Information Protection is the ability to positively control and report on the use and modification of your most important information assets. In this whitepaper you will find useful information to protect your organization with Microsoft Technologies,
The objective of this workshop is to show existing Oracle Database (Enterprise
Edition, Exadata, Autonomous Database, EXACS, DBCS) customers how to
attach your Database to Data safe and gain valuable understanding of
potential risks. Using user Assessment, understand rights and entitlement of
users and review activity auditing which provides powerful insight to database
interaction. The workshop will finish with a full sensitive data discovery and
then how to anonymize date with sensitive data masking.
The workshop is delivered in an interactive way with Presentations and Hands on
Labs to ensure complete understanding.
Extending Information Security to Non-Production EnvironmentsLindaWatson19
This paper discusses the threats that non-production environments pose to database security and provides practical advice and multiple options for ensuring data assets remain secure against unauthorized access.
Data centric security key to cloud and digital businessUlf Mattsson
Recent breaches demonstrate the urgent need to secure enterprise identities against cyberthreats that target today’s hybrid IT environment of cloud, mobile and on-premises. The rapid rise of cloud databases, storage and applications has led to unease among adopters over the security of their data. Whether it is data stored in a public, private or hybrid cloud, or used in third party SaaS applications, companies have good reason to be concerned. The biggest challenge in this interconnected world is merging data security with data value and productivity. If we are to realize the benefits promised by these new ways of doing business, we urgently need a data-centric strategy to protect the sensitive data flowing through these digital business systems.
The objective of this workshop is to show existing Oracle Database (Enterprise
Edition, Exadata, Autonomous Database, EXACS, DBCS) customers how to
attach your Database to Data safe and gain valuable understanding of
potential risks. Using user Assessment, understand rights and entitlement of
users and review activity auditing which provides powerful insight to database
interaction. The workshop will finish with a full sensitive data discovery and
then how to anonymize date with sensitive data masking.
The workshop is delivered in an interactive way with Presentations and Hands on
Labs to ensure complete understanding.
Extending Information Security to Non-Production EnvironmentsLindaWatson19
This paper discusses the threats that non-production environments pose to database security and provides practical advice and multiple options for ensuring data assets remain secure against unauthorized access.
Data centric security key to cloud and digital businessUlf Mattsson
Recent breaches demonstrate the urgent need to secure enterprise identities against cyberthreats that target today’s hybrid IT environment of cloud, mobile and on-premises. The rapid rise of cloud databases, storage and applications has led to unease among adopters over the security of their data. Whether it is data stored in a public, private or hybrid cloud, or used in third party SaaS applications, companies have good reason to be concerned. The biggest challenge in this interconnected world is merging data security with data value and productivity. If we are to realize the benefits promised by these new ways of doing business, we urgently need a data-centric strategy to protect the sensitive data flowing through these digital business systems.
DocuClassify - AutoClassification at its bestDocuLynx
DocuLynx’s Adaptive Auto-Classification technology, DocuClassify, classifies a wide variety of structured and unstructured enterprise data including e-mails, documents, files, records and ERP data, file servers and SharePoint objects. It enables follow-on processes such as DLP, intelligent movement of information to optimized storage tiers, audit proof archiving, and eDiscovery. The result is a greater degree of information transparency, policy-based compliance and information security.
Azure Information Protection - Taking a Team ApproachJoanne Klein
There's a lot more to implementing Azure Information Protection(AIP) than meets the eye simply because it goes far beyond the technical implementation of labels. In this practical session, we'll walk thru some steps to help set your organization up for a successful AIP rollout. These steps include:
how to plan your organization's AIP labels
how to configure them for your tenant
how to ensure information workers in your organization have adopted their use.
Each step is critical to the overall success of your AIP program and the reason why it cannot be done by the IT-Pro alone. Joanne and Charmaine team up for this session to share some practical advice and creative tips and tricks for rolling out AIP and will cover topics for the IT Pro, Information Manager, and Adoption specialist – all required resources on an AIP rollout team! You might even see an AIP bot!
Cloud Security is not equal to Cloud Data SecuritySeclore
Cloud data protection is the practice of securing a company’s data in a cloud environment, wherever that data is located, whether it’s at rest or in motion. Enterprises must understand that the security of the cloud infrastructure is the cloud service provider’s responsibility, but that doesn’t transfer the responsibility of data security on the cloud. Enterprises must take measures to protect data going to the cloud themselves
Seclore a pioneer in industry best of breed data-centric solutions provides cloud data security solutions by adding granular, persistent usage controls to sensitive data accessed, downloaded, or emailed from the cloud.
Benefits of automating data protection | SecloreSeclore
Automation eliminates users’ need to decide the security policy for a sensitive email or document. It reduces user friction, also automation in a system flow results in improved user experience. Learn about how Automation can help you achieve zero manual errors.
Turtles, Trust and The Future of Cybersecurity
Faith in our institutions is collapsing, and GDPR is at the door. What would cybersecurity look like if we started from scratch, right now, in our hybrid, interdependent world? It would focus relentlessly on data. Learn how a data-centric security approach can reduce risk, increase efficiency and re-engineer trust in a society where faith has been shaken by unstoppable breaches.
Audience – Sales and pre-sales audience selling to large enterprises and government.
