The document discusses data access control and compliance. It introduces dynamic access control capabilities in Windows Server 2012 that can authorize only authorized individuals to access confidential data. It discusses challenges around data compliance, regulatory standards, and granular control over auditing access. The document then demonstrates how to use features like data classification, expression-based auditing and access conditions, and encryption to address these challenges. It provides examples of using these features to audit specific types of access, control access based on multiple attributes, and automatically encrypt files based on classification. Finally, it describes a demonstration lab that shows how to set up claims, resource properties, central access policies and encryption in Active Directory and a file server.
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Ulf Mattsson
Practical Advice for Cloud Data Security for Oracle
Learn about critical security issues in the Cloud in relation to databases
Learn about Cloud data security guidance and standards
Learn Cloud data security technologies, models and Cloud security in context to the enterprise
The rapid rise of cloud databases, storage and applications has led to unease among adopters over the security of their data. Whether it is data stored in a public, private or hybrid cloud, or used in third party SaaS applications, companies have good reason to be concerned.
In this session Protegrity CTO and data security thought leader Ulf Mattsson will focus on practical advice on what to look for in cloud service providers and a review of the technologies and architectures available to protect sensitive data in the cloud, both on- and off-site. Through real life use cases, Ulf will discuss solutions to some of the most common issues of usability, database indexing, database searches, separation of duties, key management, tokenization, compliance, privacy and security in the cloud environment.
Building on its success of facilitating mobility initiatives for enterprise customers, Symantec announced significant mobile portfolio updates to enable secure mobile email deployments, mobile application initiatives and Bring Your Own Device programs. With these updates, Symantec now offers the most comprehensive enterprise-grade platform with enhanced capabilities in device management, application management and threat protection.
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Ulf Mattsson
Practical Advice for Cloud Data Security for Oracle
Learn about critical security issues in the Cloud in relation to databases
Learn about Cloud data security guidance and standards
Learn Cloud data security technologies, models and Cloud security in context to the enterprise
The rapid rise of cloud databases, storage and applications has led to unease among adopters over the security of their data. Whether it is data stored in a public, private or hybrid cloud, or used in third party SaaS applications, companies have good reason to be concerned.
In this session Protegrity CTO and data security thought leader Ulf Mattsson will focus on practical advice on what to look for in cloud service providers and a review of the technologies and architectures available to protect sensitive data in the cloud, both on- and off-site. Through real life use cases, Ulf will discuss solutions to some of the most common issues of usability, database indexing, database searches, separation of duties, key management, tokenization, compliance, privacy and security in the cloud environment.
Building on its success of facilitating mobility initiatives for enterprise customers, Symantec announced significant mobile portfolio updates to enable secure mobile email deployments, mobile application initiatives and Bring Your Own Device programs. With these updates, Symantec now offers the most comprehensive enterprise-grade platform with enhanced capabilities in device management, application management and threat protection.
Vormetric data security complying with pci dss encryption rulesVormetric Inc
Download the whitepaper 'Vormetric Data Security: Complying with PCI DSS Encryption Rules from http://www.vormetric.com/pci82
This whitepaper outlines how Vormetric addresses PCI DSS compliance; it addresses Vormetric's position relative to the Payment Card Industry Security Standards Council's (PCI SSC) guidance on point-to-point encryption solutions. The whitepaper also features case studies of PCI DSS regulated companies leveraging Vormetric for PCI DSS compliance and maps PCI DSS requirements to Vormetric Data Security capabilities.
Vormetric Data Security helps organizations meet PCI DSS compliance demands with a transparent data security approach for diverse IT environments that requires minimal administrative support and helps companies to meet diverse data protection needs through an easy to manage solution.
For more information, join: http://www.facebook.com/VormetricInc
Follow: https://twitter.com/Vormetric
Stay tuned to: http://www.youtube.com/user/VormetricInc
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
With the exponential growth of data generation and collection stemming from new business models fueled by Big Data, cloud computing and the Internet of Things, we are potentially creating a cybercriminal's paradise where there are more opportunities than ever for that data to end up in the wrong hands. The biggest challenge in this interconnected world is merging data security with data value and productivity. If we are to realize the benefits promised by these new ways of doing business, we urgently need a data-centric strategy to protect the sensitive data flowing through these digital business systems. In this webinar, Ulf Mattsson explores these issues and provides solutions to bring together data insight and security to safely unlock the power of digital business.
