Click here to load reader

(Nie)Bezpieczeństwo danych w Office 365 - fakty i mity · (Nie)Bezpieczeństwo danych w Office 365 - fakty i mity Kamil Bączyk Senior Infrastructure & Security Expert

  • View
    215

  • Download
    1

Embed Size (px)

Text of (Nie)Bezpieczeństwo danych w Office 365 - fakty i mity · (Nie)Bezpieczeństwo danych w Office 365...

(Nie)Bezpieczestwo danych w Office 365 - fakty i mity

Kamil Bczyk

Senior Infrastructure& Security Expert

Kamil Bczyk Senior Infrastructure & Security Expert

Technologie: Office 365, SharePoint, Windows Server, Microsoft Azure, Security

Prelegent na wielu konferencjach, spotkaniach i wydarzeniach

Autor artykuw (media online i tradycyjne) oraz webcastw

Twitter @KamilBaczyk

Mail: [email protected]

Ponad 10 lat dowiadczenia w IT MCSE, MCSA, MCT

CEH

ITIL

Agenda

1. Jak to robi Microsoft ?

2. (Nie)Bezpieczestwo fakty i mity

a) Bezpieczestwo Centrum Danych?

b) Office w chmurze?

(Bezpieczny Word z przegldarki?)

c) Lokalna serwerownia

(Moje jest mojsze)

d) Cyber Bezpieczestwo

(la la la NSA)

3. Podsumowanie

Jak robi to Microsoft ?

Idea

Bezpieczestwo - rozwizania

Gdzie s moje serwery?

Microsoft security platform components

User log-ins

Unauthorized data access

Data encryption

Malware

System updates

Enterprise security

Attacks

Phishing Denial of service

User accounts

Device log-ins

Multi-factor authentication

300B

1B

200B

Our unique intelligence

Global compliance with focus

Foundational

ISO 27001 SOC 1 Type 2 SOC 2 Type 2ISO 27018Cloud Controls

Matrix

Industry

HIPAA /

HITECHFIPS 140-2 FERPA DISA Level 2 ITAR-readyCJIS

21 CFR

Part 11IRS 1075

FedRAMP

JAB P-ATO

FocusedEuropean Union

Model Clauses

United

Kingdom

G-Cloud

Singapore

MTCS Level 1

Australian

Signals

Directorate

Japan

Financial

Services

China Multi

Layer Protection

Scheme

China

CCCPPF

New

Zealand

GCIO

China

GB 18030

EU Safe

HarborENISA

IAF

http://www.asd.gov.au/infosec/irap/index.htmhttps://www.fisc.or.jp/

Over 900 controls in the Office 365 compliance framework enable us to stay up to date with the ever-evolving industry standards across geographies.

Trust Microsofts verified services.Microsoft is regularly audited, submits self-assessments to independent 3rd party auditors, and holds key certifications.

Key certifications

United StatesCJIS

CSA CCM

DISA

FDA CFR Title 21 Part 11

FEDRAMP

FERPA

FIPS 140-2

FISMA

HIPPA/HITECH

HITRUST

IRS 1075

ISO/IEC 27001, 27018

MARS-E

NIST 800-171

Section 508 VPATs

SOC 1, 2

ArgentinaArgentina PDPA

CSA CCM

IRAP (CCSL)

ISO/IEC 27001, 27018

SOC 1, 2

SpainCSA CCM

ENISA IAF

EU Model Clauses

EU-U.S. Privacy Shield

ISO/IEC 27001, 27018

SOC 1, 2

Spain ENS

United KingdomCSA CCM

ENISA IAF

EU Model Clauses

ISO/IEC 27001, 27018

NIST 800-171

SOC 1, 2, 3

UK G-Cloud

JapanCSA CCM

CS Mark (Gold)

FISC

ISO/IEC 27001, 27018

Japan My Number Act

SOC 1, 2

SingaporeCSA CCM

ISO/IEC 27001, 27018

MTCS

SOC 1, 2

New ZealandCSA CCM

ISO/IEC 27001, 27018

NZCC Framework

SOC 1, 2

AustraliaCSA CCM

IRAP (CCSL)

ISO/IEC 27001, 27018

SOC 1, 2

European UnionCSA CCM

ENISA IAF

EU Model Clauses

EU-U.S. Privacy Shield

ISO/IEC 27001, 27018

SOC 1, 2,

ChinaChina GB 18030

China MLPS

China TRUCS

Apps and Data

SaaS

Malware Protection Center Cyber Hunting Teams Security Response Center

DeviceInfrastructure

CERTs

Identity

INTELLIGENT SECURITY GRAPH

Cyber Defense

Operations Center

Digital Crimes Unit

Antivirus NetworkIndustry Partners

PaaS IaaS

Microsofts Secure Approach

Gdzie s moje serwery ?

Demo

(Nie)Bezpieczestwo fakty i mity

Bezpieczestwo Centrum Danych?

Office w chmurze?