Occasion – Annual channel partners of Thales – April 2010
Presenter – Tony Lock, Programme Director, Freeform Dynamics
A Novel Information Accountability Framework for Cloud ComputingIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
DocuClassify - AutoClassification at its bestDocuLynx
DocuLynx’s Adaptive Auto-Classification technology, DocuClassify, classifies a wide variety of structured and unstructured enterprise data including e-mails, documents, files, records and ERP data, file servers and SharePoint objects. It enables follow-on processes such as DLP, intelligent movement of information to optimized storage tiers, audit proof archiving, and eDiscovery. The result is a greater degree of information transparency, policy-based compliance and information security.
Azure Information Protection - Taking a Team ApproachJoanne Klein
There's a lot more to implementing Azure Information Protection(AIP) than meets the eye simply because it goes far beyond the technical implementation of labels. In this practical session, we'll walk thru some steps to help set your organization up for a successful AIP rollout. These steps include:
how to plan your organization's AIP labels
how to configure them for your tenant
how to ensure information workers in your organization have adopted their use.
Each step is critical to the overall success of your AIP program and the reason why it cannot be done by the IT-Pro alone. Joanne and Charmaine team up for this session to share some practical advice and creative tips and tricks for rolling out AIP and will cover topics for the IT Pro, Information Manager, and Adoption specialist – all required resources on an AIP rollout team! You might even see an AIP bot!
Cloud Security is not equal to Cloud Data SecuritySeclore
Cloud data protection is the practice of securing a company’s data in a cloud environment, wherever that data is located, whether it’s at rest or in motion. Enterprises must understand that the security of the cloud infrastructure is the cloud service provider’s responsibility, but that doesn’t transfer the responsibility of data security on the cloud. Enterprises must take measures to protect data going to the cloud themselves
Seclore a pioneer in industry best of breed data-centric solutions provides cloud data security solutions by adding granular, persistent usage controls to sensitive data accessed, downloaded, or emailed from the cloud.
Benefits of automating data protection | SecloreSeclore
Automation eliminates users’ need to decide the security policy for a sensitive email or document. It reduces user friction, also automation in a system flow results in improved user experience. Learn about how Automation can help you achieve zero manual errors.
Turtles, Trust and The Future of Cybersecurity
Faith in our institutions is collapsing, and GDPR is at the door. What would cybersecurity look like if we started from scratch, right now, in our hybrid, interdependent world? It would focus relentlessly on data. Learn how a data-centric security approach can reduce risk, increase efficiency and re-engineer trust in a society where faith has been shaken by unstoppable breaches.
Audience – Sales and pre-sales audience selling to large enterprises and government.
Occasion – Annual channel partners of Thales – April 2010
Presenter – Tony Lock, Programme Director, Freeform Dynamics
A Novel Information Accountability Framework for Cloud ComputingIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
We are living a complete digital transformation where people are not restricted by apps or devices or even location. Work can be done anywhere and on any device which leads to greater security concerns regarding this business data living on mobile devices and shared with external (sometimes not trusted users). Microsoft Unified Labeling protection leverages the power of the cloud and ease of use (a few clicks for implementation) to provide a complete Information Protection solution. Now with the new unified Azure label client, users can administer the labels from one location while being integrated across the whole Microsoft platform. Attendees will learn how to configure Unified labels with real case scenarios.
Data loss prevention (DLP) is a set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.
Data Loss Prevention solutions help companies avoid data loss incidents through a continuous data monitoring process across endpoints, networks and clouds.
BlackBerry Workspaces: Integration with Data Loss Prevention (DLP)BlackBerry
Introducing BlackBerry Workspaces to an enterprise workforce kick-starts secure collaboration and true mobile productivity. With powerful security controls centered on files, content that includes intellectual property or Personal Identifiable Information (PII) can now be accessed on BYOD mobile devices, or shared with external business partners without fear. The ability to control, revoke and track corporate files provides unprecedented Data Loss Prevention.
In addition to the protected distribution of sensitive files, Workspaces provides two additional pillars in the world of Data Loss Prevention. Learn about them in this data sheet.
Microsoft cloud app security or CASB is a critical component of the Microsoft cloud security stack. It provides a comprehensive solution to give organizations improved visibility into cloud activities, uncover shadow IT, assess risks, enforce polices, investigate suspicious activities and stop threats
https://blog.ahasayen.com/microsoft-cloud-app-security-casb/
Mcafee CASB/DLP + Seclore Rights Management Solutions Seclore
Sensitive or regulatory data can be seamlessly protected as it migrates to and through endpoints, email, and cloud services to its ultimate destination with the combination of right DLP/CASB Solutions. The joint solution between Seclore and McAfee is easy to use and enables organizations to confidently conduct business workflows leveraging any and all collaboration tools.
Seclore’s enhanced Classification-Driven Data Protection provides organizations a truly secure data-centric security strategy by overcoming the challenge of discovery tools reading classification labels in encrypted documents and emails.
Microsoft’s sensitivity labels is among the most popular data classification solutions to help categorize data into different sensitivity levels. However, it leaves the most sensitive data defenseless.
Seclore automatically attaches security permissions on classified documents and emails to make the sensitivity label meaningful. Classified data can now travel safely beyond the organization’s perimeter to support secure collaboration.
Making Data Classification Work for You - 18 Things to Consider When Choosing Data Classification Solutions.
For more information, please visit: http://www.secureislands.com/solutions-classification/
Platform + Intelligence + Partners
This new understanding has led us to build new solutions for our customers. It informs our entire approach across three critical elements:
Building a platform that looks holistically across all the critical end-points we talked about – building security into our platform as well as providing security tools and technologies to you
Acting on the Intelligence that comes from our security-related signals and insights – helps you and us to detect threats more quickly
Fostering a vibrant ecosystem of partners who help us raise the bar across the industry – we know we’re not your only security vendor, and we want to work with the industry and take a holistic approach to technology
Microsoft 365 provides holistic security that is aligned to these four pillars of security.