DDS Security: A Security Model Suitable for Net-Centric for Pub-Sub and Data ...Gerardo Pardo-Castellote
This presentation introduces recent research in developing a security model and approach that maps the commonly accepted security concepts (autentication, non-repudiation, confidentiality), security policies (role-based access control, mandatory access control) and technologies (Public and Private Key Encription, Certificates and Certificate Authorities, TSL/SSL) into a cohesive whole applicable to data-centric publish-subscribe systems in general and to systems designed using the OMG Data-Distribution Service in particular.
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet
Given the vital records databases hold, these systems often represent one of the most critical areas of exposure for an organization. Consequently, as organizations look to comply with security best practices and regulatory mandates, database encryption is becoming increasingly common—and critical. Today, security teams looking to employ database encryption can choose from several alternatives. This paper provides a high level comparison of two approaches: Microsoft’s native encryption capabilities for SQL Server and the SafeNet DataSecure platform.
Practical advice for cloud data protection ulf mattsson - bright talk webin...Ulf Mattsson
The rapid rise of cloud data storage and applications has led to unease among adopters over the security of their data. Whether it is data stored in a public, private or hybrid cloud, or used in third party SaaS applications, companies have good reason to be concerned.
In this session Protegrity CTO and data security thought leader Ulf Mattsson will focus on practical advice on what to look for in cloud service providers and a review of the technologies and architectures available to protect sensitive data in the cloud, both on- and off-site. Through real life use cases, Ulf will discuss solutions to some of the most common issues of data governance, usability, compliance and security in the cloud environment.
Key Topics include:
What is “Cloud” computing?
Security issues in the Cloud
Cloud data security guidance
Cloud data security technologies and models
Cloud security in context to the enterprise
Protect sensitive data and ensuring that only authorized users, using known devices, can see data in the clear. We’re happy to let the traditional security experts work on their perimeters, knowing that when they fail, our customers’ data remains secure. And, in contrast with products designed for big enterprises, we’ve created a solution that can be installed, configured, and afforded by small businesses without IT staff.
SafeNet dramatically reduces the cost and complexity of PCI compliance with the most complete and easy to manage data protection solution. With SafeNet, merchants, banks, and payment processors can protect sensitive data at rest, in use and in transit to meet the most challenging PCI security requirements.
Cloud data governance, risk management and compliance ny metro joint cyber...Ulf Mattsson
The rapid rise of cloud data storage and applications has led to unease among adopters over the security of their data. Whether it is data stored in a public, private or hybrid cloud, or used in third party SaaS applications, companies have good reason to be concerned.
In this session Protegrity CTO and data security thought leader Ulf Mattsson will focus on practical advice on what to look for in cloud service providers and a review of the technologies and architectures available to protect sensitive data in the cloud, both on- and off-site. Through real life use cases, Ulf will discuss solutions to some of the most common issues of data governance, usability, compliance and security in the cloud environment.
The past, present, and future of big data securityUlf Mattsson
ONE OF THE BIGGEST REMAINING CONCERNS REGARDING HADOOP, PERHAPS SECOND ONLY TO ROI, IS SECURITY.
The Past, Present, and Future of Big Data SecurityWhile Apache Hadoop and the craze around Big Data seem to have exploded out into the market, there are still a lot more questions than answers about this new environment.
Hadoop is an environment with limited structure, high ingestion volume, massive scalability and redundancy, designed for access to a vast pool of multi-structured data. What’s been missing is new security tools to match.
Read more in this article by Ulf Mattsson, Protegrity CTO, originally published by Help Net Security’s (IN)SECURE Magazine.
Selleks, et julgeks andmed pilveteenusesse viia, peab esmalt teenusepakkujat usaldama. Mida on Microsoft ära teinud selleks, et klientide usaldust võita? Kuidas hoida andmeid pilve-Exchange’is ja pilve-SharePointis turvaliselt, jagada välja krüpteeritult ning põhjalikult kontrollida süsteemide kasutajate volitusi.
Strategies for Transitioning From SharePoint On-Prem to Office 365Kanwal Khipple
Whether you are completely transitioning to the cloud or are looking to set up a hybrid environment, attend this session to learn practical strategies for transitioning to Office 365.
