Upload
agileit
View
397
Download
2
Embed Size (px)
Citation preview
Brian LongSteve Goodman Ion Gott
How to Plan and Complete a Secure Office 365 MigrationPresented By: Conrad Agramont, Director of Technology Services, Agile ITIon Gott, Partner Technology Strategist, Microsoft
Agenda• Microsoft Trust Center• Data encryption and Office 365 platform• E-discovery and compliance across Office 365• Security Features in Office 365 and Beyond• What’s Next
Security Best-in-class security with over a decade of experience building Enterprise software & online services• Physical and data security with access control, encryption and strong authentication• Security best practices like penetration testing, defense-in-depth approach to protect against
cyber-threats• Unique customer controls with Rights Management Services to empower customers to protect
information
Office 365 TrustBuilt-in capabilities and Customer Controls
Compliance Commitment to industry standards and organizational compliance• Enable customers to meet global compliance standards in ISO 27001, EUMC, HIPAA, FISMA• Contractually commit to privacy, security and handling of customer data through Data
Processing Agreements• Admin Controls like Data Loss Prevention, Legal Hold, E-Discovery to enable organizational
compliancePrivacy Privacy by design with a commitment to use customers’ information only to deliver services
• No mining of data for advertising• Transparency with the location of customer data, who has access and under what
circumstances• Privacy controls to regulate sharing of sites, libraries, folders and communications with
external parties
Office 365 Built-in Security
Office 365 Customer Controls
Office 365 Independent Verificationand Compliance
Office 365 Security
24 Hour Monitored Physical HardwareIsolated Customer DataSecure NetworkEncrypted DataAutomated operationsMicrosoft security best practices
Customer data isolationDesigned to support logical isolation of data that multiple customers store in same physical hardware.
Intended or unintended mingling of data belonging to a different customer/tenant is prevented by design using Active Directory organizational units
6
Customer A
Customer B
Data in transitStrong SSL/TLS cipher suitePerfect Forward SecrecyDatacenter-to-datacenter encryption
Data at restBitLocker disk encryptionPer-file encryption for customer content
Encryption
Content DB
Encryption at rest with Per-file Encryption
A B C D
Key StoreA
B
C
D
AB
C
D
crypto
Data Security
Right info. Right person. Right device.
Mobile device & application
management
Access & information protection
Desktop Virtualization
Hybrididentity
Conditional access to corporate resourcesSecure data sharing
Easy management and control
FPO
Rights management
Data encryption
Policy enforcement
Right Access to the Right Data.
Azure Active DirectoryShare internally Share externally
DATA OUTSIDE OF OFFICE 365B r i n g y o u r d a t a t o O ffi c e 3 6 5 s o t h a t o u r c o m p l i a n c e c a p a b i l i t i e s c a n a p p l y
Drive shipping
Network
File shares
3 rd party archive
On-premises
3 rd party data
SharePoint Online
Exchange Online
OneDrive for Business
Skype for Business
Protecting your data at various vectorsIdentity &
Access Devices Data & Content
User
Devices
Data
Data
Encryption
Data Loss Prevention
Anti Spam & Anti Virus
Rights Management Service
S/MIME
Office 365 Message Encryption
Transport Layer Security
Exchange serverData disk
Exchange server
Data disk
RMS, S/MIME protected
Message Delivery
User
Office 365 Message Encryption
SMTP to partners: TLS protected
Encryption technologies
Rights Management Service
Data protection at restData protection at rest
Data Protection in motion Data Protection in motion
Information can be protected with RMS at rest or in motion
Data protection at rest
RMS can be applied to any file type using RMS app
Securing the Identity and Device
Identity & Access Management
FederationSecure Password SynchronizationMulti-factor Authentication
Users
Federated identity model
AD FS
Password hashesUser accounts
User
Authentication
Authentication
Sign
-on
Federated identityAAD Sync
On-premisesdirectory
• SAML token based authentication
• Password Synchronization
• Two-factor authentication
• Client-based access control
Mobile Apps
Multi-factor authentication using any phone
Text MessagesPhone Calls
Push NotificationOne-Time-Passcode
(OTP) Token
Out-of-Band* Call TextOne-Time Passcode
(OTP) by Text
*Out of band refers to being able to use a second factor with no modification to the existing app UX.
Device Management
Device wipe
Selective Wipe
Walled Garden
Devices
Device Management
Microsoft Intune
Mobile Device Management
Built-In Built-in Microsoft Intune
Conditional Access
Selective Wipe
Advanced Application Management
LoB app
Native E-mail
Browser
LoB
• First-time access to corporate resources (Exchange, OneDrive for Business) is conditional on the device being managed
• Selectively wipe corporate data and apps from devices
• Manage line of business apps alongside as Office Mobile Apps in “walled garden”
• Administrator can manage policy around how data is shared between managed and non-managed apps
• Give users familiar, full-featured Office applications; maintain document formatting across platforms
IT manages apps using Intune, including Office Mobile Apps, and “wrapped” LOB apps.
