Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Microsoft 365 Compliance

139 views

Published on

We live in a time where digital technology is profoundly impacting our lives, from the way we connect with each other to how we interpret our world. First and foremost, this digital transformation is causing a tsunami of data. In fact, IDC estimates that in 2025, the world will create and replicate 163ZB of data, representing a tenfold increase from the amount of data created in 2016. In the past, organizations primarily dealt with documents and emails. But now they’re also dealing with instant messaging, text messaging, video files, images, and DIO files. The internet of things, or IOT, will only add to this explosion in data.


Managing this data overload and the variety of devices from which it is created is complicated and onerous as the market for solutions is fragmented and confusing. There are many categories of solutions, and within each, there are even more solutions to choose from. Many companies are struggling to decide how many of those solutions they need and where to start. Additionally, using multiple solutions means they won’t be integrated, so companies end up managing multiple applications from multiple disparate interfaces.

The question we often get asked is, “How can Microsoft 365 help me?”

Published in: Technology
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Microsoft 365 Compliance

  1. 1. Microsoft 365 Compliance Intelligent compliance and risk management solutions David J. Rosenthal Vice President, Digital Business Microsoft Technology Center, New York City October 24, 2019
  2. 2. Data is exploding It’s created, stored, and shared everywhere Platforms SaaS Remote Corporate Structured Private cloud SMS Vendors Unstructured Public Emails Documents Records
  3. 3. The landscape is fragmented and confusing
  4. 4. Breach notification Supervision GDPR Information governance Data loss prevention Archiving Fraud prevention Information protection eDiscovery Anomaly detection Privacy Compliance management Records management Access management EncryptionData classification Auditing
  5. 5. Hundreds of compliance requirements Hundreds of vendors
  6. 6. Data regulations are increasing around the world Protection of Personal Information Act 2013 (POPI) Australia Privacy Principles 2014 General Data Privacy Law Data Protection in Act (pending) Federal Data Protection Law 2000 California Consumer Privacy Act (CCPA) 2018 Personal Information Protection and Electronic Documents Act (PIPEDA) Act on Protection of Personal Information (APPI) 2017 Personal Information Protection Act (PIPA) 2011 Personal Information Security Specification 2018 Personal Data Protection Act (PDPA 2012) Personal Data Protection Bill 2018 The Privacy Protection Act (PPA) 2017 General Data Protection Regulation (GDPR 2016)
  7. 7. BUSINESSES AND USERS ARE GOING TO EMBRACE TECHNOLOGY ONLY IF THEY CAN TRUST IT. Satya Nadella Actions of a trusted partner
  8. 8. Actions of a trusted partner Customers own any patents and industrial design rights that result from our shared innovation work We proactively collaborate with customers and regulators We do not provide any government with the ability to break encryption, nor do we provide any government with encryption keys We do not share business customer data with our advertiser -supported services, nor do we mine it for marketing or advertising We do not engineer back doors for governments into our products We extended GDPR data subject rights to all consumers worldwide
  9. 9. Intelligent compliance and risk management solutions Information Protection & Governance Internal Risk Management Discover & Respond Protect and govern data anywhere it lives Identify and remediate critical insider risks Quickly investigate and respond with relevant data Compliance Management Simplify and automate risk assessments
  10. 10. Simplify and automate risk assessments COMPLIANCE MANAGEMENT
  11. 11. The regulatory landscape is complex and shifting 215+ updates per day from 900 regulatory bodies¹ 40% of firms spent 4+ hrs/ week creating and amending reports¹ 65% of firms ranked “design and implementation of internal processes” the biggest GDPR hurdle2 1. Thomson Reuters Regulatory Intelligence - Cost of Compliance 2018 2. http://resources.compuware.com/research-improved-gdpr-readiness-businesses-still-at-risk-of-non-compliance
  12. 12. Shared responsibility model Customer management of risk Data classification and data accountability Shared management of risk Identity & access management | End point devices Provider management of risk Physical | Networking Cloud customer Cloud provider Responsibility On-Prem IaaS PaaS SaaS Data classification and accountability Application level controls Network controls Host infrastructure Physical security Client & end-point protection Identity & access management