Vormetric data security complying with pci dss encryption rulesVormetric Inc
Download the whitepaper 'Vormetric Data Security: Complying with PCI DSS Encryption Rules from http://www.vormetric.com/pci82
This whitepaper outlines how Vormetric addresses PCI DSS compliance; it addresses Vormetric's position relative to the Payment Card Industry Security Standards Council's (PCI SSC) guidance on point-to-point encryption solutions. The whitepaper also features case studies of PCI DSS regulated companies leveraging Vormetric for PCI DSS compliance and maps PCI DSS requirements to Vormetric Data Security capabilities.
Vormetric Data Security helps organizations meet PCI DSS compliance demands with a transparent data security approach for diverse IT environments that requires minimal administrative support and helps companies to meet diverse data protection needs through an easy to manage solution.
For more information, join: http://www.facebook.com/VormetricInc
Follow: https://twitter.com/Vormetric
Stay tuned to: http://www.youtube.com/user/VormetricInc
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
With the exponential growth of data generation and collection stemming from new business models fueled by Big Data, cloud computing and the Internet of Things, we are potentially creating a cybercriminal's paradise where there are more opportunities than ever for that data to end up in the wrong hands. The biggest challenge in this interconnected world is merging data security with data value and productivity. If we are to realize the benefits promised by these new ways of doing business, we urgently need a data-centric strategy to protect the sensitive data flowing through these digital business systems. In this webinar, Ulf Mattsson explores these issues and provides solutions to bring together data insight and security to safely unlock the power of digital business.
DDS Security: A Security Model Suitable for Net-Centric for Pub-Sub and Data ...Gerardo Pardo-Castellote
This presentation introduces recent research in developing a security model and approach that maps the commonly accepted security concepts (autentication, non-repudiation, confidentiality), security policies (role-based access control, mandatory access control) and technologies (Public and Private Key Encription, Certificates and Certificate Authorities, TSL/SSL) into a cohesive whole applicable to data-centric publish-subscribe systems in general and to systems designed using the OMG Data-Distribution Service in particular.
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet
Given the vital records databases hold, these systems often represent one of the most critical areas of exposure for an organization. Consequently, as organizations look to comply with security best practices and regulatory mandates, database encryption is becoming increasingly common—and critical. Today, security teams looking to employ database encryption can choose from several alternatives. This paper provides a high level comparison of two approaches: Microsoft’s native encryption capabilities for SQL Server and the SafeNet DataSecure platform.
Practical advice for cloud data protection ulf mattsson - bright talk webin...Ulf Mattsson
The rapid rise of cloud data storage and applications has led to unease among adopters over the security of their data. Whether it is data stored in a public, private or hybrid cloud, or used in third party SaaS applications, companies have good reason to be concerned.
In this session Protegrity CTO and data security thought leader Ulf Mattsson will focus on practical advice on what to look for in cloud service providers and a review of the technologies and architectures available to protect sensitive data in the cloud, both on- and off-site. Through real life use cases, Ulf will discuss solutions to some of the most common issues of data governance, usability, compliance and security in the cloud environment.
Key Topics include:
What is “Cloud” computing?
Security issues in the Cloud
Cloud data security guidance
Cloud data security technologies and models
Cloud security in context to the enterprise
Protect sensitive data and ensuring that only authorized users, using known devices, can see data in the clear. We’re happy to let the traditional security experts work on their perimeters, knowing that when they fail, our customers’ data remains secure. And, in contrast with products designed for big enterprises, we’ve created a solution that can be installed, configured, and afforded by small businesses without IT staff.
SafeNet dramatically reduces the cost and complexity of PCI compliance with the most complete and easy to manage data protection solution. With SafeNet, merchants, banks, and payment processors can protect sensitive data at rest, in use and in transit to meet the most challenging PCI security requirements.
Cloud data governance, risk management and compliance ny metro joint cyber...Ulf Mattsson
The rapid rise of cloud data storage and applications has led to unease among adopters over the security of their data. Whether it is data stored in a public, private or hybrid cloud, or used in third party SaaS applications, companies have good reason to be concerned.
In this session Protegrity CTO and data security thought leader Ulf Mattsson will focus on practical advice on what to look for in cloud service providers and a review of the technologies and architectures available to protect sensitive data in the cloud, both on- and off-site. Through real life use cases, Ulf will discuss solutions to some of the most common issues of data governance, usability, compliance and security in the cloud environment.
