SlideShare a Scribd company logo

Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration...Really?

Download as PPSX, PDF
C
centralohioissa

Collaboration often drives how we work especially when our workforce is mobile, when it is working off premises and serving clients in the field. Our employees adopt cloud solutions to communicate, exchange ideas and files, and to collaborate without our knowledge…this approach keeps security officers sleepless not only in Seattle but also in Columbus… This presentation is an overview of Office 365 functionality, security and compliance (reporting) capabilities to manage information privacy, security and compliance risks, and related documentation. Office 365 email security and management, SharePoint collaboration platform and Azure Active Directory reporting will be reviewed. This is a business/technical (not in depth technical) presentation to help business / technical audience understand the security and functionality of Office 365 solution when considering cloud solutions adoption.

Technology
1 of 23
Robert Brzezinski, CHPS, CISA BizWit LLC Information Security Risk Management Columbus, OH www.bizwit.us OFFICE 365 SECURITY AND COMPLIANCE CLOUDY COLLABORATION … REALLY? (C) 2011 - 2016 BizWit LLC
1. Understand Office 365 security and compliance 2. Satisfying business, security and compliance needs 3. Verify configuration 4. Define audit scope 5. Make educated decision OFFICE 365 SECURITY AND COMPLIANCE (C) 2011 - 2016 BizWit LLC
OFFICE 365 SECURITY AND COMPLIANCE 1. How hackers break in? 2. Office 365 and Federal regulations? 3. Email protection 4. Protecting data and collaboration environment 5. Protecting user credentials 6. Meeting Compliance requirements 7. Is the Cloud right for you? (C) 2011 - 2016 BizWit LLC
Protection of Sensitive Data - # 1 driver for security spending (SANS) Regulatory Compliance - # 2 driver for security spending (SANS) (C) 2011 - 2016 BizWit LLC SECURITY PRIORITIES AND OFFICE 365
Source: Verizon 2015 Data Breach Investigation Report (DBIR) Threats and Security Incidents (C) 2011 - 2016 BizWit LLC SECURITY PRIORITIES AND OFFICE 365 Source: Verizon 2016 Data Breach Digest (DBD)
(C) 2011 - 2016 BizWit LLC Source: 2015 Verizon DBIR • Email • Phishing / Malware • Malicious website • Compromised credentials • Email mistakes • Lost data or device • Compromised data • Compromised credentials • Privilege misuse Threat actions HOW HACKERS BREAK IN? SECURITY PRIORITIES AND OFFICE 365 FBI – Business Email Compromise 2013-15 Exposed Dollars Loss $800 M – $1.2 B
OFFICE 365 TRUST CENTER - COMPLIANCE WITH FEDERAL REGULATIONS Top 10 compliance standards of Office 365: HIPAA, FedRAMP/FISMA, SSAE16, GLBA, PIPEDA, FERPA, EU, ISO 27001 Office 365 receives FedRAMP Authority to Operate (ATO) from HHS OIG FBI CJIS Addendum Office 365 listed in CSA Security, Trust & Assurance Registry (STAR) (C) 2011 - 2016 BizWit LLC
OFFICE 365 PROTECTION OF SENSITIVE DATA • Malware / malicious links / ransom • Connection / IP: white, black and safe list • Anti-spoofing technologies: DMARC & DKIM, SPF • Trusted domains / connectors (C) 2011 - 2016 BizWit LLC Protecting Inbound Email Exchange Online Protection (EOP) Phishing & Malware Advanced Threat Protection (ATP)
OFFICE 365 PROTECTION OF SENSITIVE DATA (C) 2011 - 2016 BizWit LLC Protecting Outbound Email and Data Mail flow rules • Malware + / Flag external • Data Loss Prevention (DLP) • Encryption / decryption • Secure attachments • Email supervisory workflow • Incident reporting Mobile device access Miscellaneous Errors