By helping enterprise businesses secure corporate data and manage risk in today’s mobile-first, cloud-first world Microsoft 365 E5 enables customers to digitally transform by unifying user productivity and enterprise security tools into a single suite that enables the modern workplace.
Identity & Access Mgmt
Protect users’ identities and control access to valuable resources based on user risk level
Information Protection
Ensure documents and emails are seen only by authorized people
Threat Protection
Protect against advanced threats and recover quickly when attacked
Security Management
Gain visibility and control over security tools
Presentation delivered by Pablo Junco to the HOLA Community at Microsoft. The objective was to provide guidelines to people how want to become a mentor (or improve their skills as mentor.
HOLA stands for Hispanic & Latino Organization of Leaders in Action. HOLA provides professional development and networking opportunities for members and allies of the LatinX and Hispanic communities.
Hablando de blockchain en la Uniandes de ColombiaPablo Junco
os comparto mi presentacion de Blockchain y el papel de arquitecto de aplicaciones para los estudiantes de la maestría de arquitectura de tecnología de la Universidad de los Andes en Colombia.
Creciendo el negocio con uso responsable de IAPablo Junco
Presentación utilizada por Pablo Junco (CTO de Microsoft para Latina America) sobre como crecer el negocio con un uso responsable de la INTELIGENCIA ARTIFICIAL #AI aplicada al sector financiero. La sesión fue parte del congreso organizado por Asobancaria "Innovación y Transformación Digital – Meeting ON 2020".
Attackers are already signaling that they view identity as crucial to modern security, concentrating their attacks on this important control plane as identity-based attacks lead the 300% overall increase in attacks experienced over the last year. This attack concentration is due to the changing shape of the modern workplace, with identity playing such a vital role in every cloud IT environment, cyber-attacks against identities will only continue to increase in their sophistication and persistence.
This whitepaper will help you to answer key questions such as: How will your organization protect itself from advanced cyber-attacks? What are you doing to detect suspicious behavior within the organization and beyond? What processes and tools will you implement to quickly respond to threats and quickly recover from the effects of an attack?
Modernizing your organization safely takes a clear roadmap and with that in mind we’ve created our new whitepaper on the roadmap to protecting your modern workplace.
NEO DevCon 2019 - Blockchain Use Cases and Enterprise Needs Pablo Junco
Presentation delivered by Pablo Junco (WW Director at Microsoft) during the NEO DevCon 2019 in Seattle. A session about Microsoft experiences delivering blockchain projects in the enterprise.
White paper - Customer Experience TransformationPablo Junco
This white paper highlights the business value of customer experience as a differentiator and explores three critical enablers to guide organizations embarking on the transformation journey.
White Paper - Charting the course, An odyssey of Operational TransformationPablo Junco
Operational Transformation (OT) is about changing enterprise’s business operations to serve their digital customers’ needs and expectations.
OT is Core to every Enterprise’s Digital Transformation journey focusing on operational excellence with a customer centric approach.
Enterprises are increasingly rely on Emergency Technologies such as Cognitive Services, Intelligent Agents/Apps, Internet of Things, and Value-Exchange Apps (Blockchain) to create differentiating operational digital capabilities to drive sustainable business & shareholder value.
Whitepaper - IoT Maturity Model (IoTMM)Pablo Junco
This maturity model is a response to an underlying issue encountered in Microsoft Services’ experiences working with large and global organizations on their IoT deployments.
Whitepaper - IoT adoption in digital transformation journeys (v2.0)Pablo Junco
The Internet of Things or IoT is disrupting organizations across industries such as Manufacturing, Transportation, and Retail. Microsoft is undertaking Digital Transformation projects with over 1,000 customers, and with many of them, we had observed that IoT is the enabler of the business change.
However, Digital transformation isn’t necessarily about solving new business problems. It’s about how to solve existing problems more quickly, economically, efficiently, securely and with an extensible design that allows customers to iterate and evolve more rapidly.
The trends driving Digital Transformation include business, people, technology, and generational factors. Organizations are quickly experimenting with new technologies as the time between hype and adoption has shortened. The maturity of technologies such as IoT plus the acceptability of consumers is helping organizations to unlock the value of connecting things. In response, organizations are digitally transforming their business models to shift how they deliver value and drive efficiency.
This paper introduces a new engagement model based on Microsoft’ experience helping organizations succeed while adopting IoT as part of their Digital Transformation Journey.
Supply chain with blockchain - Solution BriefPablo Junco
Blockchain technology is uniquely positioned to help create trust, transparency, collaboration, and accountability between parties in supply chain scenarios. The technology allows supply chain participants to track an asset’s status as it moves across a custodial chain and share information on its origins and how it’s handled along the way.
Microsoft Services can help you to quickly start your blockchain project to transform your supply chain with blockchain on Microsoft Azure. The Supply Chain with Blockchain Offer provides a framework to accelerate time to value through integrations and extensions to the cloud services and consuming apps you already use, and innovate with confidence on an open, trusted, and globally available platform.
Blockchain is one of the top emerging technologies revolutionizing today’s business models. Blockchain is a technology for exchanging value between trusted participants without the need of intermediaries and can help lower transaction costs.
