Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό
Αντιγόνη Παπανικολάου &Νίκος Αναστόπουλος
Providing clarity and consistency for the protection of personal data
Enhanced personal privacy rights
Increased duty for protecting data
Mandatory breach reporting
Significant penalties for non-compliance
The General Data Protection
Regulation (GDPR) imposes new
rules on organizations in the European
Union (EU) and those that offer goods
and services to people in the EU, or that
collect and analyze data tied to EU
residents, no matter where they are
located.
Microsoft believes the GDPR is an important step forward for clarifying and enabling individual privacy rights
Protecting customer
privacy with GDPR
Trust
Integrated
intelligent security
Transparency
and control
Privacy
by design
Compliance
leadership
Protect your organization, data and people
Leverage guidance from experts
Simplify your privacy journey
GDPRCompliance
GDPRCompliance
GDPRCompliance
Uncover risk & take action
How do I get started?
Identify what personal data you have and
where it residesDiscover1
Govern how personal data is used
and accessedManage2
Establish security controls to prevent, detect,
and respond to vulnerabilities & data breachesProtect3
Keep required documentation, manage data
requests and breach notificationsReport4
Discover:
In-scope:
•
•
•
•
•
•
•
•
•
•
Inventory:
•
•
•
•
•
•
•
Microsoft AzureMicrosoft Azure Data Catalog
Enterprise Mobility + Security (EMS)Microsoft Cloud App Security
Dynamics 365Audit Data & User Activity
Reporting & Analytics
Office & Office 365 Data Loss Prevention
Advanced Data Governance
Office 365 eDiscovery
SQL Server and Azure SQL Database
SQL Query Language
Windows & Windows ServerWindows Search
Example solutions
1
SEARCH
Translated to SQL technologies...
Discover1
T-SQL Queries, Full Text search
Data classification
Vulnerability Assessment
Inventory personal data in database systems
Review access model, understand the attack surface area
Track data flows and map data lineage
A one-stop-shop to track and improve your SQL security state
Get Visibility Discover sensitive data and potential
security holes
RemediateActionable remediation and security
hardening steps
CustomizeBaseline policy tuned to your environment,
so you focus on deviations
ReportPass internal or external audits, facilitates
compliance
2
Example solutions
Manage:
Data governance:
•
•
•
•
•
•
•
•
Data classification:
•
•
•
•
•
•
•
Microsoft AzureAzure Active Directory
Azure Information Protection
Azure Role-Based Access Control (RBAC)
Enterprise Mobility + Security (EMS)Azure Information Protection
Dynamics 365Security Concepts
Office & Office 365 Advanced Data Governance
Journaling (Exchange Online)
Windows & Windows ServerMicrosoft Data Classification Toolkit
Streamline processesBuilt in audit-ready tools that help you collaborate between teams and manage your processes.
Protect personal dataData governance and protection of your sensitive data across devices, apps both on-premises and in the cloud.
Assess and manage compliance riskA real-time assessment of your compliance posture with actionable insights to improve your data protection capabilities.
Compliance ManagerManage your compliance from one place
MICROSOFT’S APPROACH TO INFORMATION PROTECTION
Detect ProtectClassify Monitor
C L O U DD E V I C E S O N P R E M I S E S
Comprehensive protection of sensitive data throughout the lifecycle – inside and
outside the organization
CLASSIFY & PROTECT YOUR SENSITIVE INFORMATION -ANYTIME, ANYWHERE – WITH AZURE INFORMATION PROTECTION
Detect, classify and label documents
with sensitive data
Applies encrypting and rights
management into the specific document
Manual and/or automatic process
Provides detailed tracking and
reporting
Covers open documents on devices and can now also crawl existing documents on on-premises fileshare and SharePoint servers + with Cloud App Security extend capabilities into cloud environments
Translated to SQL technologies...
Manage2
Windows authentication, Azure AD auth, role-base security…
Azure SQL Firewall
Dynamic Data Masking, Row-Level Security
Manage authentication and authorization mechanisms
Properly configure database firewall
Limit application access according to authorization principles
ADO
.NET 4.6
ADALSQL
3
Example solutions
Protect:
Preventing data attacks:
•
•
•
•
•
•
•
•
Detecting & responding to breaches:
•
•
•
•
•
•
Microsoft AzureAzure Key VaultAzure Security CenterAzure Storage Services Encryption
Enterprise Mobility + Security (EMS)Azure Active Directory PremiumMicrosoft Intune
Office & Office 365 Advanced Threat ProtectionThreat Intelligence
SQL Server and Azure SQL DatabaseTransparent data encryptionAlways Encrypted
Windows & Windows ServerWindows Defender Advanced Threat ProtectionWindows HelloDevice Guard
DETECT
Detect Abnormal Behavior &
Anomalies in Cloud Apps
Identify high risk usage, cloud security issues,
detect abnormal user behavior in cloud apps.