The past, present, and future of big data securityUlf Mattsson
ONE OF THE BIGGEST REMAINING CONCERNS REGARDING HADOOP, PERHAPS SECOND ONLY TO ROI, IS SECURITY.
The Past, Present, and Future of Big Data SecurityWhile Apache Hadoop and the craze around Big Data seem to have exploded out into the market, there are still a lot more questions than answers about this new environment.
Hadoop is an environment with limited structure, high ingestion volume, massive scalability and redundancy, designed for access to a vast pool of multi-structured data. What’s been missing is new security tools to match.
Read more in this article by Ulf Mattsson, Protegrity CTO, originally published by Help Net Security’s (IN)SECURE Magazine.
Selleks, et julgeks andmed pilveteenusesse viia, peab esmalt teenusepakkujat usaldama. Mida on Microsoft ära teinud selleks, et klientide usaldust võita? Kuidas hoida andmeid pilve-Exchange’is ja pilve-SharePointis turvaliselt, jagada välja krüpteeritult ning põhjalikult kontrollida süsteemide kasutajate volitusi.
Strategies for Transitioning From SharePoint On-Prem to Office 365Kanwal Khipple
Whether you are completely transitioning to the cloud or are looking to set up a hybrid environment, attend this session to learn practical strategies for transitioning to Office 365.
Machine Learning for Your Enterprise: Operations and Security for Mainframe E...Precisely
Today’s enterprises with mainframes and Cloud/server architectures are facing new issues and challenges, among the top of which are security and automation of operations. As the sheer amount of data housed on mainframes rises, daily operations have become more complex and more difficult to handle manually.
Whether you’re a CIO, CISO, VP of Infrastructure and/or Operations, or an all-important IT practitioner, you need new ways to approach and address these challenges as well as the opportunities that come with driving this type of change. In this webcast, you’ll learn:
• What is Machine Learning: The Vision vs. Reality
• The Challenges Driving Automated Mainframe Operations
• Use Cases for Machine Learning at Mainframe Enterprises
In this webinar, expanding on Acquisio’s recent Guide to the Best Marketing Automation Solutions, follow some of the leading voices in digital marketing as they discuss the best automation solutions in ad testing, creative and reporting.
2016 the year of machine learning 12.16.2015Acquisio
Think you know everything about PPC? Don’t miss out on this exclusive webinar driving you to think about PPC like you never have before. Bryan Minor, Acquisio’s chief scientist will dive into the power of machine learning and game changing statistics on our industry.
This Presentation is an introducing to the IT automation environment, starting from a sys admin point of view.
The purpose of these tools is to help in troubleshooting and handling an heterogeneous it environment to ensure availability and reliability.
Placement of BPM runtime components in an SOA environmentKim Clark
The service oriented architecture (SOA) reference architecture is intentionally simplistic at a high level but it holds some surprises when you look closely at how components really interact. This is especially true in relation to the placement of business process management (BPM) componentry. We discuss the most common design questions including: Is BPM a consumer or provider of services? To what extent should a user interface, be decoupled from the BPM runtime? How do we retain agility in BPM while adhering to the architectural separation of SOA? These subtleties are critical when designing solutions to reap benefits of both SOA and BPM simultaneously.
Already running an intranet, several core applications, and an ERP, Deloitte wanted to optimize procedures that were still being processed manually or through unstructured
email flows (such as leave applications, IT clearance applications, conference call number reservations, salary advance applications, etc.).
Listen to an experienced, global panel of insurance professionals present, discuss and answer your questions on the theme of “AI & Machine Learning”.
Brought to you by The Digital Insurer and sponsored by KPMG.
IBM Connections 4.5 Integration - From Zero To Social Hero - 2.0 - with Domin...Frank Altenburg
This document describes how to integrate IBM Connections 4.5 with IBM Lotus Domino iNotes, with IBM Sametime for Online Awareness and Business Card. How to install the IBM Connections Portlets for WebSphere Portal 8.0 and how to configure them. Adding the search integration and community content on pages. The Sametime Advanced integration and Quickr Integration is not included in this version.