Microsoft is your strategic partner to assess the value of blockchain for your business and deliver a proof of value with the right solution for you to solve your business challenges.
Microsoft Services provides a three-week engagement to help you to understand the potential impact of blockchain technology, determine your business scenario suitable for blockchain, and develop a proof of concept (PoC) with a small initial investment.
e-Book Transforming the external value chain and back office with Digital Ec...Pablo Junco
Read this eBook “Start thinking like a digital company” for a peek into how Microsoft Services can help your business transform its external value chain and back office with Digital Ecosystem and Operations.
Topics include:
• Supply chain
• Trade finance
• Know your customer
• Digital DNA
• Open API
Moving forward based on Market Trends #BlockchainSubmit Pablo Junco
The presentation was used during the closing session in the Blockchain DLT Summit at Lima, Peru (November 14). Thanks to the summit sponsors UTEC, R3, BCP, and Microsoft Peru.
The presentation was used during the keynote session in the Blockchain DLT Summit at Lima, Peru (November 14). Thanks to the summit sponsors UTEC, R3, BCP, and Microsoft Peru.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
4. TRUSTED INFORMATION PROTECTION
0605
Together, these Information Protection capabilities combine with threat
protection, identity and access management, and security management
to help you create a comprehensive cyber resilience strategy to secure
corporate data and manage risk.
With our approach to Information Protection (refer to the list above),
you can secure your sensitive information, maintain compliance with
key information security standards, and decrease risk.
Microsoft Information Protection
Protects information from leakage, blocking undesired actions
and access by untrusted and/or malicious actors.
Lets you “know” when information is accessed by whom and
what they did.
Enables users to be more productive and collaborate confidently,
since they know where their documents are and how they are
being used.
Balances user productivity with security needs, including the
flexibility to automatically apply protection or to guide users to
apply the appropriate protection themselves.
Gives users control of their shared files and informs them when
something is wrong.
Keeps management aware of information, enabling it to discover
patterns and understand how information flows.
Buildingtrust
Today, customers, employees, and communities trust that organizations
will safeguard their sensitive information. Compliance standards such as
the EU’s General Data Protection Regulation (GDPR) and ISO/IEC 27000 family
even require information protection and proper data management. Thus, the
question is no longer whether Information Protection needs to happen, but
what is the best way to get it done?
Using capabilities built into Microsoft Office 365 and Windows 10, plus solutions
provided in Microsoft Enterprise Mobility + Security , you can manage and
secure your organization’s digital information in the cloud, across devices, and
on-premises, just as you manage and secure other critical entities such as
identities, devices, applications, and networks. You can detect sensitive
information wherever it resides, protect and manage it throughout its lifecycle,
and respond to incidents when they arise.
5. TRUSTED INFORMATION PROTECTION
07
Our capabilities let you discover information as it appears, no
matter where it is created or lives. You can classify it into distinct
categories and apply sensitivity labels that persist with a document
so that custom controls can be applied, such as enforcing policies
and restricting access. You can protect it appropriately, applying
policy-based actions to sensitive information. You can monitor the
information properly to identify potential misuse of sensitive data,
as well as to investigate issues and respond appropriately.
In the following pages, we provide you with an overview
of capabilities you can apply to your Information Protection
strategy, so you can be confident your most sensitive and
confidential information is protected.
6. TRUSTED INFORMATION PROTECTION
1009
TheInformation
Protectionlifecycle
We use a four-stage lifecycle approach to Information Protection
in which you discover, classify, protect, and monitor sensitive
information. We provide capabilities that you can use in each of
the stages (see table on pages 34–36 of this paper).
Our Information Protection capabilities are closely aligned functionally
and architecturally. They share common features and implementations,
use the same mechanisms, are configured in a common way, and work
together across varying scenarios. Our capabilities provide what you
need to build a trusted environment by following all four stages of the
Information Protection lifecycle.
Journey through the Information
Protection lifecycle
Here is a hypothetical example of how Information Protection can work.
Jan works in the human resources department of a global manufacturing
company with offices in the U.S., Europe, and Asia. Within Microsoft
Office 365, Jan creates an Excel file that has a column for worldwide
employee phone numbers. How can this information be protected
appropriately, and how can the organization maintain compliance with
privacy standards such as GDPR?
Discover: If the IT security administrator for Azure Information
Protection (AIP) has configured rules to detect sensitive data (e.g.,
phone numbers and credit card numbers), AIP automatic classification
will recognize that the file contains a phone number. AIP knows there
are policies regarding the use of phone numbers requiring them to be
kept confidential.
Classify: AIP applies a sensitivity label to classify the file based on
the policy. In this case, the Excel file will be classified as confidential.
If Jan’s spreadsheet moves to different people, devices, and
locations, its classification will travel with it, ensuring that proper
protection is applied.
Protect: The organization uses AIP to automatically apply protection
to the confidential spreadsheet. Access rights will be applied to limit
access to only authorized recipients. Unauthorized users will not be
able to open or view the file.
Monitor: Users and administrators can use a document tracking site
to monitor who is accessing the Excel file and when. If they suspect
misuse, they can revoke access to it. Whether the file stays in one
place or moves around, AIP can monitor file access, sharing, and
usage, and can respond quickly to potential abuse or threats.
Response could be in the form of real-time alerts, email messages, or
a reporting dashboard.
7. TRUSTED INFORMATION PROTECTION
11
Classify
Once you have discovered information, classify it into distinct
categories reflecting its sensitivity using a customized
classification and labeling template based on your needs. Even if
the information is considered sensitive, there are typically
different levels of sensitivity, and you may want different actions
to be applied based on the level.