DLP & ENCRYPTION (C) 2011 - 2016 BizWit LLC OFFICE 365 PROTECTION OF SENSITIVE DATA
OFFICE 365 EMAIL COMPLIANCE (C) 2011 - 2016 BizWit LLC • Data Loss Prevention (DLP) • eDiscovery • Litigation Hold • Retention policies • Archiving • Auditing reports • Non-owner mailbox access • Admin and external admin log • Configuration changes by admin • Admin role group changes Privilege Misuse
OFFICE 365 PROTECTION OF SENSITIVE DATA (C) 2011 - 2016 BizWit LLC Protecting Data - SharePoint Collaboration Sites Architecture • Data Containers / Logical Separation Permissions and sharing • Very granular permissions • External sharing blocking Data Loss Prevention (DLP) & Alerting • SharePoint / OneDrive and Exchange • Malware scanning • Alerts for e.g. content changes Miscellaneous Errors
OFFICE 365 PROTECTION OF SENSITIVE DATA (C) 2011 - 2016 BizWit LLC Protecting Data with Rights Management Services • Encrypt attachments • Limit access and editing capabilities • Manage content expiry • View document use Miscellaneous Errors Information Rights Management for SharePoint and for Desktop / Email • Protect / encrypt documents in place (on laptop)
(C) 2011 - 2016 BizWit LLC OFFICE 365 PROTECTION OF SENSITIVE DATA Rights Management Services (RMS)
OFFICE 365 PROTECTION OF SENSITIVE DATA (C) 2011 - 2016 BizWit LLC Rights Management Services (RMS)
(C) 2011 - 2016 BizWit LLC OFFICE 365 SHAREPOINT COMPLIANCE • Data Loss Prevention (DLP) • eDiscovery • Retention policies & Archiving • Auditing reports • Editing or viewing content • Editing users and permissions • Office 365 audit log Rights Management Services / Information Rights Management Privilege Misuse Miscellaneous Errors
(C) 2011 - 2016 BizWit LLC OFFICE 365 PROTECTION OF SENSITIVE DATA Protecting User Credentials - Security Configuration User management in Office 365 • Admin, licensing and self-service • Azure AD (Active Directory) • Synchronization • Authentication & notification • IP ranges • Multifactor Authentication (MFA) Privilege Misuse Miscellaneous Errors
(C) 2011 - 2016 BizWit LLC OFFICE 365 PROTECTION OF SENSITIVE DATA Protecting User Credentials – Alerting & Reporting User access monitoring • Sign ins from unknown sources • Sign ins from IP addresses with suspicious activity • Users with anomalous sign in activity • Password reset activity Privilege Misuse Miscellaneous Errors
(C) 2011 - 2016 BizWit LLC • Exchange audit reports • Protect admins • Mail protection report - operations • SharePoint reports • PowerShell • Office 365 audit log reports OFFICE 365 PROTECTION OF SENSITIVE DATA Auditing & Reporting • Azure AD reports + premium
(C) 2011 - 2016 BizWit LLC • Office 365 audit log reports • File and folder activity e.g. downloaded files • Sharing activities • Synchronization • …. • Site administration • Exchange mailbox activities • User administration OFFICE 365 COMPLIANCE Auditing & Reporting
OFFICE 365 – SECURITY AND COMPLIANCE Security • Email protection – anti-phishing, anti-spoofing • Data protection – DLP, RMS, encryption • User access security controls - Azure AD, MFA • Operational and security alerts and reporting Compliance • eDiscovery, Legal Hold, DLP, auditing / reporting • Regulatory compliance – BAA, FedRAMP, CSA Core for building information security strategy (C) 2011 - 2016 BizWit LLC PRIORITY
(C) 2011 - 2016 BizWit LLC OFFICE 365 SECURITY & AZURE SERVICES THREAT INTELLIGENCE
OFFICE 365 SECURITY AND COMPLIANCE Robert Brzezinski, MBA, CHPS, CISA BizWit LLC Information Security Risk Management www.bizwit.us robert.brzezinski@bizwit.us (C) 2011 - 2016 BizWit LLC Better InfoSec image? ;o)

