The document discusses the increasing cybersecurity threats facing public sector organizations, highlighting that they are often targeted by profit-motivated adversaries, resulting in significant breach costs and a shortage of trained cybersecurity professionals. It argues for the adoption of integrated, policy-driven security platforms and leveraging hyperscale cloud technologies to reduce complexity and enhance response capabilities. Additionally, it outlines various Microsoft security solutions and approaches for data protection, access control, and advanced e-discovery practices.

1. Information Protection
and Governance
Jim Bryson + Tom Moen
Technology Solutions Professionals – Microsoft
State and Local Government Secure Enterprise
Evolving Cyber Security Strategies

2. “THE STATE OF THE STATE” IN CYBERSECURITY
Asymetrical threat
creates resource
drain
You are fighting a
profit-motivated, well
resourced HUMAN
adversary
Public sector orgs are
being explicitly
targeted
Result ? Half of
reported security
incidents are in the
public sector
The cost can be
enormous – $4M per
breach on average
(can be a lot more –
see OPM)
And even if you had
the money, there
aren’t enough trained
cyber techs to tackle
the problem
CONCLUSION: Trying to solve the security problem at an individual org level with current approaches is not
working and may bankrupt your organization. So what can we do differently ?
Two arguments/ideas for your consideration.

3. BEGIN MOVING TO BEST OF BREED SECURITY PLATFORM
Pubsec organizations
typically have upwards of
30-40 “best of breed”
security vendors to manage
If they choose to integrate
these, significant cost and
complexity
If they choose not to
integrate, humans become the
integration and limit response
time and decision quality –
i.e. attacks at Internet speed,
response at human speed
Need to begin moving to a
security platform that is pre-
integrated, identity-driven
(90+% of attacks), policy-
based to respond on Internet
time

4. COST/APPROACH CONTINUUM
Solution2
Solution1
Solution3
Solution4
Solution5
TIME
COST
Solution2
Solution1
Solution3
Solution4
Solution5
TIME
COST
“BEST OF BREED” PRODUCTS “BEST OF BREED” PLATFORM
IMPLEMENTING POINT SOLUTIONS IS EXPENSIVE
Integration cost
Software cost
Integration becomes
more complex, expensive
with each solution…
Increased leverage and
optimization of existing tools,
built in integration, consistent
policy, infra (AD), IT skills,
user training
…and eventually, I become
afraid of breaking my
custom integration if I
upgrade this

5. MOVE MORE
WORKLOADS TO
HYPERSCALE
CLOUD
1B annual spend on cyber security – economics of running your
workloads in our cloud are TRANSFORMATIONAL – pay for a “slice”
rather than owning the whole thing
Reduced window of attack due to rolling updates
Platform approach – “built in, not bolt on”, integrated, automated,
policy-based
Designed for mobile first, cloud first
Intelligent security graph - our most unique global asset in the fight,
informed by trillions of feeds. Machine learning helps sort the signal
from the noise. This signal is leveraged across all our security services
Certs AND a track record - we defend 200+ of the largest cloud
services in the world, some since 1998 (Windows Update). Oh yeah
and Microsoft itself.

6. Our most unique global asset in the
fight, informed by trillions of feeds.
Machine learning helps sort the
signal from the noise. This signal is
leveraged across all of Microsoft’s
security services
450B
monthly
authentications
18+B
Bing web pages
scanned750M+
Azure user
accounts
Enterprise
security for
90%
of Fortune 500
Malware data
from Windows
Defender
Shared threat
data from partners,
researchers and law
Enforcement
worldwide
Botnet data from
Microsoft Digital
Crimes Unit
1.2B
devices scanned
each month
400B
emails analyzed
200+
global cloud
consumer and
Commercial services
INTELLIGENT SECURITY GRAPH

7. Conditions
Allow access
Or
Block access
Actions
Enforce MFA
per user/per
app
Location
Device state
User/Application
MFA
Risk
User
CLOUD POWERED PROTECTION

8. CLOUD POWERED PROTECTION
Azure Information Protection
Classify & Label
Protect
How do I control data
on-premises and in
the cloud
Monitor and Respond
Microsoft Intune
How do I prevent data
leakage from my
mobile apps?
LOB app protection
DLP for Office 365 mobile apps
Optional device management
Cloud App Security
Risk scoring
Shadow IT Discovery
Policies for data control
How do I gain visibility
and control of my
cloud apps?

9. Click to edit Master title
style

10. CLOUD POWERED PROTECTION
Managed
apps
Personal
apps
Personal apps
Managed apps
Corporate
data
Personal
data
Multi-identity policy
Personal apps
Managed
apps
Copy Paste Save
Save to
personal storage
Paste to
personal
app
Email
attachment

11. Empower
users to
make right
decisions
Enable safe
sharing
internally and
externally
Maintain
visibility and
control
CLOUD POWERED PROTECTION
Protection that
lives and
moves with the
data

12. DOCUMENT
TRACKING
DOCUMENT
REVOCATION
Monitor &
respond
LABELINGCLASSIFICATION
Classification
& labeling
ENCRYPTION
Protect
ACCESS
CONTROL
POLICY
ENFORCEMENT
CLOUD POWERED PROTECTION

13. Azure Information
Protection DOCUMENT
TRACKING
DOCUMENT
REVOCATION
Monitor &
respond
LABELINGCLASSIFICATION
Classification
& labeling
ENCRYPTION
Protect
ACCESS
CONTROL
POLICY
ENFORCEMENT
Full Data
Lifecycle
CLOUD POWERED PROTECTION