Office 365 Advanced Data Governance enables you to classify and
automatically label sensitive files—in particular for the purpose of
applying data retention and deletion policies across your Office 365
environment. AIP enables you to automatically classify and label
sensitive files beyond Office 365 and even on-premises. AIP also works
with MCAS to enable you to classify and label sensitive documents that
live in third-party SaaS services.
Discover
To protect sensitive information, you need to know when and where
it is created—in an email or on a server, in on-premises file shares or
datacenters, on individual devices, across cloud services, or within
software as a service (SaaS) applications.
Azure Information Protection (AIP), Microsoft Cloud App Security (MCAS),
and Office 365 data loss prevention (DLP) use discovery capabilities to find
sensitive information. For example, AIP can discover sensitive data in
on-premises file servers, and MCAS can discover sensitive data in third-
party SaaS services. Office 365 DLP can be used to discover sensitive data
within your Office 365 environment (e.g., Exchange Online, OneDrive for
Business, and SharePoint Online).
12
8. TRUSTED INFORMATION PROTECTION
13
For example, you can use AIP to classify documents and email messages.
The classification results in a label being applied to the data. The label enables
custom controls to be applied, such as for policy enforcement and data
governance. The label is also represented as metadata written into the file
that travels with it as it moves.
When you do this, the label persists with the file, regardless of where the
information is stored or with whom it is shared. Metadata is added to files and
email headers in clear text. The clear text ensures other services, such as data loss
prevention solutions, can identify the classification and take appropriate action.
Once the information has been stamped with a sensitivity label, your
company can automatically apply the desired policy to the document.
Based on the policy defined by your organization, any number of protective
actions can be taken, such as applying encryption, restricting access rights,
applying visual markings or a watermark, executing a retention or deletion
policy, or performing a DLP action such as blocking file sharing.
A critical step in the overall information protection strategy is defining the
policies and actions to take, while also ensuring users can perform their jobs.
We help customers define policies and roles for governing information.
For example, we provide a default recommended set of classification and
sensitivity labels to apply to documents.
Protection is built-in
We have built data encryption into our services (Office 365)
and platforms (Windows 10) for both data at rest and data in
transit. Encryption at rest protects your data on our servers.
Encryption in transit (using SSL/TLS) protects your data when
it’s transmitted.
To protect individual files, you can apply rights-based permissions
so that only intended recipients can access and view the information.
You can also apply data loss prevention actions, such as blocking the
sharing of a file with sensitive information like credit card information
or personal identification numbers. You can limit or block access to
cloud apps present in your environment or revoke app access
among specific individuals.
To help users make more informed decisions, you can enable
on-screen policy tips that notify users that the document they are
working with contains sensitive information. You can even
automatically apply a visual marking to a document, such as on the
header or footer.
To help prevent sensitive information from remaining longer than
necessary and potentially posing a risk, you can automatically retain,
expire, or delete documents based on information governance
policies defined by your company. These capabilities are also
fundamental for meeting compliance standards (e.g., GDPR).
9. TRUSTED INFORMATION PROTECTION
1615
Protect
Once you have classified information, you move to perhaps the most
important phase of information protection—applying policy-based
actions to sensitive information.
The organization defines the policy-based actions to apply to sensitive
information, while also ensuring users can do their jobs. These policies
and their related actions determine how information can be used and
shared. This approach ensures information is protected at the right level
based on sensitivity.
Traditionally, protection has primarily meant controlling access to
information. With Microsoft capabilities and the policies defined by your
company, including those for compliance, you can take a range of
protective actions depending on the sensitivity of the information.
For example, you can use MCAS to scan cloud apps for sensitive data and
automatically apply AIP labels through policies, including encryption
and rights management capabilities to block forwarding, printing,
copying, and more.
AIP and Office 365 allow for adding encryption protection as a policy action.
The protection feature in AIP uses encryption, identity, and authorization
policies that stay with the protected document and email to help you
maintain control of your data, even when it is shared with other people.
Office 365 Message Encryption combines email encryption and rights
management capabilities. Rights management capabilities are powered
by AIP. Office 365 Message Encryption works with Outlook.com, Yahoo!,
Gmail, and other email services. Organizations also have the option to
provide and control their own encryption keys for Office 365 Message
Encryption. This is offered through Bring Your Own Key (BYOK) for AIP.
With Office 365, data is encrypted both at rest and in transit by default.
Fordataintransit,Office365usesindustrystandardsecuretransportprotocols.
For data at rest, Office 365 uses various technologies, including BitLocker, to
encrypt the disk drives containing customer data at the volume level.
10. TRUSTED INFORMATION PROTECTION
1817
Customer Key in Office 365 enhances the ability for organizations to
meet compliance requirements that specify key arrangements with the
cloud service provider. With Customer Key, organizations can provide
and control their encryption keys for their Office 365 data at rest at the
application level. As a result, customers may exercise their control and
revoke their keys, should they decide to exit the service. By revoking the
keys, the data is unreadable to the service and will put the customer on
path toward data deletion. Lastly, managing and protecting keys are
crucial but can be difficult. Customer Key includes an availability key to
protect against data loss.
But protection is much more than encryption. Protection can also apply
rights-based permissions using AIP so that only intended recipients can
access and view the information. You can use MCAS, for example, to
prevent data loss of files that are classified as confidential (or some other
sensitive classification) outside your organization. MCAS can detect files
in your cloud apps that are classified as confidential but have the
incorrect access levels, allowing unauthorized users to access them. Then
it can apply automatic governance actions, such as “quarantine file,” to
prevent data losses from your organization.
