Uploaded byMcOWLMarketing
PPTX, PDF940 views

Info Security: Microsoft Dynamic Access Control

This document summarizes a presentation on Dynamic Access Control in Windows Server 2012. It introduces Dynamic Access Control and its four pillars: data classification, expression-based auditing, expression-based access conditions, and encryption. It provides examples of how data classification can automatically classify documents based on their contents. Expression-based access control allows flexible access control lists based on document classification and user attributes. Dynamic Access Control helps address challenges around data compliance, leakage, and regulatory issues by automating access control and encryption based on how data is classified.

Embed presentation

Downloaded 37 times
Dynamic Access Control Presented by: Jason Kittrell, Regional Instructor MCT,MCSE,CEH,MCITP New Horizons CLC January 30, 2014
Welcome • Intended Audience • Understanding of what D.A.C. offers • Next steps
Agenda • Who is New Horizons? • Presentation: Dynamic Access Control • Demo • Q&A
Who is New Horizons?
Facts to Consider • • • • • •
Strong Vendor Partnerships
Introduction • Data Compliance Challenges • Understanding the new Dynamic Access Control built into Windows Server 2012 • Next Steps • Q&A
Data Compliance Challenges
Compliance • • • • •
Microsoft Case Study Storage growth  45%: File based storage CAGR.  Distributed Informatio n MSIT cost $1.6 GB/Month for managed servers.  >70%: of stored data is stale  Cloud cost would be approximately 25 cents GB/Month    Corporate information is everywhere: Desktops, Branch Offices, Data Centers, Cloud… MSIT 1500 file servers with 110 different groups managing them Very hard to consistently manage the information. Regulator y complianc e  New and changing regulations (SOX, HIPPA, GLBA…)  More oversight and tighter enforcement.  246,091,423: Total number of records containing sensitive personal information involved in security breaches in the US since January 2005  $90 to $305 per record (Forrester: in “Calculating the Cost of a Security Breach”) International and local regulations.  Data leakage  $15M: Settlement for investment bank with SEC over record retention.
Dynamic Access Control • • • • • • •
The 4 Pillars of Dynamic Access Control
Dynamic Access Control in a Nutshell Data Classification Expressionbased auditing  Classify your documents using resource properties stored in Active Directory.  Targeted access auditing based on document classification and user identity.  Automatically classify documents based on document content.  Centralized deployment of audit policies using Global Audit Policies. Expressionbased access conditions  Flexible access control lists based on document classification and multiple identities (security groups).  Centralized access control lists using Central Access Policies. Encryption  Automatic RMS encryption based on document classification.
Pre-2012: NTFS Permissions • Decisions made only by user security principles or group membership • Users had to log out before changes to security group membership were gained to their security token • “Shadow Groups” were often made to mimic attributes • Security Groups have rules on who can be members of which types of groups • No way to cross AD trust boundaries • No way to make access decisions off user’s device
Windows Server 2012: Expression Based Access • • • • • Selected AD attributes are included in Security Tokens Claims can be included directly in files server permissions Claims can be consistently issued to all users in the forest Claims can be “transformed” across trust boundaries Enabled new policy types NTFS alone cannot grant: – Example: Allow WRITE if User.MemberOf(Finance) and User.EmployeeType=FTE and Device.Managed=TRUE
Data Classification  File Classification Infrastructure provides insight into your data by automating classification processes.  File Classification Infrastructure uses classification rules to automatically scan files and classify them according to the contents of the file.  Some examples of classification rules include:  Classify any file that contains the string “SBC12 Confidential” as having high business impact.  Classify any file that contains at least 10 social security numbers as having personally identifiable information.
Data Encryption Challenges  How do I protect sensitive information after it leaves my protected environment?  I cannot get the users to encrypt their sensitive data.
Classification-based encryption process to encrypt a file based on Process 1 Use r Active Directory Domain Services 4 2 File server Claim definitions, file property definitions, and access policies are established in Active Directory Domain Controller. A user creates a file with the word “confidential” in the text and saves it. The classification engine classifies the file as high-impact according to rules configured. On the file server, a rule automatically applies RMS protection to any file classified as highimpact. 3 Classificatio n engine classification RMS server The RMS template and encryption are applied to the file on the file server and the file is encrypted.
Want to know more? • Microsoft Class 20412 Configuring Advanced Windows Server 2012 Services • Contact your New Horizons Education Consultant • Feedback
Q&A
THANK YOU FOR YOUR TIME