14. Cloud App Security Intune
PROTECT
TRACK
****
App configuration
Encrypt data at the file
level and establish
access controls
Configure server names,
user names, and data
protection policies
Monitor and protect company
data in SaaS apps
Discover what SaaS apps your
users are using
OS-enabled
data protection
(Requires device enrollment)
Device security
Encryption
Device integrity
Password or
PIN policy
Enable users to track
their shared files
Manually or automatically
classify and label files
according to policies
Azure Information Protection
CLASSIFY + LABEL
Data separation
iOS Open-in controls
Windows Information
Protection
Android Enterprise
EMS-enabled
data protection
(Does not require device enrollment)
Personal
Identity
Corporate
Identity
Require PIN or biometrics
to access apps
Separate company and
personal data within apps
Enforce save as and
copy/paste controls
Wipe company data
Conditional Access
Intelligently manage access
to company data based on
device compliance, location,
app sensitivity, and risk
Company data can end up virtually anywhere.
Protect it on devices and in the cloud.
Stay in control of your data
Microsoft IntuneMicrosoft Enterprise Mobility + Security Learn more at microsoft.com/emsMicrosoft Intune Learn more at microsoft.com/intuneMicrosoft Enterprise Mobility + Security

15. Identity & Access
Data
Protection
Mobile Device &
Mobile
Application
Management
Threat
Protection
Filtering &
Hygiene
Compliance and
Risk Management
Compliance and
Risk Management

16. Compliance
and Risk
Microsoft Confidential - Internal Only

17. New permissions model
Compliance boundaries
Data completeness
RMS decryption, optical character recognition, improved indexing limits
Defensibility
Error reporting, Search & Export analytics,
auditing log enhancements
Unified case management
Consistency across eDiscovery & Advanced
eDiscovery with one consistent UX
Expansion of markets
GCC, ITAR
Advanced eDiscovery & Data Governance

18. Office 365 Compliance Data Lifecycle
Ingestion of Data Outside Office 365 In-Place Data Creation, Retention and Archiving In-Place eDiscovery
Auditing
Export

19. We Are Here
Custodian
Management
Search O365
to collect data
Hold
Management
Collect data from
non O365 data
sources
Review Production
Hold
Notifications
Enhanced
processing (OCR,
PST, AV, …)
Early Case
Assessment
Ad-hoc search
& tagging
Error reporting
& handling
Case
Management
Auditing Reporting
Analytics
Security &
PermissionsAdministration
Hold / Custodian
Management
Collection, Content
Processing
Search & Analytics
Review
O365
Partner
Partial Office 365

20. Where We Will Be Q1 2018
Custodian
Management
Search O365
to collect data
Hold
Management
Collect data from
non O365 data
sources
Review Production
Hold
Notifications
Enhanced
processing (OCR,
PST, AV, …)
Early Case
Assessment
Ad-hoc search
& tagging
Error reporting
& handling
Case
Management
Auditing Reporting
Analytics
Security &
PermissionsAdministration
Hold / Custodian
Management
Collection, Content
Processing
Search & Analytics
Review
O365
Partner
Partial Office 365

22. • Redaction – Adobe and Teradact http://teradact.com/index.html
• Review - Zylabs, Clearwell, Guidance (run in Azure)
• Existing Archives – Archive360 http://www.archive360.com/
• DOD5015 – Gimmal https://www.gimmal.com/governance-records-
management/
• Physical Records – Knowledge Lake
https://www.knowledgelake.com/records-management-sharepoint
• Matter Center Partners- Planet, Slalom, etc https://www.microsoft.com/en-
us/legal/productivity/partner.aspx
• Broad Deployment - ShareSquared, StoneShare, Knowledge Lake, etc.,
• Advanced eDiscovery - Lighthouse, DIT, BlueSource and many others

26. The Value Proposition of
Advanced eDiscovery (AeD)

28. Tenant = 100,000,000 items
Microsoft Confidential - Internal Only

29. Search Results =
1,000,000 items
$2,000,000 review cost
Microsoft Confidential - Internal Only

30. Relevance
Predictive Coding
Microsoft Confidential - Internal Only

31. 600,000 items
$1,200,000 review cost
40% savings
Microsoft Confidential - Internal Only

32. Email Documents
Email Threading
Near Duplication
Microsoft Confidential - Internal Only

33. Email Documents
Email Threading
Near Duplication
Microsoft Confidential - Internal Only

34. Email Documents
240,000 items
$480,000 review cost
76% savings
Microsoft Confidential - Internal Only

35. Advanced eDiscovery
Intelligently explore and analyze unstructured data to quickly identify what’s relevant
Use predictive coding to train the system to find likely
relevant documents and reduce what’s sent to review
Minimize
Use near duplicate detection to organize the data
and email threading to reconstruct email
conversations from unstructured data
Organize
Use Themes to understand the topics represented in
the data set
Recognize

36. Advanced eDiscovery (AeD)
Intelligently explore and analyze unstructured data to quickly identify what’s relevant
Use predictive coding to train the system to find
likely relevant documents and reduce what’s
sent to review
Minimize
Use near duplicate detection to organize the
data and email threading to reconstruct email
conversations from unstructured data
Organize
Use Themes to understand the topics
represented in the data set
Recognize

49. Compliance Solutions deck
High-level Compliance Vision video
Best Practices in eDiscovery Solutions Case Creations, Holds and Searches
Advanced eDiscovery Relevance Solution: Predictive Coding Analytics
Advanced eDiscovery Analytics Solutions: How to Efficiently Organize and Reduce Data for Review
How Microsoft leverages Office 365 eDiscovery
eDiscovery detailed whitepaper
On-Ramp