Recommended

Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Oddscentralohioissa
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022lior mazor
 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Imperva
 
CASBs and Office 365: The Security Menace
CASBs and Office 365: The Security MenaceCASBs and Office 365: The Security Menace
CASBs and Office 365: The Security MenaceBitglass
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageImperva
 
Webroot - self-defending IoT devices & gateways
Webroot - self-defending IoT devices & gateways Webroot - self-defending IoT devices & gateways
Webroot - self-defending IoT devices & gateways IISPEastMids
 

Recommended

Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Oddscentralohioissa
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022lior mazor
 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Imperva
 
CASBs and Office 365: The Security Menace
CASBs and Office 365: The Security MenaceCASBs and Office 365: The Security Menace
CASBs and Office 365: The Security MenaceBitglass
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageImperva
 
Webroot - self-defending IoT devices & gateways
Webroot - self-defending IoT devices & gateways Webroot - self-defending IoT devices & gateways
Webroot - self-defending IoT devices & gateways IISPEastMids
 
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan Singh
 
Biznet Gio Presentation - Database Security
Biznet Gio Presentation - Database SecurityBiznet Gio Presentation - Database Security
Biznet Gio Presentation - Database SecurityYusuf Hadiwinata Sutandar
 
Optimize IT Infrastructure
Optimize IT InfrastructureOptimize IT Infrastructure
Optimize IT InfrastructureScalar Decisions
 
Webinar: Adaptive Security
Webinar: Adaptive SecurityWebinar: Adaptive Security
Webinar: Adaptive SecurityBlueliv
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...Amazon Web Services
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StoryCloudLock
 
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingMark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingPro Mrkt
 
Guide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in ChinaGuide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in ChinaAlibaba Cloud
 
Cybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaCybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaFaysal Ghauri
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Imperva
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threatsZscaler
 
SD-WAN - comSpark 2019
SD-WAN - comSpark 2019SD-WAN - comSpark 2019
SD-WAN - comSpark 2019Advanced Technology Consulting (ATC)
 
Webinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security ThreatsWebinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security ThreatsBitglass
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and predictionVishwas Manral
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASBKyle Watson
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud worldZscaler
 
Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption Dell World
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionMarketingArrowECS_CZ
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
 
Providing a Flexible Approach to the Inflexible World of Information Security...
Providing a Flexible Approach to the Inflexible World of Information Security...Providing a Flexible Approach to the Inflexible World of Information Security...
Providing a Flexible Approach to the Inflexible World of Information Security...gemmarie1
 
The Business Of Information Security V2.0
The Business Of Information Security V2.0The Business Of Information Security V2.0
The Business Of Information Security V2.0theonassiokas
 

More Related Content

What's hot

Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan Singh
 
Optimize IT Infrastructure
Optimize IT InfrastructureOptimize IT Infrastructure
Optimize IT InfrastructureScalar Decisions
 
Webinar: Adaptive Security
Webinar: Adaptive SecurityWebinar: Adaptive Security
Webinar: Adaptive SecurityBlueliv
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...Amazon Web Services
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StoryCloudLock
 
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingMark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingPro Mrkt
 
Guide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in ChinaGuide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in ChinaAlibaba Cloud
 
Cybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaCybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaFaysal Ghauri
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Imperva
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threatsZscaler
 
Webinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security ThreatsWebinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security ThreatsBitglass
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and predictionVishwas Manral
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASBKyle Watson
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud worldZscaler
 
Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption Dell World
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionMarketingArrowECS_CZ
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
 

What's hot (20)

Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
Rohan s w2 - top 5 tools that help in monitoring compliance for pci dss and...
 
Biznet Gio Presentation - Database Security
Biznet Gio Presentation - Database SecurityBiznet Gio Presentation - Database Security
Biznet Gio Presentation - Database Security
 
Optimize IT Infrastructure
Optimize IT InfrastructureOptimize IT Infrastructure
Optimize IT Infrastructure
 
Webinar: Adaptive Security
Webinar: Adaptive SecurityWebinar: Adaptive Security
Webinar: Adaptive Security
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's Story
 
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust NothingMark Lomas | Zero-Trust Trust No One, Trust Nothing
Mark Lomas | Zero-Trust Trust No One, Trust Nothing
 
Guide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in ChinaGuide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in China
 
Cybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabiaCybersecurity frameworks globally and saudi arabia
Cybersecurity frameworks globally and saudi arabia
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threats
 
SD-WAN - comSpark 2019
SD-WAN - comSpark 2019SD-WAN - comSpark 2019
SD-WAN - comSpark 2019
 
Webinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security ThreatsWebinar - Bitglass and CyberEdge - Hidden Security Threats
Webinar - Bitglass and CyberEdge - Hidden Security Threats
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASB
 
The evolution of IT in a cloud world
The evolution of IT in a cloud worldThe evolution of IT in a cloud world
The evolution of IT in a cloud world
 
Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data Protection
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the Curve
 

Viewers also liked

Providing a Flexible Approach to the Inflexible World of Information Security...
Providing a Flexible Approach to the Inflexible World of Information Security...Providing a Flexible Approach to the Inflexible World of Information Security...
Providing a Flexible Approach to the Inflexible World of Information Security...gemmarie1
 