More Related Content

PDF
UNIFIED MESSAGE ARCHIVING – WHY IT IS IMPORTANT
byMicro Focus
 
PDF
Strategy for Holistic Security
byWindTalker Security
 
PPTX
Ensuring Distributed Accountability for Data Sharing in the Cloud
bySwapnil Salunke
 
PPT
Security Problem With Cloud Computing
byMartin Bioh
 
PDF
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTING
byijsptm
 
PPTX
PCI DSS and PA DSS
byKimberly Simon MBA
 
PDF
OmniNet MDS HIPPA Compliance Info
byJonathan Eubanks
 
PPT
Database security copy
byfika sweety
 
UNIFIED MESSAGE ARCHIVING – WHY IT IS IMPORTANT
byMicro Focus
 
Strategy for Holistic Security
byWindTalker Security
 
Ensuring Distributed Accountability for Data Sharing in the Cloud
bySwapnil Salunke
 
Security Problem With Cloud Computing
byMartin Bioh
 
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTING
byijsptm
 
PCI DSS and PA DSS
byKimberly Simon MBA
 
OmniNet MDS HIPPA Compliance Info
byJonathan Eubanks
 
Database security copy
byfika sweety
 

What's hot

PDF
LegalAnywhereConnect Brochure
byNancy DaCorsi
 
PPTX
Data storage security in cloud computing
bySonali Jain
 
PPTX
Spirit of PCI DSS by Dr. Anton Chuvakin
byAnton Chuvakin
 
PDF
Cloud Computing
bysahil lalwani
 
PPT
Harvard Extension School: Cloud Security Final Project - HIPAA Compliance Aud...
byTs. Mohd Shahrul Zharif Bin Sharudin
 
DOC
Privacy Preserving Public Auditing for Data Storage Security in Cloud
byGirish Chandra
 
DOC
Security threats in cloud computing
byPuneet Arora
 
PDF
Executive Summary_2016
byAnnie Cute
 
PPTX
MongoDB.local Sydney: The Changing Face of Data Privacy & Ethics, and How Mon...
byMongoDB
 
PDF
Know Your Attacker - Core Security
byCore Security
 
PPTX
Novel cloud computingsecurity issues
byJoo Manthar
 
PDF
Securing multi-tenancy systems through multi DB instances and multiple databa...
byIJECEIAES
 
PPTX
SFISSA - PCI DSS 3.0 - A QSA Perspective
byMark Akins
 
PDF
Other Systems & Application Software
byWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
PDF
IRJET- Research Paper on Active Directory
byIRJET Journal
 
PPT
Secure Data Sharing in Cloud (SDSC)
byJishnu Pradeep
 
PDF
Security meeting 2012 ID Theft
byLuis Martins
 
PDF
Secure Data Sharing in Cloud Computing using Revocable Storage Identity- Base...
byrahulmonikasharma
 
PPTX
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
byYashwanth Reddy
 
LegalAnywhereConnect Brochure
byNancy DaCorsi
 
Data storage security in cloud computing
bySonali Jain
 
Spirit of PCI DSS by Dr. Anton Chuvakin
byAnton Chuvakin
 
Cloud Computing
bysahil lalwani
 
Harvard Extension School: Cloud Security Final Project - HIPAA Compliance Aud...
byTs. Mohd Shahrul Zharif Bin Sharudin
 
Privacy Preserving Public Auditing for Data Storage Security in Cloud
byGirish Chandra
 
