Upload
others
View
10
Download
0
Embed Size (px)
Citation preview
Online On Premises
Hybrid
Cloud on your terms
Messaging Voice
& Video
Content
Management
Enterprise
Social
Data
& Analytics
Best experience across devices
Integrated best-of-breed solutions
Tom Daemen - Assistant General Counsel
Latest productivity services in Microsoft’s public cloud + the latest apps
Many of the world’s largest and most recognizable
global brands run on Microsoft’s cloud productivity
services.
41 of the
Interbrand Top 100
Each year customers of Microsoft’s cloud
productivity services…
Fly 222 million passengers
Build
6 million automobiles in the United States alone
Serve 27 billion meals
Sell
16 billion cans of soda
Make billion cups of coffee 4
True
New
More
→
→ https://twitter.com/Office365
→
www.microsoft.com/garage
→ http://www.linkedin.com/groups/Microsoft-Office-365-3724282
→
Security Model Stephen Costigan – New York Metro Corporate Accounts Manager
MCTS – SharePoint / Windows / Server / MDOP
Office 365 Built-in Security
Office 365 Customer Controls
Office 365 Independent Verification
and Compliance
Office 365 Security
13
24 Hour
Monitored
Physical
Hardware
Isolated
Customer Data
Secure
Network Encrypted Data
Automated
operations
Microsoft
security best
practices
24 hour monitored physical hardware
14
Seismic bracing
24x7 onsite security staff
Days of backup power
Tens of thousands of servers
Perimeter security
Extensive monitoring
Multi-factor authentication
Fire suppression
Secure network
15
Internal Network External Network
Network
Separated
Data
Encrypted
Networks within the Office 365 data centers are segmented.
Physical separation of critical, back-end servers & storage devices from public-facing interfaces.
Edge router security allows ability to detect intrusions and signs of vulnerability.
Prevent Breach
Port scanning and remediation
Perimeter vulnerability scanning
OS Patching
Network level DDOS detection and prevention
MFA for service access
Auditing of all operator access and actions
Automated tooling for routine activities
• Deployment, Debugging, Diagnostic collection, Restarting services
Passwords encrypted in password store
Isolation between mail environment and production access environment for all employees
Zero standing permissions in the service
• Just in time elevations
• Automatic rejection of non-background check employees to high privilege access
• Scrutinized manual approval for background checked employees
Automatic account deletion
• When employee leaves
• When employee moves groups
• Lack of use
16
Advanced Encryption Encryption of data at rest using
Rights Management Services • Flexibility to select items customers want to encrypt.
• Can also enable encryption of emails sent outside
the organization.
• Integrated offsite Encryption at Rest Appliances (partner
owned)
• Azure Rights Management Connector for Self-Hosted RMS
Integration
Office 365 ProPlus supports Cryptographic Agility • Integrates Cryptographic Next Generation (CNG) interfaces
for Windows.
• Administrators can specify cryptographic algorithms
for encrypting and signing documents
Security Risk
Rogue Admin
Risk Mitigation Technology
RMS, BitLocker, LockBox, Physical Facility monitoring
Data Loss Prevention (DLP)
RMS; Exchange 2013 DLP Policies
Stolen/Lost Laptop BitLocker
BitLocker Stolen/Lost Mobile Device
17
Data protection at rest
Data protection at rest
Data protection at rest
Data Protection in motion Data Protection in motion
Information can
be protected
with RMS at rest
or in motion
Data protection at rest
Functionality RMS in
Office 365 S/MIME
ACLs
(Access Control
Lists)
BitLocker
Cloud
Encryption
Gateways (CEGs)
Data is encrypted in the cloud
Encryption persists with content
Protection tied to user identity
Protection tied to Policy (edit, print, do not forward, expire after 30 days)
Secure collaboration with teams and individuals
Native integration with my services (Content Indexing, eDiscovery, BI, Virus/Malware scanning)
Lost or stolen hard disk
RMS can be applied to Emails
Apply RMS to content
RMS can be applied to SharePoint libraries
Files are protected if they are viewed using Webapps or downloaded to a local machine
RMS can be applied to SharePoint libraries
Files are protected if they are downloaded to a local machine and opened using rich clients
RMS can be applied to any Office documents
User Access
Integrated with Active Directory, Azure Active Directory and Active Directory Federation Services
Enables additional authentication mechanisms: • Two-Factor Authentication – including phone-based 2FA
• Client-Based Access Control based on devices/locations
• Role-Based Access Control
21
Prevents Sensitive Data From Leaving Organization
Provides an Alert when data such as Social Security & Credit Card Number is emailed.
Alerts can be customized by Admin to catch Intellectual Property from being emailed out.