To help users make more informed decisions, you can enable policy tips in
Office 365 Data Loss Prevention (DLP) that notify them that the document they
are working with contains sensitive information. Or, with AIP, you can even
automatically apply a visual marking to a document, such as on the header or
footer. You can also use DLP to apply data loss prevention actions, such as
blocking the sharing of a file that is detected to have sensitive information like
credit card information or personal identification numbers.
We can also help prevent sensitive information from remaining longer than
necessaryandpotentiallyposingariskifdiscoveredorcompromised.Office365
Advanced Data Governance (ADG) can automatically retain, expire, or delete
documents based on information governance policies defined by your company.
Organizations often have to meet compliance measures requiring certain
procedures be in place before access is granted. Microsoft Customer Lockbox
provides help with compliance and allows added control by injecting the
customer into the approval workflow. With Office 365, you can use Customer
Lockbox to control how a Microsoft support engineer accesses your data
during a help session. In cases where the engineer requires access to your
data to troubleshoot and fix an issue, Customer Lockbox allows you to
approve or reject the access request. If you approve it, the engineer can
access the data. Each request has an expiration time, and once the issue is
resolved, the request is closed and access is revoked.
11. Compliance
To help you comply with national, regional, and industry-specific
requirements governing the collection and use of individuals’
information, we offer the most comprehensive set of compliance
offerings of any cloud service provider. The Microsoft Cloud
helps support multiple compliance initiatives, including GDPR,
HIPAA, and PCI DSS.
Also, because achieving organizational compliance can be
incredibly challenging, we suggest organizations periodically
perform risk assessments to understand their compliance
posture. Compliance Manager is a tool that works across
Microsoft cloud services to help organizations meet complex
compliance obligations like GDPR.
You can learn more about what Microsoft is doing to
comply with regulations and also how we are helping
organizations do so here.
12. TRUSTED INFORMATION PROTECTION
2221
Monitoring can be in the form of real-time alerts, email messages, or
a reporting dashboard. In the Office 365 Security Compliance Center,
you have a centralized view of Office 365 data loss prevention and data
governance events and activity. From here, you can email incident reports
when a policy is violated. These reports can be sent to IT so that IT can find
out in real time who violated a policy, what policy was violated, what exact
information caused the violation, and the number of times sensitive
information appeared in the content.
You can also see your policies over time within DLP reports. You can see
historical information like how many times a policy was violated, when
policy violations happened, who requested overrides for a policy, and
what workloads the violation took place in.
Monitor
The last stage of the Information Protection lifecycle is the ability to
monitor and respond to events. This means gaining visibility into
how users are using or distributing sensitive information. For
instance, you can use MCAS to find policy violations, understand
cloud app usage, and create alerts when new apps are discovered on
the network.
You can also investigate issues further, and then respond quickly and
accurately. For example, you can use MCAS to discover inappropriate
sharing, immediately revoke app access, and quarantine a file or user.
With Office 365 DLP, you can protect information to the level you desire or
are required to per policy and governance requirements.
With AIP, you can see the state of the information, revoke access to a file,
change what people can do to a file, control who may use the file, and
apply numerous other controls.
13. TRUSTED INFORMATION PROTECTION
2423
Protectinformation.
Buildtrust.Startnow.
Capabilities built into Office 365 and Windows 10, plus Microsoft
Enterprise Mobility + Security, will help you care for your
organization’s digital information across devices, inside or outside
of Office 365, whether in the cloud, in SaaS apps, or on-premises.
Various components work together to provide end-to-end protection
of sensitive information across your environment. You can also add
capabilities over time as your Information Protection strategy becomes
more sophisticated and mature.
But which capabilities are right for you?
23
Begin by assessing your needs
We recommend that you begin your
Information Protection strategy by
determining what you need to protect.
Is it for compliance or a regulatory issue?
Perhaps it meets a business need, or your
organization just wants to do it. Once you
know what you are protecting and why,
then you can turn to identifying
Information Protection capabilities—
those you may already have and those
you may still need.
One place to begin is the Service Trust
Portal. There, you can access the
Compliance Manager, a workflow-based
risk assessment tool that enables you to
track,assign,andverifyyourorganization’s
regulatory compliance activities related
to Microsoft cloud services, such as
Office 365, Dynamics 365, and Microsoft
Azure. You can also learn more about
what’s available to you through your
Microsoft partner and/or account
executive and the Microsoft product/
service administrative portal.
The table of Microsoft Information Protection Capabilities in this
paper helps you find what you need based on the stage of the
Information Protection lifecycle and areas where you may need
Information Protection—across devices, in Office 365, in cloud
apps, or on-premises.
14. TRUSTED INFORMATION PROTECTION
2625
For example, Calvert County Public Schools uses Intune for Education to
protect devices on its network from outside intrusion and general student
mischief without bogging down students with cumbersome sign-in
procedures. Before deploying Intune, Calvert had a generic login, and
sometimes students would sign in and see each other’s settings. With
Intune, students sign in as themselves, even on a shared device, and it’s
beneficial because then they get affinity on that machine. Since both Office
365 and Intune for Education are supported by Azure Active Directory,
sensitive student information, student identities, and school data benefit
from enhanced privacy.
To learn more, check out this video featuring users sharing their
viewpoints on productivity and user experience when it comes to
information access on devices.
