across 1st and 3rd party apps? I need to comply with a new regulation? Where is my PII data located & where is it being generated? How do I control data sprawl and build a strategy for dark data disposal before I bring data to the cloud from on-premise? How do I see activity around classification and labeling across retention and sensitivity labels once they have been used across governance and retention outcomes? ?? ? ?? How do I monitor ongoing risk around label activity? ?
  15. 15. Flexible options to know your data Scanner: Spanning on-premises to cloud Content explorer Activity explorer Use built-in classification methods Auto-classification using trainable classifiers Understand what’s sensitive, what’s business critical & across your environment
  16. 16. Discover and classify on-premises files Helps you manage sensitive data prior to migrating to Office 365 or other cloud services Use discover mode to identify and report on files containing sensitive data Use enforce mode to automatically classify, label and protect files with sensitive data Can be configured to scan: • CIFS file shares • SharePoint Server 2016 • SharePoint Server 2013
  17. 17. Discover and classify cloud services using Microsoft cloud app security Detect content in cloud storage services Inspect files for sensitive information – based on policy Apply sensitivity labels Automatically apply labels to sensitive files identified in cloud apps Enforce protection policies Use sensitivity labels to apply policy, such as restricting access to sensitive information, blocking uploads, blocking downloads
  18. 18. Multiple classification methods Built-in 90+ information types provided out of the box to get started Flexible Use regex, keywords, and exact data match for data identification Organized Mapped to different industry regulations
  19. 19. Trainable classifiers Leverage machine learning to automatically classify unique data Built-in Resume, source code, offensive language provided out-of-box Build-your-own Train the system to look for specific types of data Integrated Attach to sensitivity and retention labels with associated policies
  20. 20. Demo Built-in Classification
  21. 21. Protect Your Data
  22. 22. How can I balance data security and productivity? Where can I protect my sensitive data? How can I protect my sensitive data? Protect your Data
  23. 23. Customizable Persists as container metadata or file metadata Readable by other systems Determines DLP policy based on labels Extensible to partner solutions Protect your data using sensitivity labels Manual or Automated Labels Apply to content or containers Label data at rest, data in use, or data in transit Enable protection actions based on labels Seamless end user experience across productivity applications CONFIDENTIAL
  24. 24. Balance data security and productivity Enforce conditional access to sensitive data DLP actions to block sharing Encrypt files and emails based on sensitivity label Prevent data leakage through DLP policies based on sensitivity label Business data separation on devices Secure email with encryption & permissions Manually apply sensitivity label consistently across apps applications and endpoints Show recommendations and tooltips for sensitivity labels with auto-labeling and DLP Visual markings to indicate sensitive documents across apps and services (e.g. watermark, lock icons, sensitivity column in SPO) Co-author and collaborate with sensitive documents Enable searching of encrypted files in SharePoint Allow users to open and share encrypted pdf files in Edge in addition to Adobe Acrobat Reader
  25. 25. Protect your data across environments Classify and label data in on-prem repositories, including file servers and SharePoint Label and protect Office files natively across Windows, Mac, iOS, Android and Web Clients Label and protect sensitive data manually and automatically across content and container Automatically label and protect sensitive emails in Exchange Online Unified Label Management in Microsoft 365 Compliance center On-prem Exchange Online SharePoint, Teams, Groups, PowerBI Office Apps Across Platforms Extend protection through Microsoft Cloud App Security to third party clouds and SaaS apps Non-Microsoft Clouds and SaaS apps
  26. 26. Unified policy configuration & management Centralized Single destination to configure policies for data protection and data governance, across locations Customized Customize conditions, rules and exceptions to granularly define policy actions Consistent Consistent enforcement using common policy engine
  27. 27.  Native Manual labeling in Office apps across all platforms  Automated labeling in Office ProPlus and Office on the Web  Label SharePoint sites, Teams sites, Office 365 Groups, and PowerBI artifacts at a container level  Coauthor and collaborate on encrypted files in SharePoint Online  Enable protected pdf workflows in Outlook and Edge  Label and protect CAD artifacts with Microsoft Information Protection Available and Preview since November
  28. 28. Deployment guidelines for new and existing Azure information protection users
  29. 29. New customer: experience
  30. 30. Existing Azure information protection customers: migration path
  31. 31. Why should I activate unified labeling?
  32. 32. Demo: migrate your AIP labels to Unified Labels
  33. 33. CONFIDENTIAL Clients Android, iOS, Mac, Windows, Web Windows Explorer Right-click scenario PowerShell End user automation Power BI During export from a Power BI report MCAS Data at rest and in transit SDK/3rd party Adobe, Symantec, etc. O365 DLP Preview PowerShell Automation MIP Scanner Based on policy or All sensitivity types Exchange Transport Rules
  34. 34. Begin your data classification journey Proactively protect information against common threats Monitor, report and protect against complex security & compliance challenges CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL
  35. 35. CONFIDENTIAL Discovery Deploy MIP Scanner in discovery mode Design your First Labels Start with top 3-4 most broadly applicable labels (General, Internal, Confidential) Manual Labeling Start with manual labeling/classification Set Default Label Set a default label (General) User Awareness No Protection Go for Unified Labels Classification is a journey. Start simple.
  36. 36. Begin your data classification journey Proactively protect information against common threats Monitor, report and protect against complex security & compliance challenges CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL
  37. 37. CONFIDENTIAL Introduce Encryption Apply encryption on your most sensitive label Configure Recommendations Configure recommendations for some labels Labeling with Scanner Start labeling with the MIP Scanner Labeling via MCAS Configure policy to apply labels in cloud locations • Apply label based on conditions Classification is a journey. Start simple.
  38. 38. Begin your data classification journey Proactively protect information against common threats Monitor, report and protect against complex security & compliance challenges CONFIDENTIAL CONFIDENTIAL CONFIDENTIAL
  39. 39. CONFIDENTIAL Automation/Encryption Configure automatic labeling via: • Clients • Scanner • O365 DLP (preview at Ignite) Design Key Management Option • Microsoft managed • BYOK Classification is a journey. Start simple.
  40. 40. References http://aka.ms/Azure Information protection dag https://myignite.techcommunity.microsoft.com/ https://aka.ms/UL-Explained https://aka.ms/aipulvsclassic
  41. 41. @ITCalls_ANabil /in/ahmednabilmahmoud/ https://itcalls.net/

We are living a complete digital transformation where people are not restricted by apps or devices or even location. Work can be done anywhere and on any device which leads to greater security concerns regarding this business data living on mobile devices and shared with external (sometimes not trusted users). Microsoft Unified Labeling protection leverages the power of the cloud and ease of use (a few clicks for implementation) to provide a complete Information Protection solution. Now with the new unified Azure label client, users can administer the labels from one location while being integrated across the whole Microsoft platform. Attendees will learn how to configure Unified labels with real case scenarios.

Views

Total views

190

On Slideshare

0

From embeds

0

Number of embeds

41

Actions

Downloads

3

Shares

0

Comments

0

Likes

0

×