ExpertsLive Asia Pacific 2017 - Planning and Deploying SharePoint Server 2016...Thuan Ng
Planning for a SharePoint farm is one of the most challenging parts in the entire deployment since you have to care network infrastructure, hardware resources to the farm architecture. With Microsoft Azure, planning and deploying SharePoint should not be a big challenge, but what would you still care about the cloud deployment for your SharePoint? This session will give what you should be aware when planning and deploying the latest SharePoint version – SharePoint Server 2016 on Microsoft Azure, and a few things Microsoft never told you in particular.
Practical Strategies to Designing Beautiful PortalsKanwal Khipple
No one starts a project with the intent of building an ugly intranet. We always have good intentions to build the best communication and collaboration portal the company has ever seen. We ensure that executives and end users are involved to design and implement from a portal based on their experience. What ends up happening? Portals are built with too many links to content or even stale content, images that take too long to load or are generic. You even had good intentions to leverage many features and perhaps some are even using it. What you typically find is that after the initial buzz of the launch, adoption fails. Why is that? If that sounds like what you recently went through, then attend this session to learn the strategies and implement them tomorrow. Learn the key principles in building innovative solutions that are simple but capture user’s attention and increase adoption.
Practical Strategies for Transitioning to Office 365 #sptechconKanwal Khipple
With Office 365 constantly releasing new functionality, it is becoming difficult to deny the value Office 365 delivers over your current SharePoint on-prem environment. Whether you are completely transitioning to the cloud or are looking to set up a hybrid environment, attend this session to learn practical strategies for transitioning to Office 365. Join Kanwal Khipple as he explores strategies and how Microsoft and many customers are planning to take advantage of Office 365.
Operations Playbook: Monitoring and Automation - RightScale Compute 2013RightScale
Speaker: Chris Deutsch - Systems Administrator, RightScale
As a systems administrator, what is the best way to ensure that you don’t get paged in your sleep or on your days off? The RightScale operations team manages hundreds of cloud servers, as well as a host of other cloud services, to deliver always-on production applications. The RightScale Ops Team will share tips as power users of RightScale, including running batch updates, automating scaling, adding custom monitoring graphs, and troubleshooting configuration and performance issues.
Case Study for Project Management System Using SharepointMike Taylor
Project Management System Using Sharepoint Focusing on Employee Data Management vth SSRS integration, SQL Reporting tool integration, task management and BI Implementation.
Self-Protecting Information for De-Perimiterised Electronic RelationshipsJeremy Hilton
This presentation describes the results of a project (SPIDER) that has developed a proof-of-concept for fine-grained information access control, and communication of controls using a concept derived from Creative Commons called Protective Commons.
Presentation from AWS Worldwide Public Sector team's conference Building and Securing Applications in the Cloud (http://aws.amazon.com/campaigns/building-securing-applications-cloud/).
M365 Records Management Community WebinarDrew Madelung
Information governance is necessary for enterprises. The management of content lifecycles is needed to be compliant and secure. Records management in M365 has many new features and capabilities that we will highlight in this webinar. We will also have real-world conversations on use cases of moving to modern records management in M365 and the challenges, opportunities, and overall guidance for this process. Bring your questions to this exciting webinar!
Database Auditing Essentials... or... Who did what to which data when and how?
The combination of increasing government regulation and the need for securing corporate data has driven up the need to track who is accessing data in our corporate databases. This presentation discusses these drivers as well as presenting the requirements for auditing data access in corporate databases.
The goal of this presentation is to review the regulations impacting the need to audit, and then to discuss in detail the kinds of things that may need to be audited, along with the several ways of accomplishing this.
SunGard’s Data Profiling Service
The service allows organisations to review the data held in Windows environments, enabling them to determine their value to the business and to identify those which can be deleted, archived or retained in the live environment.
This presentation targets to guiding security expert and developer to protect PaaS deployment to eliminate security threats. This also introduces Threat Modeling.
Accelerating Digital Transformation With Microsoft Azure And Cognitive ServicesThuan Ng
This presentation contains information relating to how Microsoft Azure can help small and large enterprises transform to digital. The presentation also covers set of Azure Cognitive Services and a demonstration with Text Analytics AP
An initiative to healthcare analytics with office 365 and power bi spsparis2017Thuan Ng
Today data is a valuable asset in every organization, especially in healthcare industry. For example, with data about number of patients by location, hospital shall have the ability to offer more services to take care of them rapidly by building more medical stataion. Or with doctor's workload you know how to start hiring more human resources to balance the workload. With Office 365 - a digital workplace platform and PowerBI - a business intelligence and analytics on Microsoft Cloud service, let's have a look at how the digital transformation is initiated for healthcare industry.
