Upload
edge-pereira
View
285
Download
3
Tags:
Embed Size (px)
Citation preview
Our Agenda for Today (plan)
• Data Loss Prevention• eDiscovery• Auditing• Document Fingerprinting• Encrypted Emails
Source: Gartner Report: IT Governance, Risk, and Compliance Management Solutions, http://www.gartner.com/resId=1884814
“Faced with never-ending and expanding regulatory and industry mandates, organizations invest tremendous amounts of energy on audit, compliance, controls, and (in some cases) risk management. At the same time, they seek to free staff resources from mundane tasks such as evidence gathering and simple reporting.”
“By far, the most common record type exposed in 2014 were passwords, followed by usernames, email addresses, and PII (name, address, SSN, DOB, phone number, etc.)…”
1 BillionCriminals are starting to favor PII over financial information, because it's easier to sell and leverage
Source: http://www.cio.com/article/2848593/data-breach/nearly-a-billion-records-were-compromised-in-2014.html
Records Compromised in 2014
So what is Microsoft doing?
eDiscovery
Auditing
Encryption
Information Management
Policies
Records Management
Two faces of compliance in Office 365
Built-in Office 365 capabilities (global compliance)
Customer controls for compliance/internal policies
• Access Control
• Auditing and Logging
• Continuity Planning
• Incident Response
• Risk Assessment
• Communications Protection
• Identification and Authorisation
• Information Integrity
• Awareness and Training
• Data Loss Prevention
• Archiving
• eDiscovery
• Encryption
• S/MIME
• Legal Hold
• Rights Management
So what does all that boil down to for ITPro’s?
It is all about customer controls!
Remembering
“A control is a process, function, in fact anything that supports maintaining compliance”
50%Of the IT organizations will use security services firms that specialize in data protection, security risk management and security infrastructure management to enhance their security postures
Source: http://www.gartner.com/newsroom/id/2828722
By 2018, Data Leakage Protection
What is meant by Data Loss Prevention?
in-use (endpoint actions) in-motion (network traffic) at-rest (data storage)
[1] http://en.wikipedia.org/wiki/Data_loss_prevention_software
“Quotation...”Good definition
http://csrc.nist.gov/groups/SNS/rbac/documents/data-loss.pdf
In-use controls (end-point)
• Operating System and Apps fully patched and up to date • End-point security tools installed and correctly configured• Firewall enabled and correctly configured• Access to required applications only• Access to “need to know” data• Compliance Adherence Monitoring
Country PII Financial Health
USAUS State Security Breach Laws,US State Social Security Laws, COPPA
GLBA & PCI-DSS (Credit, Debit Card, Checking andSavings, ABA, Swift Code)
Limited Investment: US HIPPA, UK Health Service,Canada Health Insurance card
Rely on Partners and ISVs
GermanyEU data protection,Drivers License, Passport National Id
EU Credit, Debit Card,IBAN, VAT, BIC, Swift Code
UKData Protection Act,UK National Insurance, Tax Id, UKDriver License, Passport
EU Credit, Debit Card,IBAN, BIC, VAT, Swift Code
CanadaPIPED Act,Social Insurance, Drivers License
Credit Card,Swift Code
France
EU data protection, Data Protection Act,National Id (INSEE),Drivers License, Passport
EU Credit, Debit Card,IBAN, BIC, VAT,Swift Code
JapanPIPA, Resident Registration, Social Insurance, Passport, Driving License
Credit Card,Bank Account,Swift Code
Establishing DLP
•
•
•
Australian sensitive information types provided by Microsoft
• Bank Account Number• Driver's License Number• Medicare Account
Number• Passport Number• Tax File Number
eDiscovery Process
Find relevant content (documents, emails, Lync conversions)DISCOVERY
PRESERVATION
Place content on legal hold to prevent content modificationand/or removal
Collect and send relevant content for processing
Prepare files for review
PRODUCTION
REVIEW
Lawyers determine which content will be supplied to opposition
Provide relevant content to opposition
COLLECTION
PROCESSING
eDiscovery Considerations
• Recoverable Items quotas separate from mailbox quotas and need to be monitored
• In-Place Hold vs. Single Item Recovery vs. Retention Hold• Hybrid data sources
Important Benefits
• Centrally managed proactive enforcement
• Reduced collection touch points
• Consistent and repeatable
• Transparent to users
• Minimises the need for offline copies, until they are needed
• Instantly searchable/exportable
Learn More
TechEd 2014 Office 365 Security and Compliance
https://channel9.msdn.com/Events/TechEd/Australia/2014/OSS304
Office 365 Trust Centrehttp://office.microsoft.com/en-au/business/office-365-trust-center-cloud-computing-security-FX103030390.aspx
Office Blogshttp://blogs.office.com/2013/10/23/cloud-services-you-can-trust-security-compliance-and-privacy-in-office-365/
Governance, risk management, and compliance
http://en.wikipedia.org/wiki/Governance,_risk_management,
_and_compliance
Office 365 Service Descriptions
http://technet.microsoft.com/en-
us/library/jj819284%28v=technet.10%29
Useful Links
Content Analysis Process
Content analysis process
Joseph F. FosterVisa: 4485 3647 3952 7352Expires: 2/2012
Get Content
4485 3647 3952 7352 a 16 digit number is detected
RegEx Analysis
1. 4485 3647 3952 7352 matches checksum2. 1234 1234 1234 1234 does NOT match
Function Analysis
1. Keyword Visa is near the number2. A regular expression for date (2/2012)
is near the number
AdditionalEvidence
1. There is a regular expression that matches a check sum
2. Additional evidence increases confidenceVerdict
Office 365 Message Encryption – Encrypt messages to any SMTP address
Information Rights Management – Encrypt content and restrict usage; usually within own organization or trusted partners
S/MIME – Sign and encrypt messages to users using certificates
Encryption Solutions in Office 365