Data sharing is controlled by IT policy
Personal data remains personal
Office 365 and Intune protectdata on mobile devices without sacrificing user productivity
Managing Office Mobile Apps with Intune
LoB
E-Discovery and Compliance
ELECTRONIC INFORMATION INCLUDESEmails, documents, presentations, databases, instant messages, and social media posts
Identifying, collecting and producing electronically stored information in response to a litigation, investigation or regulatory request
COMPLEX PROCESSES AND TECHNOLOGIESSheer volume of electronic data produced and stored
WHAT IS EDISCOVERY?
DYNAMIC ELECTRONIC DATAPreserving original content and metadata is required to eliminate claims of tampering
40% OF LARGE ORGANIZATIONS HAVE ONE OR MORE LAWSUITS WITH $20+ MILLION AT ISSUE
MEDIAN LITIGATION BUDGET, EXCLUDING SETTLEMENT COSTS, IS $1.2 MILLION
LEGAL COSTS FOR THE BIGGEST U.S. BANKS ALONE TOTALED $30 BILLION IN 2014
WHY EDISCOVERY IS IMPORTANT
Norton Rose Fulbright – Litigation Trends Survey May 2015Bloomberg January 2015
“We’re taking advantage of the legal hold and eDiscovery features that are built into Microsoft Office 365 to handle internal issues when necessary. We used to use a patchwork of best-of-breed products for archiving and eDiscovery. Now everything is together in one solution, and we no longer have to pay for those external products.”
HAY GROUP
OFFICE 365 EDISCOVERY ENABL ING IN -PLACE, INTELL IGENT ED ISCOVERY, QU ICKLY IDENT IFY ING RELEVANT DATA WHILE DECREAS ING COST AND R ISK
Preserve Identify Search Analyze Review
Identifying Relevant Data
SIMPLIFYING EDISCOVERY WITH OFFICE 365IN-PLACE HOLDPreserve content in-place, in real time
SEARCH, ANALYTICS, AND EXPORTFind up to date and relevant content quickly and export for review
ACROSS THE SERVICESharePoint, Skype for Business, OneDrive for Business, Exchange and Public Folders
Demo
We Offer Complete Office 365 Migration Solutions
AgileAscend is a
Complete Fixed Price
On Identity Management and Email Migration
Project Team Assures Your Success
of Your Data is Our Key Priority
Solution Focused
Expert Protection
Includes of 100% of
Your Active Mailboxes
Migration
AgileAscend Migration PackagesAgileAscend Essentials
Mailbox Migration& Change Management
Ideal with IT staff and ample resources
AgileAscend PremiumClient Deployment
& User SupportIdeal with few IT staff or
requiring accelerated migration
Full Project Management Comprehensive Quality Assurance Process Server side Data Migration Change management and Training for IT Team Post-migration Support for IT Team OnDemand Training for Smooth User
Onboarding
Installation of Office 365 components (sign-on client, Lync) on client workstations
Configuration of Outlook & Lync End User Support ensuring service access and
provide a centralized service desk for issues post-migration
Complete Client Deployment Progress Reporting
Complete Migration
AgileAscend Sample Project Timeline
Week 4
Week 3
Week 2
Week 1PROJECT
TYPICALLY PRESENTS A
4-6 WEEK TIMELINE FROM KICK
OFF TO
COMPLETION
* The exact time depends on the number of mailboxes, amount of data, available bandwidth, optimal transfer rate, and other factors.
INTRO Intro to Team: Project Lead, Support Lead & Project ManagerData collectionDiscoveryVerification of Data collectedPrepare Identity and Security FrameworkConfigure Hybrid Exchange
Weekend Migrationof mailboxes (single phase)
ORBegin Hybrid Exchange MoveThis could be several days to weeks depending on various
factors*
PLANNING
PILOT
MIGRATE
3 Change Management4 IT Admin Training
1 Validate MX & Mailflow
2 Pilot Migration
12
34
AgileProtect for Office 365
SharePoint Online
Exchange Online
OneDrive for Business
Microsoft Azure
AgileProtect
Backup and Recovery Services
Next Steps:Let’s discuss your project today! Ask about EOY project
pricing!
< TODO >Contact: [email protected]
(Trial Licenses Available)
Call: 619.292.0800Click: www.agileit.com
Q/A
www.AgileIT.com