Lokalna serwerownia

Logi aktywnoci

Cyber Bezpieczestwo

Zero access privilege and automated operations

Office 365 Datacenter Network

Microsoft Corporate Network

Grants least privilege required to

complete task

Verify eligibility by checking if:

1. Background check completed

2. Fingerprinting completed

3. Security training completed

O365 Admin

requests access

Grants temporary

privilege

Bezpieczestwo Centrum Danych? - Customer Lockbox

Musi by dodatkowo

wczony

Office 365 support musi

poczeka na zatwierdzenie

dostpu

Mona okreli na jak dugo

(czas) suport ma dostp do

danych klienta

Dziaa z : Exchange Online,

SharePoint Online, OneDrive

for Business

Security Management

Network perimeter

Internal network

Host

Application

Data

User

Facility

Threat and vulnerability management, security monitoring, and response, access control and monitoring, file/data integrity, encryption

Edge routers, firewalls, intrusion detection, vulnerability scanning

Dual-factor authentication, intrusion detection, vulnerability scanning

Access control and monitoring, anti-malware, patch and configuration management

Secure engineering (SDL), access control and monitoring, anti-malware

Account management, training and awareness, screening

Physical controls, video surveillance, access control

Defense in depth

Office w chmurze? DLP + RMS

Szyfrowanie wiadomoci na

danie lub stworzenie regu

Szyfrowana tre dziaa tylko

po uwierzytelnieniu

i obrbie organizacji

Wasne reguy ktre mona

czy (DLP + szyfrowanie)

Dziaa z : Exchange Online,

SharePoint Online, OneDrive

for Business

DLP + RMS

Demo

Alerting architecture

Advanced Security

Management Portal

Users Admins Microsoft Admins

Audit Data

Service

Event enrichment

Alert investigation & notification

Azure

Big data and machine learning based alerts engine

Anomaly detection

Activity policy evaluation

SMSYou have mail!

Anomaly Detection Architecture

Risks: Location User-

Agent

Admin

user?

Anonym

ous

proxy?

Time

since last

activity

ISP . .

.

Session

Risk

Session

#139 71 100 0 68 84 97

Session

#297 56 0 100 50 34 80

Session

#339 5 0 0 2 26 49

Session

#459 85 0 0 48 50 29

Session

#N5 76 0 0 39 40 14

Threshold

Session-based: Recent user

activities across apps, devices

and locations are combined to

create a user session

Risk score: Risk factors are

calculated for each session and

combined to calculate the total

session risk score

Alert trigger: sessions above risk

threshold trigger an alert (top k

sessions) containing risk breakdown

& related activities

User feedback: anomaly

engine is customized by

turning on/off risk factors for

specific users/groups

Advanced Security Management

Log parser

Azure

Network logs manually uploaded

Log analysis (SaaS DB)

Cloud apps

On-Premise

Network

Discovery aggregations

SaaS DB

Tenant DB

FirewallWeb proxy

App discovery architectureDiscovery

Use traffic logs to discover and analyze which cloud apps are in use

Office 365 Discovery Categories

Collaboration: SharePoint

Cloud Storage: OneDrive

WebMail: Exchange

Social Network: Yammer

Online Meeting: Skype

Log Format Compatibility

Network traffic logs include a

notification/ disclaimer that

explains if there is missing data in

the chosen format.

App permissions architectureApp permissions

Enterprise apps can integrate to Azure Active Directory to provide secure sign in and authorization for Office 365 services.

We provide a dashboard for the security admin to get visibility and control for all third party apps that users or admins consented to.

All 3rd party apps in tenant

App permissions dashboard

Azure

App permissions aggregation

Introducing Microsoft Cloud App Security

Cloud-delivered service bringing

visibility and control to cloud apps

Committed to support third-party

cloud apps

Based on the Adallom acquisition

Standalone / E5

Enterprise-grade security for your cloud apps

Lokalna serwerownia ASM, ATP, CloudApp Security

Raporty z aktywnoci

serwisw, uytkownikw,

logowa,

skompromitowanych kont i

lokalizacji

Import i analiza logw

Personalizacja danych

w raportach

Dziaa z : Exchange Online,

SharePoint Online, OneDrive

for Business

CloudApp Security, ASM, ATP

Demo

24-hour monitored

physical hardware

Isolated customer data

Secure networkEncrypted data

Automated operations

Microsoft security best

practices

Built-in security

Customer controls

Independent verification

Office 365 Security

Isolated Customer Data

Data in Cloud

Encryption: In transit and at rest

In transit SSL/TLS encryption protects:

Client to server communications

Server to server communications

Datacenter to datacenter communications

At rest protects:

Unauthorized physical access to servers/hardware in datacenters

Theft or inappropriate handling of a disk or server

Customer

Windowscomputer

Windows server

Data disk

Customer

Windows PC

server server

Client server: SSL/TLS protected

Data disk Data disk

Server to server:SSL/TLS protected

Kamil Bczyk

Q and A Twitter @KamilBaczyk

Mail: [email protected]