Security threats in cloud computing
byPuneet Arora
 
Executive Summary_2016
byAnnie Cute
 
MongoDB.local Sydney: The Changing Face of Data Privacy & Ethics, and How Mon...
byMongoDB
 
Know Your Attacker - Core Security
byCore Security
 
Novel cloud computingsecurity issues
byJoo Manthar
 
Securing multi-tenancy systems through multi DB instances and multiple databa...
byIJECEIAES
 
SFISSA - PCI DSS 3.0 - A QSA Perspective
byMark Akins
 
Other Systems & Application Software
byWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
IRJET- Research Paper on Active Directory
byIRJET Journal
 
Secure Data Sharing in Cloud (SDSC)
byJishnu Pradeep
 
Security meeting 2012 ID Theft
byLuis Martins
 
Secure Data Sharing in Cloud Computing using Revocable Storage Identity- Base...
byrahulmonikasharma
 
Secure Data Sharing in Cloud Computing Using Revocable-Storage Identity-Based...
byYashwanth Reddy
 

Similar to Info Security: Microsoft Dynamic Access Control

PPTX
MCSA 70-412 Chapter 03
byComputer Networking
 
PPTX
Data Leakage Prevention
byMicrosoft TechNet - Belgium and Luxembourg
 
PDF
Session 3 - Windows Server 2012 with Jared Thibodeau
byCTE Solutions Inc.
 
PPTX
Windows Server 2008 Security Enhancements
byPresentologics
 
PDF
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
bySecurity Bootcamp
 
PPTX
Windows Server 8 Security Improvement
byWong Chon Kit
 
PPTX
Dynamic access control sbc12 - thuan nguyen
byThuan Ng
 
PPTX
70-410 Practice Test
bywrailebo
 
PDF
Windows Server 2012 Up and Running 1st Edition Samara Lynn
byfoqsmkc687
 
PPT
Mcts chapter 6
bySadegh Nakhjavani
 
PPT
Windows server 2003_r2
bytameemyousaf
 
PPTX
Microsoft Windows 7 Enhanced Security And Control
byMicrosoft TechNet
 
PDF
Windows Server 2012 Up and Running 1st Edition Samara Lynn
byerliscamakuy
 
PPT
Chapter05 Managing File Access
byRaja Waseem Akhtar
 
PDF
Windows server 2008_setting up step -by- step
bysalomemegrelishvili
 
PPTX
Microsoft Platform Security Briefing
bytechnext1
 
PPT
G Mac Chapter05
byG-Madras Academy of Connectivity
 
PDF
Case Project 12-2 Devising an AD DS Design with RODC, AD RMS, and A.pdf
byAmansupan
 
PPT
Active Directory Fundamentals Training.ppt
byPeterBendana
 
PPT
active directory fundamental for the beginner
byRivelynN
 
MCSA 70-412 Chapter 03
byComputer Networking
 
Data Leakage Prevention
byMicrosoft TechNet - Belgium and Luxembourg
 
Session 3 - Windows Server 2012 with Jared Thibodeau
byCTE Solutions Inc.
 
Windows Server 2008 Security Enhancements
byPresentologics
 
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
bySecurity Bootcamp
 
Windows Server 8 Security Improvement
byWong Chon Kit
 
Dynamic access control sbc12 - thuan nguyen
byThuan Ng
 
70-410 Practice Test
bywrailebo
 
Windows Server 2012 Up and Running 1st Edition Samara Lynn
byfoqsmkc687
 
Mcts chapter 6
bySadegh Nakhjavani
 
Windows server 2003_r2
bytameemyousaf
 
Microsoft Windows 7 Enhanced Security And Control
byMicrosoft TechNet
 
Windows Server 2012 Up and Running 1st Edition Samara Lynn
byerliscamakuy
 
Chapter05 Managing File Access
byRaja Waseem Akhtar
 
Windows server 2008_setting up step -by- step
bysalomemegrelishvili
 
Microsoft Platform Security Briefing
bytechnext1
 
G Mac Chapter05
byG-Madras Academy of Connectivity
 
Case Project 12-2 Devising an AD DS Design with RODC, AD RMS, and A.pdf
byAmansupan
 