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud Thuan Ng
Purchase Microsoft Azure IaaS Defense in Depth Guide at Amazon http://amzn.com/B07117YWFZ with only 10$.
Global Azure Bootcamp 2017 Singapore - Security has never stopped being a hot topic in the wave of digital transformation. Moving to cloud does not mean your system is protected. The responsibility of information security is still shared by both parties: cloud provider and you, and has been a challenge to you in the design & implementation. This session will give you a practical design for a secure system hosted on Microsoft Azure. There will be also the model and lesson learnt from Government Cloud which is the principle to the architecture design & implementation
The presentation will give people an overall picture of Lotus Notes transition to Office 365. It's not just a "getting started" guidance but also a handbook for those who are planning for Microsoft Cloud transformation.
2. Microsoft SharePoint Most Valuable
Professional (2011,2012)
Author, Writer, Trainer & Public Speaker
Founder & Editor in Chief of SharePointVN
Publisher
Focus on Microsoft Security & Federation
Identity, Infrastructure, Methodologies and
Architecture.
3. Data Compliance
Understand the new Dynamic Access Control
capabilities built into Windows Server 2012
Demonstration
4. Compliance is generally a response to governmental regulation,
but it can also be a response to industry or internal
requirements.
The U.S. Health Insurance Portability and Accountability Act
(HIPPA) for health providers
Sarbanes-Oxley Act (SOX)
The European Union Data Protection Directive
U.S. state data breach laws
I’m not talking about in-depth Data
compliance and privacy.
5. Can you make sure that only authorized individuals can access confidential
data?
Do you have granular control over auditing access?
How to reduce the number of security groups your organization has?
Deal with regulatory standard?
…. There are many questions come up when it comes to data access control.
Content Owner
Infrastructure Information
CSO/CIO
Support Worker
department ““Is my important
data
“I need to have appropriately
“I don’t know “I don’t know if I
the right protected and
what data is in am complying
compliance compliant with
my repositories with my
controls to keep regulations –
and how to organization’s
me out of jail” how do I audit
control it” polices”
this”
6. Distributed Regulatory
Storage growth Information compliance Data leakage
45%: File based storage Corporate information is New and changing 246,091,423: Total
CAGR. everywhere: Desktops, regulations (SOX, HIPPA, number of records
Branch Offices, Data GLBA…) containing sensitive
MSIT cost $1.6
Centers, Cloud… personal information
GB/Month for managed International and local
involved in security
servers. MSIT 1500 file servers regulations.
breaches in the US since
with 110 different groups
>70%: of stored data is More oversight and January 2005
managing them
stale tighter enforcement.
$90 to $305 per record
Very hard to consistently
Cloud cost would be $15M: Settlement for (Forrester: in “Calculating
manage the information.
approximately 25 cents investment bank with the Cost of a Security
GB/Month SEC over record Breach”)
retention.
7. Data Expression-based Expression-based
Classification auditing access conditions Encryption
Classify your documents Targeted access auditing Flexible access control Automatic RMS
using resource properties based on document lists based on document encryption based on
stored in Active classification and user classification and document classification.
Directory. identity. multiple identities
(security groups).
Automatically classify Centralized deployment
documents based on of audit policies using Centralized access
document content. Global Audit Policies. control lists using Central
Access Policies.
8.
9. Data Classification
File Classification Infrastructure provides insight into your data
Data by automating classification processes.
Classification File Classification Infrastructure uses classification rules to
automatically scan files and classify them according to the
Classify your documents contents of the file.
using resource properties Some examples of classification rules include:
stored in Active
Directory.
Classify any file that contains the string “SBC12
Confidential” as having high business impact.
Automatically classify
documents based on Classify any file that contains at least 10 social security
document content. numbers as having personally identifiable information.
Data Classification Toolkit
10. A content classification rule that searches a set of files for the
Data string “SBC12 Confidential”. If the string is found in a file, the
Classification Impact resource property is set to High on the file.
