Upload
edge-pereira
View
358
Download
1
Embed Size (px)
Citation preview
Online Conference
June 17th and 18th 2015
WWW.COLLAB365.EVENTS
Office 365 Makes Data Protection Cool Again
Edge PereiraOffice 365 DLP
WWW.COLLAB365.EVENTS
Our Agenda• Introduction• Impact of Data Breaches• Data Loss Prevention• Encrypted Email
Communications• Data Leakage Real Stories• Training and Compliance
Source: http://www.phdcomics.com/comics.php?f=1553
WWW.COLLAB365.EVENTS
Edge Pereira
Insert Your Picture here
Email : [email protected] : @superedgeFacebook : www.fb.me/edgepmo LinkedIn: linkedin.com/in/superedge
Edge Pereira is an experienced Office 365 DLP, SharePoint Architect and public speaker with more than 10 year’s project experience travelling across many countries around the world. He has extensive knowledge of SharePoint technologies with strong focus on SharePoint Online, Office 365 Data Loss Prevention and on shaping the customer journey to the cloud.
Google+ | Twitter | LinkedIn | Facebook | SlideShare | Instagram
WWW.COLLAB365.EVENTS
About Me
WWW.COLLAB365.EVENTS
Define: Cool
Space Shuttle Endeavour attached to the International Space Station, May 23, 2011 Source: http://www.esa.int/spaceinvideos/Videos/2011/06/ISS_with_Space_Shuttle_Endeavour_and_ATV-2_Docked
WWW.COLLAB365.EVENTS
Data Breaches
Source: Liam Clearly BRK2142 Microsoft Ignite
2005
2015
2007
2009
2011
2013
2014
WWW.COLLAB365.EVENTS
World’s Biggest Data Breaches (by August 2015)
Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
WWW.COLLAB365.EVENTS
“By far, the most common record type exposed in 2014 were passwords, followed by usernames, email addresses, and PII (name, address, SSN, DOB, phone number, etc.)…”
$1 BillionCriminals are starting to favour
PII over financial information, because it's easier to sell and leverage
Source: http://www.cio.com/article/2848593/data-breach/nearly-a-billion-records-were-compromised-in-2014.html
Records Compromised in 2014
WWW.COLLAB365.EVENTS
“It was often said that people were the weakest link in any security chain—and that was true when attacks were less sophisticated. But today, no amount of education will stop hackers from getting into your network.”
$400 MillionThere were 2,122 confirmed data breaches in 2014
Source: http://www.forbes.com/sites/gilpress/2015/05/22/stopping-data-breaches-whose-job-is-it-anyway/
Losses Due to Data Breaches
WWW.COLLAB365.EVENTS
“SCAMS strip Australians of at least $80 million a year and gathering a vault of personal information that can be used in fraud sprees.”
$80 MillionCriminals are buying and selling names,
addresses, birth dates, bank account and other personal details on the black market to commit identity fraud or find scam victims, a report warns.
Source: http://www.heraldsun.com.au/news/law-order/scammers-steal-80-million-a-year-and-personal-information-from-australians/story-fni0fee2-1227358157405
Individual Losses Due to Scammers
WWW.COLLAB365.EVENTS
DEMO: Data Loss Prevention
WWW.COLLAB365.EVENTS
“The personal details of world leaders – including David Cameron, Barack Obama and Vladimir Putin – have been accidentally revealed in an embarrassing privacy breach.”
It has been discovered that an employee at the Australian immigration department mistakenly sent personal information of all world leaders attending the G20 Summit to organisers of the Asian Cup football tournament. Source: http://
www.independent.co.uk/news/world/personal-details-of-obama-putin-cameron-and-merkel-sent-to-wrong-email-address-by-g20-summit-organiser-10142539.html
Leaks the Case for Training
“Federal privacy authorities have been called in after Centrelink left revealing personal and financial details Of clients lying around at a suburban railway station last month.”
Documents containing details of 23 clients' full financial disclosures, including bank account numbers and details of property holdings, superannuation and investments, were left by an Official from the welfare agency at a train station.
Source: http://www.canberratimes.com.au/national/public-service/federal-privacy-authorities-called-in-over-centrelink-breach-20140818-105hjw
WWW.COLLAB365.EVENTS
DEMO: Encrypted Communications
WWW.COLLAB365.EVENTS
50%
Of the IT organizations will use security services firms that specialize in data protection, security risk management and security infrastructure management to enhance their security posturesSource: http://www.gartner.com/newsroom/id/2828722
By 2018, Data Leakage Protection
WWW.COLLAB365.EVENTS
Office 365 Data Protection Roadmap
WWW.COLLAB365.EVENTS
Archiving for Non-Microsoft Data
• Social — Twitter, Facebook, Yammer, LinkedIn, etc.• Instant messaging — Yahoo Messenger, GoogleTalk, Jabber, etc.• Document collaboration — Box, DropBox, etc.• Verticals — SalesForce Chatter, Thomson Reuters, Bloomberg,
etc.• SMS/text messaging — BlackBerry, MobileGuard, etc.
WWW.COLLAB365.EVENTS
Exchange (as of September 2015)
WWW.COLLAB365.EVENTS
SharePoint and PowerBI (as of September 2015)
WWW.COLLAB365.EVENTS
Collaboration and Search(as of September 2015)
WWW.COLLAB365.EVENTS
Archive, Retention, eDiscovery(as of September 2015)
WWW.COLLAB365.EVENTS
When is the Next Roadmap Update? (as of September 2015)
WWW.COLLAB365.EVENTS
Who’s Responsible for Data Breaches?
Source: http://www.forbes.com/sites/gilpress/2015/05/22/stopping-data-breaches-whose-job-is-it-anyway/
WWW.COLLAB365.EVENTS
Learn More
Office 365 Trust Centrehttp://office.microsoft.com/en-au/business/office-365-trust-center-cloud-computing-security-FX103030390.aspx
Office 365 Compliance Blogshttp://blogs.office.com/2013/10/23/cloud-services-you-can-trust-security-compliance-and-privacy-in-office-365/
WWW.COLLAB365.EVENTS
Stay tuned for more great sessions …
WWW.COLLAB365.EVENTS
DLP extensibility points
WWW.COLLAB365.EVENTS
Content Analysis ProcessJoseph F. FosterVisa: 4485 3647 3952 7352Expires: 2/2012
Get Content
4485 3647 3952 7352 a 16 digit number is detectedRegEx Analysis
1. 4485 3647 3952 7352 matches checksum2. 1234 1234 1234 1234 does NOT match
Function Analysis
1. Keyword Visa is near the number2. A regular expression for date (2/2012) is near the
numberAdditional Evidence
1. There is a regular expression that matches a check sum
2. Additional evidence increases confidenceVerdict
WWW.COLLAB365.EVENTS
Force the DLP Updates# Collab365 Conference - 2015# Edge Pereira – [email protected]## Force the DLP rules down to the users using remote PowerShell#
$cred = get-credential $curi = “https://ps.outlook.com/powershell/”$session = new-pssession -configurationname Microsoft.Exchange -connectionuri $curi -credential $cred -authentication basic -allowredirection Import-pssession $session Set-executionpolicy unrestricted Start-managedfolderassistant <username>Get-pssession | remove-pssession
WWW.COLLAB365.EVENTS
Registry Key Outlook Client