Active Directory Fundamentals Training.ppt
byPeterBendana
 
active directory fundamental for the beginner
byRivelynN
 

More from McOWLMarketing

PPTX
top 5 ways sharepoint can help your business
byMcOWLMarketing
 
PPT
Citrix Sales Training
byMcOWLMarketing
 
PPTX
Lean Six Sigma White Belt Webinar
byMcOWLMarketing
 
PPTX
2.13.14 v mware software defined data center (sddc) in 2014 slide deck
byMcOWLMarketing
 
PPTX
2.6.14 the end of windows xp what to do now slide deck
byMcOWLMarketing
 
PPTX
2.6.14 the end of windows xp what to do now slide deck
byMcOWLMarketing
 
PPTX
Good Info Security is Annoying!
byMcOWLMarketing
 
PPTX
SharePoint Governance Slide Deck 1.16.2014
byMcOWLMarketing
 
top 5 ways sharepoint can help your business
byMcOWLMarketing
 
Citrix Sales Training
byMcOWLMarketing
 
Lean Six Sigma White Belt Webinar
byMcOWLMarketing
 
2.13.14 v mware software defined data center (sddc) in 2014 slide deck
byMcOWLMarketing
 
2.6.14 the end of windows xp what to do now slide deck
byMcOWLMarketing
 
2.6.14 the end of windows xp what to do now slide deck
byMcOWLMarketing
 
Good Info Security is Annoying!
byMcOWLMarketing
 
SharePoint Governance Slide Deck 1.16.2014
byMcOWLMarketing
 

Recently uploaded

PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PDF
Antminer S23Hyd-580_Manual-V1.1-oneminers.pdf
byFranzhLawrenceBataan1
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
PDF
Post Quantum Cryptography for Dummies.pdf
byAde Ismail Isnan
 
PDF
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
PDF
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
PDF
final.pdf
byomarbishtawi04
 
PPTX
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PPTX
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
PPTX
Computer architecture, Computer architecture ,Computer architecture
bywaheedqazi123
 
PDF
How to Install XRDP on CentOS 10 .pdf
byGreen Webpage
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PDF
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 
PPTX
TravelTech Paris 2025 | Beyond the pipes: Why Channel Management isn’t really...
byapidays
 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PDF
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
Antminer S23Hyd-580_Manual-V1.1-oneminers.pdf
byFranzhLawrenceBataan1
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
Post Quantum Cryptography for Dummies.pdf
byAde Ismail Isnan
 
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
final.pdf
byomarbishtawi04
 
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
Beyond the Algorithm: Designing Human-Centric Public Service with AI
byAlan Dix
 
Computer architecture, Computer architecture ,Computer architecture
bywaheedqazi123
 
How to Install XRDP on CentOS 10 .pdf
byGreen Webpage
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 
TravelTech Paris 2025 | Beyond the pipes: Why Channel Management isn’t really...
byapidays
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 