  13. 13. Examples of shared responsibilities: NIST Personnel control Strict screening for employees, vendors, and contractors, and conduct trainings through onboarding process Personnel control Allocate and staff sufficient resources to operate an organization-wide privacy program, including awareness- raising and training Access to production environment Set up access controls that strictly limit standing access to customer’s data or production environment Access to production environment Set up access control policy and SOP, leveraging Customer Lockbox / identity management solutions Protect data Encrypt data based on org’s compliance obligations. E.g. encrypt PII in transit between users, using its own encryption key, etc. Protect data Encrypt data at rest and in transit based on industrial standards (BitLocker, TLS, etc.) Organization responsibility responsibility 800-53
  14. 14. Compliance Manager Manage your compliance from one place Compliance Manager is a dashboard that provides the Compliance Score and a summary of your data protection and compliance stature as well as recommendations to improve data protection and compliance. This is a recommendation, it is up to you to evaluate and validate the effectiveness of customer controls as per your regulatory environment. Recommendations from Compliance Manager and Compliance Score should not be interpreted as a guarantee of compliance. Ongoing risk assessment An intelligent score reflects your compliance posture against regulations or standards Actionable insights Recommended actions to improve your data protection capabilities Simplified compliance Streamlined workflow across teams and richly detailed reports for auditing preparation
  15. 15. Compliance Manager demo
  16. 16. Protect and govern data anywhere it lives INFORMATION PROTECTION & GOVERNANCE
  17. 17. Discovering and managing data is challenging 88% of organizations no longer have confidence to detect and prevent loss of sensitive data¹ >80% of corporate data is “dark” – it’s not classified, protected or governed² #1 Protecting and governing sensitive data is biggest concern in complying with regulations 1. Forrester. Security Concerns, Approaches and Technology Adoption. December 2018 2. IBM. Future of Cognitive Computing. November 2015 3. Microsoft GDPR research, 2017
  18. 18. Do you have a strategy for protecting and managing sensitive and business critical data? Do you know where your business critical and sensitive data resides and what is being done with it? Do you have control of this data as it travels inside and outside of your organization? Are you using multiple solutions to classify, label, and protect this data?
  19. 19. Information Protection & Governance Protect and govern data – anywhere it lives 88% Understand your data landscape and identify important data across your hybrid environment Automatically retain, delete, and store data and records in compliant manner Apply flexible protection actions including encryption, access restrictions and visual markings Powered by an intelligent platform KNOW YOUR DATA 88% GOVERN YOUR DATA PROTECT YOUR DATA Unified approach to automatic data classification, policy management, analytics and APIs
  20. 20. Know Your Data Identify oversharing, mismanagement or misuse of important documents Understand volume, scope and location of sensitive information Visibility into sensitive information types detected across documents and emails Identify exposure & risks; guide policy configuration Act on recommendations to enable policies to better protect and govern data Helps inform taxonomy and policies for sensitivity labeling and retention labeling
  21. 21. Protect Your Data: Information Protection Customize protection policies based on data sensitivity Broad coverage Protect sensitive information across devices, apps, on- premises file repositories and cloud services Streamlined administration Configure sensitivity labels and protection policies in single place and apply across endpoints and services Built-in experiences Integrated natively into Office apps, Office 365 services and 3rd-party services Flexible labeling options Choose between automatic labeling, manual end-user driven labeling or recommended labeling
  22. 22. Govern Your Data: Information Governance Automatically govern data across your environment Records Management Ensure core business records are properly declared and stored immutability with full audit visibility to meet regulatory obligations Streamlined administration Configure retention labels and policies in single place and apply automatically across services Built-in experiences Investigate and validate how and when labels are being applied. Defensibly dispose of content after disposition review
  23. 23. Identify and remediate critical insider risks INTERNAL RISK MANAGEMENT
  24. 24. 90% of enterprises feel vulnerable to insider risk 57% indicate they are most vulnerable to loss of confidential data 51% Concerned with negligent insider behaviors Identifying and mitigating risks is challenging https://www.veriato.com/docs/default-source/whitepapers/insider-threat-report-2018.pdf
  25. 25. Organizations face a broad range of risks from insiders Data spillage Confidentiality violations IP theft Workplace violence Regulatory compliance violations Fraud Policy violations Insider trading Conflicts of interest Leaks of sensitive data Data handling violations Workplace harassment
