Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

When Your CISO Says No - Security & Compliance in Office 365

409 views

Published on

Security & Compliance in Office 365, Azure, Microsoft Cloud. Auditing, metadata, physical security.

http://www.sharepointcowbell.com

Published in: Technology
  • Be the first to comment

  • Be the first to like this

When Your CISO Says No - Security & Compliance in Office 365

  1. 1. When Your CISO Says NO Security & Compliance in Office 365 www.ceiamerica.com
  2. 2. CONSULTING | SOLUTIONS | RESULTS2 About Me Architect; Principal Consultant Microsoft Solutions Division Partner Technical Specialist (Purple Badge) SharePoint | Office365 | Azure www.sharepointcowbell.com
  3. 3. CONSULTING | SOLUTIONS | RESULTS3 •CISO Objections •The Path to Yes •Demos Talking Points
  4. 4. CONSULTING | SOLUTIONS | RESULTS Pre-adoption concern 60%cited concerns around data security as a barrier to adoption 45%concerned that the cloud would result in a lack of data control Benefits realized 94%experienced security benefits they didn’t previously have on-premise 62%said privacy protection increased as a result of moving to the cloud SECURITY • Design/Operation • Infrastructure • Network • Identity/access • Data PRIVACY COMPLIANCE TRANPARENCY Cloud Innovation: Risks & Benefits Source: Barriers to Cloud Adoption study, ComScore, Sept 2013
  5. 5. CONSULTING | SOLUTIONS | RESULTS Compliance
  6. 6. CONSULTING | SOLUTIONS | RESULTS United States______ CJIS CSA CCM DISA FDA CFR Title 21 Part 11 FEDRAMP FERPA FIPS 140-2 FISMA HIPAA/HITECH HITRUST IRS 1075 ISO/IEC 27001, 27018 MARS-E NIST 800-171 Section 508 VPATs SOC 1, 2 United Kingdom___ CSA CCM ENISA IAF EU Model Clauses ISO/IEC 27001, 27018 NIST 800-171 SOC 1, 2, 3 UK G-CloudSpain___ CSA CCM ENISA IAF EU Model Clauses EU-U.S. Privacy Shield ISO/IEC 27001, 27018 SOC 1, 2 Spain ENS Spain LOPD Auth. Singapore____ CSA CCM ISO/IEC 27001, 27018 MTCS SOC 1, 2 New Zealand____ CSA CCM ISO/IEC 27001, 27018 NZCC Framework SOC 1, 2, Japan____ CSA CCM CS Mark (Gold) FISC ISO/IEC 27001, 27018 Japan My Number Act SOC 1, 2 European Union___ CSA CCM ENISA IAF EU Model Clauses EU-U.S. Privacy Shield ISO/IEC 27001, 27018 SOC 1, 2, China____ China GB 18030 China MLPS China TRUCS Austrailia____ CSA CCM IRAP (CCSL) ISO/IEC 27001, 27018 SOC 1, 2 Argentina____ Argentina PDPA CSA CCM IRAP (CCSL) ISO/IEC 27001, 27018 SOC 1, 2 Over 900 controls in the Office 365 compliance framework enable us to stay up to date with the ever- evolving industry standards across geographies Microsoft is regularly audited, submits self-assessments to independent 3rd party auditors and holds key certifications Compliance
  7. 7. CONSULTING | SOLUTIONS | RESULTS Comprehensive Compliance DLP
  8. 8. CONSULTING | SOLUTIONS | RESULTS “No. The Cloud is easier to hack/breach…”
  9. 9. CONSULTING | SOLUTIONS | RESULTS Perimeter Computer room Building Seismic bracing Security operations center 24X7 security staff Days of backup power Cameras Alarms Two-factor access control: Biometric readers & card readers Barriers Fencing Datacenter Security
  10. 10. CONSULTING | SOLUTIONS | RESULTS “No. We can’t have our info visible on the open internet…”
  11. 11. CONSULTING | SOLUTIONS | RESULTS “No. We can’t have our info visible on the open internet…” Encryption a. Data at-rest i. Volume-level encryption (BitLocker, AES 128-bit, FIPS-compliant) ii. File-level encryption (encrypted keys; minimal MS staff access in gov’t cloud) b. Data in-transit i. TLS/SSL (2048-bit) ii. IPsec encryption iii.AES 256-bit iv.FIPS validated