Info Security: Microsoft Dynamic Access Control

  • 1.
    Dynamic Access Control Presentedby: Jason Kittrell, Regional Instructor MCT,MCSE,CEH,MCITP New Horizons CLC January 30, 2014
  • 2.
    Welcome • Intended Audience •Understanding of what D.A.C. offers • Next steps
  • 3.
    Agenda • Who isNew Horizons? • Presentation: Dynamic Access Control • Demo • Q&A
  • 4.
    Who is NewHorizons?
  • 5.
  • 6.
  • 7.
    Introduction • Data ComplianceChallenges • Understanding the new Dynamic Access Control built into Windows Server 2012 • Next Steps • Q&A
  • 8.
  • 9.
  • 10.
    Microsoft Case Study Storage growth  45%:File based storage CAGR.  Distributed Informatio n MSIT cost $1.6 GB/Month for managed servers.  >70%: of stored data is stale  Cloud cost would be approximately 25 cents GB/Month    Corporate information is everywhere: Desktops, Branch Offices, Data Centers, Cloud… MSIT 1500 file servers with 110 different groups managing them Very hard to consistently manage the information. Regulator y complianc e  New and changing regulations (SOX, HIPPA, GLBA…)  More oversight and tighter enforcement.  246,091,423: Total number of records containing sensitive personal information involved in security breaches in the US since January 2005  $90 to $305 per record (Forrester: in “Calculating the Cost of a Security Breach”) International and local regulations.  Data leakage  $15M: Settlement for investment bank with SEC over record retention.
  • 11.
  • 12.
    The 4 Pillarsof Dynamic Access Control
  • 13.
    Dynamic Access Controlin a Nutshell Data Classification Expressionbased auditing  Classify your documents using resource properties stored in Active Directory.  Targeted access auditing based on document classification and user identity.  Automatically classify documents based on document content.  Centralized deployment of audit policies using Global Audit Policies. Expressionbased access conditions  Flexible access control lists based on document classification and multiple identities (security groups).  Centralized access control lists using Central Access Policies. Encryption  Automatic RMS encryption based on document classification.
  • 14.
    Pre-2012: NTFS Permissions •Decisions made only by user security principles or group membership • Users had to log out before changes to security group membership were gained to their security token • “Shadow Groups” were often made to mimic attributes • Security Groups have rules on who can be members of which types of groups • No way to cross AD trust boundaries • No way to make access decisions off user’s device
  • 15.
    Windows Server 2012:Expression Based Access • • • • • Selected AD attributes are included in Security Tokens Claims can be included directly in files server permissions Claims can be consistently issued to all users in the forest Claims can be “transformed” across trust boundaries Enabled new policy types NTFS alone cannot grant: – Example: Allow WRITE if User.MemberOf(Finance) and User.EmployeeType=FTE and Device.Managed=TRUE
  • 16.
    Data Classification  FileClassification Infrastructure provides insight into your data by automating classification processes.  File Classification Infrastructure uses classification rules to automatically scan files and classify them according to the contents of the file.  Some examples of classification rules include:  Classify any file that contains the string “SBC12 Confidential” as having high business impact.  Classify any file that contains at least 10 social security numbers as having personally identifiable information.
  • 17.
    Data Encryption Challenges How do I protect sensitive information after it leaves my protected environment?  I cannot get the users to encrypt their sensitive data.
  • 18.
    Classification-based encryption process toencrypt a file based on Process 1 Use r Active Directory Domain Services 4 2 File server Claim definitions, file property definitions, and access policies are established in Active Directory Domain Controller. A user creates a file with the word “confidential” in the text and saves it. The classification engine classifies the file as high-impact according to rules configured. On the file server, a rule automatically applies RMS protection to any file classified as highimpact. 3 Classificatio n engine classification RMS server The RMS template and encryption are applied to the file on the file server and the file is encrypted.
  • 19.
    Want to knowmore? • Microsoft Class 20412 Configuring Advanced Windows Server 2012 Services • Contact your New Horizons Education Consultant • Feedback
  • 20.
  • 21.
    THANK YOU FORYOUR TIME

Editor's Notes

  • #9 Canyou makesure thatonlyauthorized individualscanaccess confidentialdata?Do you have granularcontrol over auditing access?Howtoreduce thenumberofsecuritygroups your organization has?Dealwithregulatorystandard?….Thereare manyquestions comeup whenit comestodataaccesscontrol
  • #17 A contentclassificationrulethat searches a setoffiles for thestring“SBC12Confidential”.Ifthestringisfoundinafile,theImpact resource propertyis set to Highonthe file.A contentclassificationrulethat searches a setoffiles for a regular expressionthatmatchesasocialsecuritynumber at least10times inone file.If thepatternis found,thefile is classifiedashaving personally identifiableinformationandthePersonallyIdentifiable Informationresource propertyis settoHigh.