Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Compliance in Office 365
Edge Pereira
Sandy Millar
From Avanade Australia
OSS304
Source: Gartner Report: IT Governance, Risk, and Compliance Management Solutions, http://www.gartner.com/resId=1884814
Levels and activities are driven by many factors
For example
• Public or private sector
• Industry vertical
• Business act...
Built-in Office 365 capabilities
(global compliance)
Customer controls for
compliance for internal policies
• Access Contr...
•
•
•
•
•
•
It is all about customer controls!
Remembering
“A control is a process, function, in fact anything
that supports maintaini...
Identify Monitor Protect Educate
“Data loss/leak prevention solution is a system that is designed
to detect potential data breach / data ex-filtration tran...
•
•
•
•
•
•
•
•
credit cards, and SWIFT codes)
medical account number and TFN)
driver's license)
driver's license and passport numbe...
Country PII Financial Health
USA
US State Security Breach Laws,
US State Social Security Laws, COPPA
GLBA & PCI-DSS
(Credi...
•
•
•
Australian sensitive
information types
provided by Microsoft
• Bank Account Number
• Driver's License Number
• Medic...
• Protect communications
• Basic level of built-in anti-malware and enhanced spam
filtering to help protect your email env...
[2] Wikipedia (http://en.wikipedia.org/wiki/Electronic_discovery)
Find relevant content (documents, emails, Lync conversions)DISCOVERY
PRESERVATION
Place content on legal hold to prevent c...
•
•
•
•
Provide a high level of immutability by:
• Preserving data in source
• Protecting from deletion
• Protecting from tamperin...
•
•
•
•
•
•
•
•
• Recoverable Items quotas separate from mailbox quotas and
need to be monitored
• Hybrid data sources
Comprehensive view of DLP policy
performance
Downloadable Excel workbook
Drill into specific departures from
policy to gai...
Protect communications
Governance, risk management, and compliance
Office 365 Service Descriptions
Additional Slides
DLP extensibility points
Content analysis process
Joseph F. Foster
Visa: 4485 3647 3952 7352
Expires: 2/2012
Get
Content
4485 3647 3952 7352  a 16...
Office 365 Message Encryption – Encrypt messages to any SMTP
address
Information Rights Management – Encrypt content and r...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365  data leakage protection, dlp, privac...
Upcoming SlideShare
Loading in …5
×

Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365 data leakage protection, dlp, privacy, sharepoint

622 views

Published on

Edge Pereira presentation at Microsoft TechEd Australia. Session OSS304 Regulatory Compliance and Microsoft Office 365 - data leakage protection, dlp, privacy, sharepoint

  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Edge pereira oss304 tech ed australia regulatory compliance and microsoft office 365 data leakage protection, dlp, privacy, sharepoint

  1. 1. Compliance in Office 365 Edge Pereira Sandy Millar From Avanade Australia OSS304
  2. 2. Source: Gartner Report: IT Governance, Risk, and Compliance Management Solutions, http://www.gartner.com/resId=1884814
  3. 3. Levels and activities are driven by many factors For example • Public or private sector • Industry vertical • Business activities • Geography • Laws or regulation Example Avanade
  4. 4. Built-in Office 365 capabilities (global compliance) Customer controls for compliance for internal policies • Access Control • Auditing and Logging • Continuity Planning • Incident Response • Risk Assessment • Communications Protection • Identification and Authorisation • Information Integrity • Awareness and Training • Data Loss Prevention • Archiving • eDiscovery • Encryption • S/MIME • Legal Hold • Rights Management
  5. 5. • • • • • •
  6. 6. It is all about customer controls! Remembering “A control is a process, function, in fact anything that supports maintaining compliance”
  7. 7. Identify Monitor Protect Educate
  8. 8. “Data loss/leak prevention solution is a system that is designed to detect potential data breach / data ex-filtration transmissions and prevent them by monitoring, detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage).“[1] [1] http://en.wikipedia.org/wiki/Data_loss_prevention_software “Quotation...” Good definition http://csrc.nist.gov/groups/SNS/rbac/documents/data-loss.pdf
  9. 9. • • • • •
  10. 10. • • • credit cards, and SWIFT codes) medical account number and TFN) driver's license) driver's license and passport number)
  11. 11. Country PII Financial Health USA US State Security Breach Laws, US State Social Security Laws, COPPA GLBA & PCI-DSS (Credit, Debit Card, Checking and Savings, ABA, Swift Code) Limited Investment: US HIPPA, UK Health Service, Canada Health Insurance card Rely on Partners and ISVs Germany EU data protection, Drivers License, Passport National Id EU Credit, Debit Card, IBAN, VAT, BIC, Swift Code UK Data Protection Act, UK National Insurance, Tax Id, UK Driver License, Passport EU Credit, Debit Card, IBAN, BIC, VAT, Swift Code Canada PIPED Act, Social Insurance, Drivers License Credit Card, Swift Code France EU data protection, Data Protection Act, National Id (INSEE), Drivers License, Passport EU Credit, Debit Card, IBAN, BIC, VAT, Swift Code Japan PIPA, Resident Registration, Social Insurance, Passport, Driving License Credit Card, Bank Account, Swift Code
  12. 12. • • • Australian sensitive information types provided by Microsoft • Bank Account Number • Driver's License Number • Medicare Account Number • Passport Number • Tax File Number
  13. 13. • Protect communications • Basic level of built-in anti-malware and enhanced spam filtering to help protect your email environment from threats Enforce policy Data loss prevention (DLP) controls that can detect sensitive data in email before it is sent and automatically block, hold or notify the sender Simplify management Unified administration of anti-spam, anti-malware and data loss prevention within Exchange
  14. 14. [2] Wikipedia (http://en.wikipedia.org/wiki/Electronic_discovery)
  15. 15. Find relevant content (documents, emails, Lync conversions)DISCOVERY PRESERVATION Place content on legal hold to prevent content modification and/or removal Collect and send relevant content for processing Prepare files for review PRODUCTION REVIEW Lawyers determine which content will be supplied to opposition Provide relevant content to opposition COLLECTION PROCESSING
  16. 16. • • • •
  17. 17. Provide a high level of immutability by: • Preserving data in source • Protecting from deletion • Protecting from tampering Provides easy management via: • Rich query, location and time based content target • Across Exchange, Lync and SharePoint • Using Exchange Admin or eDiscovery Centres
  18. 18. • •
  19. 19. • • • • • •
  20. 20. • Recoverable Items quotas separate from mailbox quotas and need to be monitored • Hybrid data sources
  21. 21. Comprehensive view of DLP policy performance Downloadable Excel workbook Drill into specific departures from policy to gain business insights
  22. 22. Protect communications
  23. 23. Governance, risk management, and compliance Office 365 Service Descriptions
  24. 24. Additional Slides
  25. 25. DLP extensibility points
  26. 26. Content analysis process Joseph F. Foster Visa: 4485 3647 3952 7352 Expires: 2/2012 Get Content 4485 3647 3952 7352  a 16 digit number is detected RegEx Analysis 1. 4485 3647 3952 7352  matches checksum 2. 1234 1234 1234 1234  does NOT match Function Analysis 1. Keyword Visa is near the number 2. A regular expression for date (2/2012) is near the number Additional Evidence 1. There is a regular expression that matches a check sum 2. Additional evidence increases confidence Verdict
  27. 27. Office 365 Message Encryption – Encrypt messages to any SMTP address Information Rights Management – Encrypt content and restrict usage; usually within own organization or trusted partners S/MIME – Sign and encrypt messages to users using certificates

×