Devices
Oneofthemostchallengingplacesforprotectinginformationisondevices.
BitLockerisadataprotectionfeaturethatintegrateswiththeoperatingsystemand
addressesthethreatsofdatatheftorexposurefromlost,stolen,orinappropriately
decommissionedcomputers.WindowsInformationProtection(WIP)helpsto
protectagainstpotentialdataleakagewithoutotherwiseinterferingwiththe
employeeexperienceonWindows10devices.
BeyondWindowsdevices,Intunemobiledevicemanagementandmobile
applicationmanagementprovidesimilarprotectioncapabilitiesforother
platforms,suchasAppleiOSandGoogleAndroid.Inadoptingthesesolutions,itis
imperativetomaintainapositiveuserexperiencewithoutcompromisingon
securityoftheinformationsharedandcreatedusingmobiledevices.
15. 28
Office 365
Many organizations use Office 365 as their main productivity service.
Information Protection capabilities in Office 365 help protect sensitive
information across Exchange Online, SharePoint Online, and OneDrive
for Business.
One way you can use Office 365’s protection capabilities is to help meet the
requirements of GDPR. For example, Office 365 Advanced Data Governance
enables you to classify and label documents for applying retention, expiration,
and deletion policies to important information. This is complemented by
Office 365 DLP, which enables you to prevent sensitive information in Office
365 from getting into the wrong hands or being accidentally shared.
With these capabilities, you can use Office 365 to guard against leaks of
personal data—one of the central components of GDPR. You can start with
Office 365 DLP reports for monitoring personal data in SharePoint Online,
OneDrive for Business, and email in transit. These provide the greatest level
of detail for monitoring personal data.
Next, you can use alert policies and the Office 365 audit log to monitor
activity across Office 365 services. Set up ongoing monitoring or search the
audit log to investigate an incident. The Office 365 audit log works across
Office 365 services—Sway, Power BI, eDiscovery, Dynamics 365, Microsoft
Flow, Microsoft Teams, admin activity, OneDrive for Business, SharePoint
Online, mail in transit, and mailboxes at rest. Skype conversations are
included in mailboxes at rest.
27
16. TRUSTED INFORMATION PROTECTION
3029
Cloud services, SaaS apps, and on-premises
Beyond Office 365, organizations are increasingly using Azure and/or a
combination of cloud services and cloud apps, often in conjunction with
legacy on-premises data centers and file shares. AIP helps protect
sensitive information across cloud services and on-premises
environments. MCAS provides visibility and control across cloud apps
and services.
You can use MCAS to monitor files with sensitive data in non-Microsoft cloud
services such as Box, Salesforce, or AWS. You can use Office 365 sensitive
information types and unified labels across AIP and Office 365 with MCAS. You
can set up policies that apply to all your SaaS apps or specific apps (like Box).
For example, Yara is a global fertilizer company that uses Microsoft AIP.
As a result, Yara employees can collaborate effectively, retain control over
potentially sensitive files, and comply with security policies—all while
continuing to lead their industry into the future.
In another example, Qatari shipping and maritime company Nakilat has one
of the world’s largest fleets of liquefied natural gas (LNG) carriers, transporting
LNG from Qatar to global markets. To increase its competitive advantage,
Nakilat wanted to improve employee productivity and mobility without
compromising data security. It uses Office 365 and MCAS to deliver highly
secure cloud-first workplaces—shipboard and in the office. Nakilat also
adopted the Microsoft Azure platform to optimize operations and improve
business continuity, reducing operating costs by 50 percent.
Similarly, First American Equipment Finance, a leasing company, uses
Microsoft Cloud App Security to monitor and track all SaaS activity to
constantly learn how each person uses SaaS to identify dangerous
activities. It achieves all of this transparently without requiring agents, so
there’s no impact on usage of SaaS or the user experience.
And, in our own cloud-first, mobile-first environment, the use of cloud
apps is on the rise. To help protect corporate data, Microsoft Core Services
Engineering uses Microsoft Cloud App Security to discover and identify
cloud applications in use on our network, assessing security risks for any app.
With the Cloud App Security Portal, we monitor suspicious behavior patterns
and unusual activity and detect threats. Cloud App Security provides
protection for our network and greater visibility into our environment.
17. 32
Explore a variety of Information Protection
capabilities and access free trials from the
following links:
Azure Information Protection (AIP)
Cloud App Security
Office 365 Advanced Data Governance and Office 365 data loss prevention
(via Office 365 Enterprise E5)
We understand that Information Protection is just part of your organization-
wide security effort. For even as you protect information, you also aim to
provide threat protection, identity and access management, and security
management. We are committed to working with you across all of these
security needs.
Our capabilities provide what you need to protect your organization’s
information. But they only work if you turn them on. Now is the time
to make it happen.
Stepsyoucantakenow
Here are some specific steps you can take to start
protecting your organization’s information:
Devices
• ProtectbusinessinformationonyourWindows10deviceswithWindows
InformationProtection(WIP).
• ProtectbusinessinformationonyourAppleiOSandGoogleAndroiddevices
withIntunemobiledevicemanagementandmobileapplicationmanagement.
Office 365
• Use Office 365 data loss prevention to protect your Office 365 email
and documents.
• Use Office 365 Advanced Data Governance for data governance, retention,
and expiration.
Cloud, on-premises
• Use Azure Information Protection (AIP) to protect beyond Office 365—on the
supported versions of Office, Windows, and mobile devices.