  26. 26. Defensible insights Productivity reporting, full audit of review activities and policy tracking Communications Supervision Intelligent policies Refine digital communications with intelligent conditions, sensitive info types, inclusions & exclusions and percent sample Efficient reviews Review experience built into Compliance center, tag and comment on content and bulk resolution
  27. 27. Built in Encryption and Key Mgmt OME/AIP TLS Service Encryption BitLocker Capabilities for added protection and control Additional customer controls for added protection and control Meets rigorous industry standards Data is encrypted by default at-rest and in-transit Option to manage and control your own encryption keys to help meet compliance needs
  28. 28. Privileged Access Management Controlling privileged access by Microsoft service engineers and by your administrators Privileged workflow The principle of zero standing access Just in time and just enough access Logging and auditing
  29. 29. Quickly investigate and respond with relevant data DISCOVER & RESPOND
  30. 30. Cost of compliance can be significant 51% of companies of >$1B revenue, indicate at least one regulatory proceeding pending² 44% of organizations report they have had more than one internal investigation requiring outside counsel² 50% of organizations have spent more time over last 3 years address regulatory requests² 1. Strategy Analytics. “Global Mobile Workforce Forecast Update 2016-2022.” Oct 2016. 2. Entrepreneur.com. “Password Statistics: The Bad, The Worse, and The Ugly.” June 3, 2015. 3. DARKReading. “Data Breach Record Exposure Up 205% from 2016.” Nov 8, 2017.
  31. 31. Are you able to intelligently reduce the volume of data to find what’s relevant? Are you able to track activity to fulfill compliance obligations? Do you have a process in place to review the data before its shared?
  32. 32. Collection into document working sets Manage static sets of documents within a case, that can be independently searched, analyzed, shared, and acted upon. Advanced eDiscovery Quickly find and respond with only the relevant information Custodian Management and Communications Preserve content by custodian, send hold notifications and track acknowledgements Deep crawling and indexing Deep processing (e.g. much higher size limits, non-Microsoft file types, …) to extract and index text & metadata Cull your data intelligently with ML Use predictive coding, near duplicate detection, email threading, Themes and ML models to identify potential high value content Review and take action on documents View content via a native and text viewer, organize documents with tags and redact sensitive information prior to export
  33. 33. Data Investigations Quickly locate, triage, and remediate sensitive data incidents in your organization Validate with built-in review Review content in-place to validate sensitive or malicious content Advanced search to quickly collect relevant data Quickly search across Office 365 with conditions, keywords and more to refine targeted search Identify and investigate persons of interest Identify and manage persons of interest within an investigation to ensure related content and people are in scope Take action & remediate sensitive data incidents Identify sensitive content in-place and take immediate action to soft delete, hard delete or tag for further processing Complete audit log and escalation All actions logged and ability to provide legal hold escalation via the review and action process
  34. 34. Audit log and alerts Comprehensive long-term audit supports continuous compliance Establish alerts based on organization specific criteria Comprehensive coverage across Office 365 services Unified Audit log search and alert experience
  35. 35. Microsoft 365 compliance partners Controle EY PWC Light House BDO KPMG Avaleris Inc N1 SOFTWARE e SERVICOS DE INFORMATICA LTDA-ME Soarsoft International Global Computing and Telecoms Performanta Meeco Experteq IT Services Pty Ltd Crayon EY KPMG PWC Software one EY EY KPMG Makronet Atos Global Comparex DXC Technology PWC Accenture Bechtle Global InfoWAN PHAT Consulting GmbH Crayon CGI Group UK New Signature Ai3 Capgemini Nelite VNext 4WARD Aquest BDO Ziv Haft See more partners here: https://blogs.partner.microsoft.com/mpn/gdpr-leaders-needed-help-customers-navigate-gdpr-journey/
  36. 36. Consider a different approach Reduce number of solution vendors and leverage shared responsibility Know, protect and govern your sensitive data throughout its lifecycle Implement more intelligent, built-in compliance solutions
  37. 37. Contact Information © 2019 Razor Technology www.razor-tech.com David Rosenthal VP & General Manager Digital Business @DavidJRosenthal SlideShare Blog: www.razor-tech.com 5 Tower Bridge 300 Barr Harbor Dr., Suite 705 West Conshohocken, PA 19428 www.razor-tech.com David.Rosenthal@razor-tech.com Cell: 215.801.4430 Office: 866.RZR.DATA LETS KEEP IN TOUCH 37
  38. 38. Intelligent compliance and risk management solutions Microsoft 365 Compliance
  39. 39. Discussion

×