The Business Of Information Security V2.0
The Business Of Information Security V2.0The Business Of Information Security V2.0
The Business Of Information Security V2.0theonassiokas
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategyJason Clark
 
Perpetual Information Security - Driving Data Protection in an Evolving Compl...
Perpetual Information Security - Driving Data Protection in an Evolving Compl...Perpetual Information Security - Driving Data Protection in an Evolving Compl...
Perpetual Information Security - Driving Data Protection in an Evolving Compl...SafeNet
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance WorldEvan Francen
 
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...Edge Pereira
 
FireEye Systems Engineer
FireEye Systems EngineerFireEye Systems Engineer
FireEye Systems EngineerDediHusniHasyim
 
Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...Maxime CARPENTIER
 
The Business Of Identity, Access And Security V1.0
The Business Of Identity, Access And Security V1.0The Business Of Identity, Access And Security V1.0
The Business Of Identity, Access And Security V1.0theonassiokas
 
[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by AttackersFireEye, Inc.
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...centralohioissa
 
Email Security Best Practices
Email Security Best PracticesEmail Security Best Practices
Email Security Best PracticesKnowBe4
 
Roles of Information Security Officers in State Government
Roles of Information Security Officers in State GovernmentRoles of Information Security Officers in State Government
Roles of Information Security Officers in State GovernmentDavid Sweigert
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksImperva
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 

Viewers also liked (17)

Providing a Flexible Approach to the Inflexible World of Information Security...
Providing a Flexible Approach to the Inflexible World of Information Security...Providing a Flexible Approach to the Inflexible World of Information Security...
Providing a Flexible Approach to the Inflexible World of Information Security...
 
The Business Of Information Security V2.0
The Business Of Information Security V2.0The Business Of Information Security V2.0
The Business Of Information Security V2.0
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
 
Perpetual Information Security - Driving Data Protection in an Evolving Compl...
Perpetual Information Security - Driving Data Protection in an Evolving Compl...Perpetual Information Security - Driving Data Protection in an Evolving Compl...
Perpetual Information Security - Driving Data Protection in an Evolving Compl...
 
FireEye Engineering
FireEye Engineering FireEye Engineering
FireEye Engineering
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance World
 
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
 
FireEye Systems Engineer
FireEye Systems EngineerFireEye Systems Engineer
FireEye Systems Engineer
 
Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...
 
The Business Of Identity, Access And Security V1.0
The Business Of Identity, Access And Security V1.0The Business Of Identity, Access And Security V1.0
The Business Of Identity, Access And Security V1.0
 
[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers[Infographic] Email: The First Security Gap Targeted by Attackers
[Infographic] Email: The First Security Gap Targeted by Attackers
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
 
Email Security Best Practices
Email Security Best PracticesEmail Security Best Practices
Email Security Best Practices
 
Roles of Information Security Officers in State Government
Roles of Information Security Officers in State GovernmentRoles of Information Security Officers in State Government
Roles of Information Security Officers in State Government
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted Attacks
 
Fire Eye Appliance Quick Start
Fire Eye Appliance Quick StartFire Eye Appliance Quick Start
Fire Eye Appliance Quick Start
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 

Similar to Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration...Really?

Information security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioInformation security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioAntonioMaio2
 
C01 office 365, DLP data loss preventions, privacy, compliance, regulations
C01 office 365, DLP data loss preventions, privacy, compliance, regulationsC01 office 365, DLP data loss preventions, privacy, compliance, regulations
C01 office 365, DLP data loss preventions, privacy, compliance, regulationsEdge Pereira
 
What is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy itWhat is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy itPeter De Tender
 
OFFICE 365- CLOUD OR NOT, YOU SHOULD KNOW HOW IT WILL SHAPE YOUR ORGANISATIO...
OFFICE 365- CLOUD OR NOT, YOU SHOULD KNOW HOW IT WILL SHAPE YOUR ORGANISATIO...OFFICE 365- CLOUD OR NOT, YOU SHOULD KNOW HOW IT WILL SHAPE YOUR ORGANISATIO...
OFFICE 365- CLOUD OR NOT, YOU SHOULD KNOW HOW IT WILL SHAPE YOUR ORGANISATIO...Waterstons Ltd
 