31
18. TRUSTED INFORMATION PROTECTION
3433
Information Protection
capabilities
The table of Microsoft Information Protection capabilities demonstrates how
we help you protect information across devices, applications, and locations.
What to
Protect
Product Description
Information Protection Lifecycle Phase
Discover Classify Protect Monitor
Devices
(PCs,
Tablets, and
Mobile)
BitLocker
Drive
Encryption
BitLocker Drive Encryption is an information
protection feature that integrates with the
Windows operating system and addresses
the threats of information theft or exposure
from lost, stolen, or inappropriately
decommissioned computers.
Windows
Information
Protection
(WIP)
Windows Information Protection helps to
protect against potential information
leakage without otherwise interfering with
the user experience. WIP also helps to
protect enterprise apps and information
against accidental information leakage on
enterprise-owned, corporate-owned, and
employee-owned devices (BYOD) without
requiring changes to your environment or
other apps.
Intune
Microsoft Intune is a cloud service that
provides mobile device management,
mobile application management, and PC
management capabilities. Intune’s mobile
productivity management capabilities help
organizations provide their employees
access to corporate information,
applications, and resources, while helping
to protect their corporate information.
What to
Protect
Product Description
Information Protection Lifecycle Phase
Discover Classify Protect Monitor
Office 365
(Exchange
Online,
SharePoint
Online,
OneDrive
for Business)
Office 365
data loss
prevention
(DLP)
Office 365 data loss prevention enables
you to prevent sensitive information in
Office 365 from getting into the wrong
hands or being accidentally shared. You
can identify, monitor, and automatically
protect sensitive information across Office
365 services.
Office 365
Advanced
Data
Governance
(ADG)
Office 365 Advanced Data Governance
applies machine learning to help customers
find and retain important information while
eliminating trivial, redundant, and obsolete
information that could cause risk if
compromised. ADG enables you to classify
and label documents for applying
retention, expiration, and deletion policies
to sensitive information.
Office 365
Message
Encryption
WithOffice365MessageEncryption,your
organizationcansendandreceiveencrypted
emailmessagesbetweenpeopleinsideand
outsideyourorganization.Emailmessage
encryptionhelpsensurethatonlyintended
recipientscanviewmessagecontent.
Office 365
Service
Encryption
with
Customer
Key
With Customer Key, organizations can
provide and control their own encryption
keys that are used to encrypt their Office
365 data at rest at the application layer.
Customer Key helps customers meet their
compliance obligations that require certain
key arrangements with their cloud service
provider.
Office 365
Customer
Lockbox
Office 365 Customer Lockbox can help a
customer control how a Microsoft support
engineer accesses customer data during a
scenario where a customer has raised a
support request to investigate some service
issues related to that customer’s Office 365
tenant. If the customer gives access by
approving the request, Microsoft support
engineers can access the data to help the
customer resolve issues.
19. TRUSTED INFORMATION PROTECTION
3635
What to
Protect
Product Description
Information Protection Lifecycle Phase
Discover Classify Protect Monitor
Cloud
services,
SaaS apps,
and
on-premises
(Azure,
third-party
SaaS apps,
datacenters,
and file
shares)
Azure
Information
Protection
(AIP)
Azure Information Protection helps protect
sensitive information across cloud services
and for on-premises environments. With
AIP, you can classify and label information
based on sensitivity and create different
levels of protection and visual markings
(such as encryption and watermarking). AIP
provides enhanced protection in the form
of client-side protection and other
advanced capabilities.
Microsoft
Cloud App
Security
(CAS)
Microsoft’s Cloud App Security is a Cloud
Access Security Broker (CASB) solution
that gives you visibility into your cloud
apps and services, provides sophisticated
analytics to identify and combat
cyberthreats, and enables you to control
how your data travels:
• Cloud discovery: Discover shadow IT and
assess the risk to your organization.
• Data protection: Protect your data when
it travels outside your organization
and monitor and control the access to
your data in real time across all of your
cloud apps.
• Threat protection: Detect threats and
anomalies and configure automatic
remediation.
Adam Jung
Sr. Product Marketing Manager, Security
Product Marketing, Microsoft
Caroline Shin
Sr. Product Marketing Manager, M365
Suite Product Marketing, Microsoft
Debraj Ghosh
Sr. Product Marketing Manager, Security
Product Marketing, Microsoft
Diana Kelley
Cybersecurity Field CTO, Cybersecurity
Solutions Group, Microsoft
Enrique Saggese
Principal Program Manager, Security
Customer Experience and Platform
COGS, Microsoft
Kim Kischel
Product Marketing Manager, Security
Product Marketing, Microsoft
Mark Simos
Chief Security Advisor, Cybersecurity
Solutions Group, Microsoft
Nick Robinson
Sr. Product Marketing Manager, M365
Suite Product Marketing, Microsoft
Pieter Wigleven
Sr. Product Marketing Manager,
Windows Commercial Marketing,
Microsoft
Raman Kalyan
Sr. Product Marketing Manager, M365
Suite Product Marketing, Microsoft
Seema Kathuria
Sr. Product Marketing Manager,
Cybersecurity Solutions Group,
Microsoft
Shawn Anderson
Chief Security Advisor, Cybersecurity
Solutions Group, Microsoft
James Watson
Creative Director, Revel Consulting
Steven Silverman
Market Strategist, Revel Consulting
Joe Ehrbar
Copy Editor, Revel Consulting
Credits
Many subject-matter experts from various groups contributed to the
conceptualization and articulation of the story contained in this document.