Compliance: Data Loss Prevention (DLP)
Empower users to manage their compliance • Contextual policy education
• Doesn’t disrupt user workflow
• Works even when disconnected
• Configurable and customizable
• Admin customizable text and actions
• Built-in templates based on common regulations
• Import DLP policy templates from security partners or
build your own
22
Compliance: Email archiving and retention
Preserve Search
Secondary mailbox with
separate quota
Managed through EAC
or PowerShell
Available on-premises,
online, or through EOA
Automated and time-
based criteria
Set policies at item or
folder level
Expiration date shown
in email message
Capture deleted and
edited email messages
Time-Based In-Place
Hold
Granular Query-Based
In-Place Hold
Optional notification
Web-based eDiscovery Center
and multi-mailbox search
Search primary, In-Place
Archive, and recoverable items
Delegate through roles-based
administration
De-duplication after discovery
Auditing to ensure controls
are met
In-Place Archive Governance Hold eDiscovery
23
Anti Spam/ Anti Virus
Comprehensive protection • Multi-engine antimalware protects against 100% of known viruses
• Continuously updated anti-spam protection captures 98%+ of all inbound spam
• Advanced fingerprinting technologies that identify and stop new spam and
phishing vectors in real time
Easy to use
• Preconfigured for ease of use
• Integrated administration console
Granular control
• Mark all bulk messages as spam
• Block unwanted email based on language or geographic origin
24
Certification Status
CERT MARKET REGION
Resources Office 365 Trust Center (http://trust.office365.com) • Office 365 Privacy Whitepaper (New!)
• Office 365 Security Whitepaper and Service Description
• Office 365 Standard Responses to Request for Information
• Office 365 Information Security Management Framework
26
Business Process | Improving Efficiency in LCA
Joanna Elazrak, Business Solutions Manager
Lean Six Sigma Black Belt
Partner with the Legal &
Corporate Affairs (LCA)
groups to produce better
performance through the
delivery of process
improvement leveraging
Microsoft’s latest technology
and
development of standard
policies and procedures.
Mission
To become BEST in class
Legal Department
Tools and Technology Existing Processes
Utilize Lean Six Sigma Methodology to drive business value
• Understand current state processes and end to end impacts and dependencies
• Collect data to enable data driven decisions (Voice of customer, Compliance, volume, cycle times, etc.)
• Perform root cause analysis to understand what is causing and driving the pain points
• Remove non-value added activities
• Improve process
• Apply technology as needed
• Monitor and control the process
Define
Measure
Analyze Improve
Control
Improve Eliminate Automate
Microsoft’s latest
technology
End user friendly
“easy”
Reusable solutions
Business Problem: LCA Global Migration team is responsible for processing Business Travel Letters for all Microsoft employees and vendors. The current process is very cumbersome and manual. Over 400 templates are utilized to manually create the letters.
Solution: Leveraging O365 and Azure, design a tool to assist in intake triage, letter generation and reporting capabilities, enabling scalable processing of growing volumes.
Initial Process
Redesigned Process
Traveler Fills out form
Letter is auto generated
Approval neededLetter is forwarded
to traveler
Attorney approves
NO
Yes
Business Problem: LCA WSG Field is randomized by peer and HQ communications being delivered across different channels. Users receive information that isn’t relevant to them and it is often difficult to distinguish the signal from the noise.
Solution: Provide a WSG Field portal that acts as a hub for information – both peer produced and HQ managed. With personalization capabilities, a user can quickly see the information that is relevant to them.
Business Value:
• Centralized location for all team communications
• Centralized activity calendar
• Visibility to roadmap (one place, one view)
• Ability to personalize what content is most important
• Ability to rate content
Azure Case Study Adam Licht, Director of Product Management, Pro Bono Net
AS IS STATE: Hardware Replacement and Service Costs One Time Cost Monthly Cost Annual Cost
Hardware Lease 1 Database Server: HP ProLiant DL980 G7 Server $877 $10,524
Hardware Lease 2 Web Servers: HP ProLiant DL560 Gen8 Server $342 $4,104
Service Lease Rackspace and Pipe $900 $10,800
Upgrades Windows OS, SQL, SharePoint $30,000 $2,500
Service System Administration $192 $2,304
Maintenance Windows OS, SQL, SharePoint $500 $6,000
Total $30,000 $5,311 $63,732
FUTURE STATE: Infrastructure As Service Costs
Service Azure $917 $11,000
Service System Administration $192 $2,304
Upgrades Windows OS, SQL, SharePoint $30,000 $2,500
Mirgation Cost Product Management $10,000
Mirgation Cost Engineer $30,000
Mirgation Cost QA $2,032
Total $72,032 $3,609 $13,304
Savings Per Year (AS IS VERSUS FUTURE STATE) $50,428
Payback Period In Years 1.4
Post Payback Period Savings 79.13%
Return on Invesrment Over 1 YR -30%
Return on Invesrment Over 2 YR 40%
Return on Invesrment Over 3 YR 110%
Return on Invesrment Over 1 4YR 180%
ROI = Gain from Investment - Cost of Investment Divided by Cost of Investment