O365 security and privacy de_novo_event_july2014
•Télécharger en tant que PPTX, PDF•
0 j'aime•401 vues
Microsoft Office 365 - Security, Compliance and Privacy
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
En vedette
En vedette (20)
Similaire à O365 security and privacy de_novo_event_july2014
Similaire à O365 security and privacy de_novo_event_july2014 (20)
Dernier
Dernier (20)
O365 security and privacy de_novo_event_july2014
- 2. - Forbes, 2013 Is cloud computing secure? Where is my data and do I have access? security What does privacy mean? Is my data used for advertising? privacy How do you support my compliance needs? compliance
- 3. Security Best-in-class security with over a decade of experience building Enterprise software & Online services • Physical and data security with access control, encryption and strong authentication • Security best practices like penetration testing, Defense-in-depth to protect against cyber-threats • Unique customer controls with Rights Management Services to empower customers to protect information Compliance Commitment to industry standards and organizational compliance • Enable customers to meet global compliance standards in ISO 27001, EUMC, HIPAA, FISMA • Contractually commit to privacy, security and handling of customer data through Data Processing Agreements • Admin Controls like Data Loss Prevention, Legal Hold, E-Discovery to enable organizational compliance Privacy Privacy by design with complete separation of Enterprise and Consumer services • No mining of data for advertising • Transparency with the location of customer data, who has access and under what circumstances • Customer have greater control over privacy to enable or regulate sharing based on organizational needs
- 4. Security best practices like penetration testing, Defense-in-depth to protect against cyber- threats Built in Capabilities Flexible Customer Controls • Physical and data security with access control, encryption and strong authentication • Unique customer controls with Rights Management Services to empower customers to protect information
- 5. Network perimeter Internal network Host Application Data User Facility Threat and vulnerability management, monitoring, and response Edge routers, intrusion detection, vulnerability scanning Dual-factor authentication, intrusion detection, vulnerability scanning Access control and monitoring, anti-malware, patch and configuration management Secure engineering (SDL), access control and monitoring, anti- malware Access control and monitoring, file/data integrity Account management, training and awareness, screening Physical controls, video surveillance, access control
- 6. Office 365 is built with a focus on privacy and security that allows us to obtain important industry certifications and enables customers to meet international laws and regulations 3rd party certification and audits. Built in Capabilities Customer controls for compliance • Data Loss Prevention (DLP) • Archiving and Legal Hold • E-Discovery
- 7. Microsoft Certification Status CERT MARKET REGION Queued or In Progress Relevant Certification by Region
- 8. No Advertising Transparency • No advertising products out of Customer Data • No scanning of email or documents to build analytics or mine data Privacy controls • Access to information about geographical location of data, who has access and when • Notification to customers about changes in security, privacy and audit information • Various customer controls at admin and user level to enable or regulate sharing • If the customer decides to leave the service, they get to take to take their data and delete it in the service
- 9. Your Privacy Matters Leadership in Transparency Relentless on Security Independently Verified Service Continuity We respect your privacy You know ‘where’ data resides, ‘who’ can access it and ‘what’ we do with it Excellence in cutting edge security practices Compliance with Industry standards verified by 3rd parties We financially back our guarantee of 99.9% uptime.
Notes de l'éditeur
- Key Points: By design, Office 365 commercial services are separate from our consumer services so that there is no mixing of data between the two. We do not mine your data for advertising purposes. It is our policy to not use your data for purposes other than providing you productivity services. We are transparent about where customer data lives in the data maps section of the Trust Center and the Privacy section in the Office 365 Trust Center details how we use your data. Office 365 has various customer controls that help customers control their own environment at the admin level or user level. Customer owns their data and retain the rights, title, and interest in the data stored in Office 365. Data portability section of the trust center details how customers can retrieve their data from Office 365 and take it with them if they want to leave the service. Further, Office 365 deletes all of the customer data in 180 days once they leave the service. By contrast: Google in a recent lawsuit filed against the company, Google contends that even non-Gmail users who e-mail a Gmail account have “no legitimate expectation” that their e-mails are private. (Source: http://blogs.gartner.com/jake-sorofman/data-privacy-security-and-data-driven-marketing-under-fire/) MORE DETAILS: To meet your needs, we are continually developing technologies to enhance privacy in our services. We call this privacy by design – which is our commitment to use best practices to help protect and manage customer data. Built-in Capabilities Key built-in capabilities and principles of Privacy in Office 365 are: * No Advertising - We do not scan email, documents, build analytics or data mine to build advertising products. In fact, we do not use your information for anything other than providing you services you have subscribed for. * TRANSPARENCY - Data Portability – As an Office 365 customer, your data belongs to you, and you can export your data at any time with no restrictions. We act only as a data processor and provider of productivity services, not as a data owner * Notice and Consent – When we act upon your data, we let you know why and we ask for permission in advance or redirect any enquiries to our customers unless legally prevented to do so.
- As your service provider, we employ state-of–the-art practices around privacy and security because we care deeply about the valuable data you store in our service. To earn this trust, we at Microsoft operate Office 365 based on four simple and important trust principles. Our first principle is Your Privacy Matters. We consider protecting the privacy of your data to be one of the most important responsibilities you have bestowed on us. The second principle is Be Transparent. We have taken an industry leadership role in providing clear details on how we handle your data. The third principle is Independent Verification. Hearing us talk about Office 365 security and privacy is a good thing but what you would ideally want to know is “How do independent auditors rate our practices?” and “What contractual terms are we willing to sign up for?” Lastly, but certainly not the least is our Relentless Approach to Security. We are continuously improving how to best secure our customer data. Let me walk you through each of these principles.