SharePoint Online vs. On-Premise
SharePoint Online vs. On-PremiseSharePoint Online vs. On-Premise
SharePoint Online vs. On-PremiseEvan Hodges
 
Denodo Data Virtualization - IT Days in Luxembourg with Oktopus
Denodo Data Virtualization - IT Days in Luxembourg with OktopusDenodo Data Virtualization - IT Days in Luxembourg with Oktopus
Denodo Data Virtualization - IT Days in Luxembourg with OktopusDenodo
 
May 2020 Microsoft 365 Need to Know Webinar
May 2020 Microsoft 365 Need to Know WebinarMay 2020 Microsoft 365 Need to Know Webinar
May 2020 Microsoft 365 Need to Know WebinarRobert Crane
 
CIAOPS Need to Know Office 365 Webinar - March 2018
CIAOPS Need to Know Office 365 Webinar - March 2018CIAOPS Need to Know Office 365 Webinar - March 2018
CIAOPS Need to Know Office 365 Webinar - March 2018Robert Crane
 
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore
 
Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"IBM Security
 
May 2018 Office 365 Need to Know Webinar
May 2018 Office 365 Need to Know WebinarMay 2018 Office 365 Need to Know Webinar
May 2018 Office 365 Need to Know WebinarRobert Crane
 
Guard your Office 365 Data with NetApp Cloud Control
Guard your Office 365 Data with NetApp Cloud ControlGuard your Office 365 Data with NetApp Cloud Control
Guard your Office 365 Data with NetApp Cloud ControlIngram Micro
 
December 2019 Microsoft 365 Need to Know Webinar
December 2019 Microsoft 365 Need to Know WebinarDecember 2019 Microsoft 365 Need to Know Webinar
December 2019 Microsoft 365 Need to Know WebinarRobert Crane
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Robert Crane
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughImperva
 
Office 365 GDPR Presentation
Office 365 GDPR PresentationOffice 365 GDPR Presentation
Office 365 GDPR PresentationLuc Marolt
 
Shield db data security
Shield db data securityShield db data security
Shield db data securityMousumi Manna
 
Shield db data security
Shield db data securityShield db data security
Shield db data securityMousumi Manna
 

Similar to Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration...Really? (20)

Information security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioInformation security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maio
 
C01 office 365, DLP data loss preventions, privacy, compliance, regulations
C01 office 365, DLP data loss preventions, privacy, compliance, regulationsC01 office 365, DLP data loss preventions, privacy, compliance, regulations
C01 office 365, DLP data loss preventions, privacy, compliance, regulations
 
What is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy itWhat is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy it
 
OFFICE 365- CLOUD OR NOT, YOU SHOULD KNOW HOW IT WILL SHAPE YOUR ORGANISATIO...
OFFICE 365- CLOUD OR NOT, YOU SHOULD KNOW HOW IT WILL SHAPE YOUR ORGANISATIO...OFFICE 365- CLOUD OR NOT, YOU SHOULD KNOW HOW IT WILL SHAPE YOUR ORGANISATIO...
OFFICE 365- CLOUD OR NOT, YOU SHOULD KNOW HOW IT WILL SHAPE YOUR ORGANISATIO...
 
SharePoint Online vs. On-Premise
SharePoint Online vs. On-PremiseSharePoint Online vs. On-Premise
SharePoint Online vs. On-Premise
 
Denodo Data Virtualization - IT Days in Luxembourg with Oktopus
Denodo Data Virtualization - IT Days in Luxembourg with OktopusDenodo Data Virtualization - IT Days in Luxembourg with Oktopus
Denodo Data Virtualization - IT Days in Luxembourg with Oktopus
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENT
 
IAM
IAMIAM
IAM
 
May 2020 Microsoft 365 Need to Know Webinar
May 2020 Microsoft 365 Need to Know WebinarMay 2020 Microsoft 365 Need to Know Webinar
May 2020 Microsoft 365 Need to Know Webinar
 
CIAOPS Need to Know Office 365 Webinar - March 2018
CIAOPS Need to Know Office 365 Webinar - March 2018CIAOPS Need to Know Office 365 Webinar - March 2018
CIAOPS Need to Know Office 365 Webinar - March 2018
 
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
 
Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"
 
May 2018 Office 365 Need to Know Webinar
May 2018 Office 365 Need to Know WebinarMay 2018 Office 365 Need to Know Webinar
May 2018 Office 365 Need to Know Webinar
 