  12. 12. CONSULTING | SOLUTIONS | RESULTS Encrypted in transit between client and service and within service data centers BitLocker encryption protects drives where content is stored Contents of each file encrypted with a unique key Large files are stored in parts with a unique key per par File contents and encryption key are stored separately UseAzure RMStoencrypt your secret databefore uploading Works across phones, tablets,andPCs Information protected bothwithinandoutsideorganization Masterkeyisused toencrypt/decrypt per-fileencryption keys Ifitisremoved oraccessisrevoked, SharePoint Onlinecannolonger decrypt your content Does notlimit/restrict SharePoint Onlinefunctionalitywhen enabled YouuploadittoAzure KeyVaultandgrantaccesstotheOffice365 service Youcanremove itorrevoke access toitatanytime “No. We can’t have our info visible on the open internet…”
  13. 13. CONSULTING | SOLUTIONS | RESULTS1313
  14. 14. CONSULTING | SOLUTIONS | RESULTS1414
  15. 15. CONSULTING | SOLUTIONS | RESULTS1515 8:40 12:40
  16. 16. CONSULTING | SOLUTIONS | RESULTS • Private VPN “No. We can’t have our info visible on the open internet…”  Customers can extend their on- premises sites using VPN or dedicated ExpressRoute connections  Customer owns and manage certificates, policies, and user access
  17. 17. CONSULTING | SOLUTIONS | RESULTS “No. We’ll never be able to determine Appropriate Usage by our users…”
  18. 18. CONSULTING | SOLUTIONS | RESULTS Powerful for experts, and easier for generalists to adopt Scenario oriented workflows with cross-cutting policies spanning features Powerful content discovery across Office 365 workloads Proactive suggestions leveraging Microsoft Security Intelligence Graph Security and Compliance Center
  19. 19. CONSULTING | SOLUTIONS | RESULTS Azure Active Directory Security & Compliance Center SharePoint Online Power BI Opt-in for all O365 tenants 1 billion events collected daily Office 365 Auditing
  20. 20. CONSULTING | SOLUTIONS | RESULTS Office 365 Auditing
  21. 21. CONSULTING | SOLUTIONS | RESULTS Audited Activities https://support.office.com/en-us/article/Search-the-audit-log-in-the-Office-365-Security-Compliance-Center-0d4d0f35-390b-4518-800e-0c7ec95e946c
  22. 22. CONSULTING | SOLUTIONS | RESULTS Tenant-scoped unless noted Allow sharing via anon access links and to authenticated external users Allow sharing to authenticated external users only (further limit to existing users) Don’t allow sharing to external users Limit external sharing using domains (allow and deny list) – also at site collection level Prevent external users from sharing files, folders, sites they don’t own Require external users to accept sharing invitations with the same account the invitations were sent to Abilitytochoose defaultlinktypefromanon,companyshareable, restricted OnOneDrive forBusiness only;When… Users inviteadditionalexternalusers toshared files Externalusers accept invitationstoaccessfiles Anon accesslinkiscreated or changed Prevent sharingofdocuments marked byDLPtoexternal users Sharing
  23. 23. CONSULTING | SOLUTIONS | RESULTS “No. ‘Need To Know’ and ‘Least Privilege’ needs to be supported…”
  24. 24. CONSULTING | SOLUTIONS | RESULTS SharePoint Permissions – It Works
  25. 25. CONSULTING | SOLUTIONS | RESULTS • Catch It Before it Happens • The “Minority Report” Method • Catch It After it Happens • and discipline the culprit • Minimize Issues Other Considerations: Timing
  26. 26. CONSULTING | SOLUTIONS | RESULTS • Physical Security • Azure RMS • Rights Management • Data Loss Prevention Catch Before
  27. 27. CONSULTING | SOLUTIONS | RESULTS Catch Before
  28. 28. CONSULTING | SOLUTIONS | RESULTS • Data Loss Prevention • Auditing Catch After
  29. 29. CONSULTING | SOLUTIONS | RESULTS Catch After
  30. 30. CONSULTING | SOLUTIONS | RESULTS • Labels, Tips • Rights Management Minimize
  31. 31. CONSULTING | SOLUTIONS | RESULTS Putting Pieces Together
  32. 32. CONSULTING | SOLUTIONS | RESULTS32 Resources 32 Thank You! Ricardo Wilkins – Architect, Microsoft Solutions Division Computer Enterprises, Inc. | www.ceiamerica.com rwilkins@ceiamerica.com Office 365 Trust Center Microsoft Trust Center Microsoft Secure Security Blogs on Office Blogs Compliance Blogs on Office Blogs Office 365 Roadmap

×