Identify and stop known attack pattern
activities originating from risky sources with
threat prevention enhanced with vast
Microsoft threat intelligence
Detect Abnormal Behaviors with
Windows Defender ATP
Detect targeted advanced attacks and
zero days.
Visually investigate forensic evidence across
your devices to easily uncover scope of
breach, assess the entire footprint of the
incident, and trace it back to identify the root
cause.
Search and explore 6 months of historical data
across your devices
DETECT
4
Example solutions
Record-keeping:
•
•
•
•
•
Reporting tools:
•
•
•
•
•
•
Microsoft Trust CenterService Trust Portal
Microsoft AzureAzure Auditing & LoggingAzure Data LakeAzure Monitor
Enterprise Mobility + Security (EMS)Azure Information Protection
Dynamics 365Reporting & Analytics
Office & Office 365 Service AssuranceOffice 365 Audit LogsCustomer Lockbox
Windows & Windows ServerWindows Defender Advanced Threat Protection
Report:
PROTECT
Protect Your Email with O365 ATP
Stop malicious attachments
Provide time of click protection against
malicious links
Stop known email threats
RESPOND
Respond to Malicious Email Files
with O365 ATP
Remove emails found to be malicious after
they land in user inbox.
Intelligent filters which update based on
evolving cyber threat landscape.
Ability to remediate for real-time malicious
emails.
RESPOND
Respond to Compromised Data with
Cloud App Security
Identify high-risk and anomalous usage in
cross cloud apps - including office 365
Get recommendations and remediation
actions for next steps
“Make no mistake, the GDPR sets a new and higher bar for privacy rights, for security, and for compliance.
And while your journey to GDPR may seem challenging, Microsoft is here to help all of our customers around the world.”
Brad Smith
President & Chief Legal OfficerMicrosoft Corporation
Why Microsoft for GDPR
Microsoft products and services are
available today to help meet the GDPR
requirements. Through our cloud
services and on-premises solutions we
help customers locate and catalog the
personal data in their systems, build
more secure environments, simplify
management and monitoring of
personal data, and provide tools and
resources needed to help them meet
reporting and assessment requirements.
Best path to compliance is
with the Microsoft Cloud
Microsoft believes that the GDPR is an
important step forward for clarifying
and enabling individual privacy rights.
We have committed to GDPR
compliance across our cloud services
when enforcement begins May 25, 2018.
Microsoft and our partners can help
customers meet the requirements of the
GDPR.
Blog post: Get GDPR compliant with the
Microsoft Cloud
Committed to the Highest
Privacy Standards
Microsoft was the first global cloud
services provider to publicly offer
contractual commitments for our
services. Our contractual commitments
outline how we help customers:
• Respond to data subject requests.
• Detect and report personal data
breaches.
• Demonstrate GDPR compliance
The GDPR amendments can be found in
the Online Services Terms (OST) at
microsoft.com/licensing
Supporting your trust with
contractual assurances
Microsoft's services are independently
verified to meet legal and compliance
requirements, are financially backed,
and offer transparent information on
their availability.
Security policies and audit reports are
made available to customers and if
necessary, their regulators through the
Trust Center
(Microsoft.com/trustcenter).
Industry leading security
and privacy certifications
Microsoft has published a large library
of GDPR guidance covering the four
steps (Discover, Manage, Protect and
Report) and our products and services.
Including the “Beginning you GDPR
Journey”, GDPR Overview and product
whitepapers. These and more can be
found at Microsoft.com/gdpr. We
continue to publish new resources on a
regular basis.
Comprehensive guidance
on beginning the GDPR
journey
Microsoft has made significant
investments in our products and
services to help our customers with
GDPR compliance within Azure, Office
365, Windows, EMS, SQL Database and
Dynamics 365. For example, Microsoft
365 delivers a range of tools and
services that enable GDPR scenarios
such as data discovery, governance, and
protection.
Deep Investments in
products and services
We designed our cloud products
(including Office 365, Azure, SQL,
Windows and Dynamics 365) with
industry-leading privacy policies and
security measures to safeguard
customer data in the cloud, including
the categories of personal data
identified by the GDPR. Please see How
our products help you meet GDPR
requirements for more detail
Largest portfolio of cloud
solutions
The Microsoft Partner Network includes
hundreds of thousands of organizations
worldwide. By working with this broad
partner ecosystem we offer customers
more comprehensive solutions. Many of
our partners, including Accenture and
EY, have developed a wide array of
practices to help customers achieve
GDPR compliance.
Broadest partner
ecosystem
Microsoft.com/GDPR