Guard your Office 365 Data with NetApp Cloud Control
Guard your Office 365 Data with NetApp Cloud ControlGuard your Office 365 Data with NetApp Cloud Control
Guard your Office 365 Data with NetApp Cloud Control
 
December 2019 Microsoft 365 Need to Know Webinar
December 2019 Microsoft 365 Need to Know WebinarDecember 2019 Microsoft 365 Need to Know Webinar
December 2019 Microsoft 365 Need to Know Webinar
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t Enough
 
Office 365 GDPR Presentation
Office 365 GDPR PresentationOffice 365 GDPR Presentation
Office 365 GDPR Presentation
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 

More from centralohioissa

Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Programcentralohioissa
 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...centralohioissa
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directorscentralohioissa
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systemscentralohioissa
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?centralohioissa
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
 
Sean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a HospitalSean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a Hospitalcentralohioissa
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...centralohioissa
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chaincentralohioissa
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
 
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...centralohioissa
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligencecentralohioissa
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
 

More from centralohioissa (20)

Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Program
 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directors
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
 
Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
 
Sean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a HospitalSean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a Hospital
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
 
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chain
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
 
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligence
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration...Really?

  • 1. Robert Brzezinski, CHPS, CISA BizWit LLC Information Security Risk Management Columbus, OH www.bizwit.us OFFICE 365 SECURITY AND COMPLIANCE CLOUDY COLLABORATION … REALLY? (C) 2011 - 2016 BizWit LLC
  • 2. 1. Understand Office 365 security and compliance 2. Satisfying business, security and compliance needs 3. Verify configuration 4. Define audit scope 5. Make educated decision OFFICE 365 SECURITY AND COMPLIANCE (C) 2011 - 2016 BizWit LLC
  • 3. OFFICE 365 SECURITY AND COMPLIANCE 1. How hackers break in? 2. Office 365 and Federal regulations? 3. Email protection 4. Protecting data and collaboration environment 5. Protecting user credentials 6. Meeting Compliance requirements 7. Is the Cloud right for you? (C) 2011 - 2016 BizWit LLC
  • 4. Protection of Sensitive Data - # 1 driver for security spending (SANS) Regulatory Compliance - # 2 driver for security spending (SANS) (C) 2011 - 2016 BizWit LLC SECURITY PRIORITIES AND OFFICE 365
  • 5. Source: Verizon 2015 Data Breach Investigation Report (DBIR) Threats and Security Incidents (C) 2011 - 2016 BizWit LLC SECURITY PRIORITIES AND OFFICE 365 Source: Verizon 2016 Data Breach Digest (DBD)
  • 6. (C) 2011 - 2016 BizWit LLC Source: 2015 Verizon DBIR • Email • Phishing / Malware • Malicious website • Compromised credentials • Email mistakes • Lost data or device • Compromised data • Compromised credentials • Privilege misuse Threat actions HOW HACKERS BREAK IN? SECURITY PRIORITIES AND OFFICE 365 FBI – Business Email Compromise 2013-15 Exposed Dollars Loss $800 M – $1.2 B
  • 7. OFFICE 365 TRUST CENTER - COMPLIANCE WITH FEDERAL REGULATIONS Top 10 compliance standards of Office 365: HIPAA, FedRAMP/FISMA, SSAE16, GLBA, PIPEDA, FERPA, EU, ISO 27001 Office 365 receives FedRAMP Authority to Operate (ATO) from HHS OIG FBI CJIS Addendum Office 365 listed in CSA Security, Trust & Assurance Registry (STAR) (C) 2011 - 2016 BizWit LLC