A content classification rule that searches a set of files for a
Classify your documents regular expression that matches a social security number at
using resource properties least 10 times in one file. If the pattern is found, the file is
stored in Active
Directory.
classified as having personally identifiable information and the
Personally Identifiable Information resource property is set to
Automatically classify
documents based on High.
document content.
11.
12. Expression-based access condition
Manage fewer security groups by using conditional expressions
Expression-based
access conditions
Country x 30
Flexible access control
lists based on document
classification and
multiple identities
(security groups). Department x 20
Centralized access
control lists using Central
Access Policies.
Sensitive/Confidential
documents
13. What is Central Access Policy?
You can think of Central Access Policies as a safety
net that your organization applies across its servers to
enhance the local access policy
14. Expression-based access rules
Active Directory File
Domain Services server
User claims Device claims Resource properties
User.Department = Finance Device.Department = Finance Resource.Department = Finance
User.Clearance = High Device.Managed = True Resource.Impact = High
Access policy
Applies to: @File.Impact = High
Allow | Read, Write | if (@User.Department == @File.Department) AND (@Device.Managed ==
True)
15. Central access policies
Active Directory
Domain Services Corporate
High business file servers
Organizational
impact policy policies Characteristics
• High business impact • Composed of central access rules
• Personally identifiable
Personally information • Applied to file servers through Group Policy
identifiable objects
information policy
Finance • Supplement (not replace) native file and
department policies folder access control lists from New
Technology File System (NTFS)
• High business impact
Finance policy • Personally identifiable
information
• Finance
User folders
Finance folders
16. Central access policy workflow
Active Directory Active Directory
Domain Create claim definitions
Domain Services
Create file property definitions
Services Create central access policy
Claim definitions User
Send central access policies to file
Group Policy servers
File property definitions
Apply access policy to the
Allow or
shared folder deny
File Server Identify information Audit policy
User’s
computer User tries to access information
File server
17. Central access policy examples
Organization-wide Specific data
authorization management
Departmental
authorization Need-to-know
18. Expression-based Auditing
Expression-based
Limit auditing to data that meets specific
auditing classification criteria.
Targeted access auditing
Limit auditing by action and by identity
based on document
classification and user
Add contextual information into the audit
identity. events.
Centralized deployment
of audit policies using
Global Audit Policies.
19. Security auditing
Active Directory Active Directory
Domain Domain Services
Create claim types
Services Create resource properties
Claim definitions User
Group Policy Create global audit policy
File property definitions
Select and apply resource
Allow or
properties to the shared deny
File Server folders Audit policy
User’s User tries to access
computer information
File server
20. Audit policy examples
Audit everyone who does not have a high Audit all vendors when they try to access
security clearance and who tries to access a documents related to projects that they are not
document that has a high impact on business working on
Audit | Everyone | All-Access | Audit | Everyone | All-Access |
Resource.BusinessImpact=HBI AND User.EmploymentStatus=Vendor AND User.Project
User.SecurityClearance!=High Not_AnyOf Resource.Project.
21. Data Encryption Challenges
How do I protect sensitive information after it leaves my
protected environment?
I cannot get the users to encrypt their sensitive data.
22. Classification-based encryption
process
Process to encrypt a file based on
1
classification
Active Directory Claim definitions, file property definitions, and
Domain Services access policies are established in Active Directory
Domain Controller.
A user creates a file with the word “confidential” in
User
the text and saves it. The classification engine
4 classifies the file as high-impact according to rules
2
configured.
On the file server, a rule automatically applies
RMS protection to any file classified as high-
3 impact.
Classification RMS server
engine The RMS template and encryption are applied to
the file on the file server and the file is encrypted.
File server
24. Demonstration Lab
There are two virtual machines that are involved in the
demonstration lab.
AD-Srv (Active Directory Domain Controller)
File-Srv (File Server)
There are two security groups
Finance
System Integration
There are two domain users:
thuan@sbc12.local (Finance)
thang@sbc12.local (System Integration)
25. Steps
Create a new claim
Department
Create resources properties and add it to resource property list
Finance Department
Create a new central access rule/central policies
Resource Finance Department Exists
Resource Finance Department Equals Value Finance
Publish central access policy
Configure Group Policy and enable KDC
Install File Server Resource Manager on File server
Update-FSRMClassificationPropertyDefinition
Add Central Access Policy to shared folder
Validate