  • 8. OFFICE 365 PROTECTION OF SENSITIVE DATA • Malware / malicious links / ransom • Connection / IP: white, black and safe list • Anti-spoofing technologies: DMARC & DKIM, SPF • Trusted domains / connectors (C) 2011 - 2016 BizWit LLC Protecting Inbound Email Exchange Online Protection (EOP) Phishing & Malware Advanced Threat Protection (ATP)
  • 9. OFFICE 365 PROTECTION OF SENSITIVE DATA (C) 2011 - 2016 BizWit LLC Protecting Outbound Email and Data Mail flow rules • Malware + / Flag external • Data Loss Prevention (DLP) • Encryption / decryption • Secure attachments • Email supervisory workflow • Incident reporting Mobile device access Miscellaneous Errors
  • 10. DLP & ENCRYPTION (C) 2011 - 2016 BizWit LLC OFFICE 365 PROTECTION OF SENSITIVE DATA
  • 11. OFFICE 365 EMAIL COMPLIANCE (C) 2011 - 2016 BizWit LLC • Data Loss Prevention (DLP) • eDiscovery • Litigation Hold • Retention policies • Archiving • Auditing reports • Non-owner mailbox access • Admin and external admin log • Configuration changes by admin • Admin role group changes Privilege Misuse
  • 12. OFFICE 365 PROTECTION OF SENSITIVE DATA (C) 2011 - 2016 BizWit LLC Protecting Data - SharePoint Collaboration Sites Architecture • Data Containers / Logical Separation Permissions and sharing • Very granular permissions • External sharing blocking Data Loss Prevention (DLP) & Alerting • SharePoint / OneDrive and Exchange • Malware scanning • Alerts for e.g. content changes Miscellaneous Errors
  • 13. OFFICE 365 PROTECTION OF SENSITIVE DATA (C) 2011 - 2016 BizWit LLC Protecting Data with Rights Management Services • Encrypt attachments • Limit access and editing capabilities • Manage content expiry • View document use Miscellaneous Errors Information Rights Management for SharePoint and for Desktop / Email • Protect / encrypt documents in place (on laptop)
  • 14. (C) 2011 - 2016 BizWit LLC OFFICE 365 PROTECTION OF SENSITIVE DATA Rights Management Services (RMS)
  • 15. OFFICE 365 PROTECTION OF SENSITIVE DATA (C) 2011 - 2016 BizWit LLC Rights Management Services (RMS)
  • 16. (C) 2011 - 2016 BizWit LLC OFFICE 365 SHAREPOINT COMPLIANCE • Data Loss Prevention (DLP) • eDiscovery • Retention policies & Archiving • Auditing reports • Editing or viewing content • Editing users and permissions • Office 365 audit log Rights Management Services / Information Rights Management Privilege Misuse Miscellaneous Errors
  • 17. (C) 2011 - 2016 BizWit LLC OFFICE 365 PROTECTION OF SENSITIVE DATA Protecting User Credentials - Security Configuration User management in Office 365 • Admin, licensing and self-service • Azure AD (Active Directory) • Synchronization • Authentication & notification • IP ranges • Multifactor Authentication (MFA) Privilege Misuse Miscellaneous Errors
  • 18. (C) 2011 - 2016 BizWit LLC OFFICE 365 PROTECTION OF SENSITIVE DATA Protecting User Credentials – Alerting & Reporting User access monitoring • Sign ins from unknown sources • Sign ins from IP addresses with suspicious activity • Users with anomalous sign in activity • Password reset activity Privilege Misuse Miscellaneous Errors
  • 19. (C) 2011 - 2016 BizWit LLC • Exchange audit reports • Protect admins • Mail protection report - operations • SharePoint reports • PowerShell • Office 365 audit log reports OFFICE 365 PROTECTION OF SENSITIVE DATA Auditing & Reporting • Azure AD reports + premium
  • 20. (C) 2011 - 2016 BizWit LLC • Office 365 audit log reports • File and folder activity e.g. downloaded files • Sharing activities • Synchronization • …. • Site administration • Exchange mailbox activities • User administration OFFICE 365 COMPLIANCE Auditing & Reporting
  • 21. OFFICE 365 – SECURITY AND COMPLIANCE Security • Email protection – anti-phishing, anti-spoofing • Data protection – DLP, RMS, encryption • User access security controls - Azure AD, MFA • Operational and security alerts and reporting Compliance • eDiscovery, Legal Hold, DLP, auditing / reporting • Regulatory compliance – BAA, FedRAMP, CSA Core for building information security strategy (C) 2011 - 2016 BizWit LLC PRIORITY
  • 22. (C) 2011 - 2016 BizWit LLC OFFICE 365 SECURITY & AZURE SERVICES THREAT INTELLIGENCE
  • 23. OFFICE 365 SECURITY AND COMPLIANCE Robert Brzezinski, MBA, CHPS, CISA BizWit LLC Information Security Risk Management www.bizwit.us robert.brzezinski@bizwit.us (C) 2011 - 2016 BizWit LLC Better InfoSec image? ;o)