SlideShare a Scribd company logo

Microsoft 365 Compliance and Security Overview

David J Rosenthal
David J Rosenthal

Intelligent compliance and risk management solutions. First, we understand ‘compliance’ can have different meanings to various teams across enterprise. Compliance is an outcome of continuous risk management, involving compliance, risk, legal, privacy, security, IT and often even HR and finance teams which requires integrated approach to manage risk. Let's start with the base pillar Compliance Management: compliance management is all about simplify risk assessment and mitigation in more automated way, providing visibility and insights to help meet compliance requirements. Information Protection and Governance: we believe there is a huge opportunity for Microsoft to help our customers to know their data better, protect and govern data throughout its lifecycle in heterogenous environment. This is often the key starting point for many of our customers in their modern compliance journey – knowing what sensitive data they have, putting flexible, end-user friendly policies for both security and compliance outcomes, using more automation and intelligence. Internal Risk Management: Internal risks are often what keeps business leaders up at night – regardless of negligent or malicious, identifying and being able to take action on internal risks are critical. The ability to quickly identify and manage risks from insiders (employees or contractors with corporate access) and minimize the negative impact on corporate compliance, competitive business position and brand reputation is a priority for organizations worldwide. Last but not least, Discover and Respond: being able to discover relevant data for internal investigations, litigation, or regulatory requests and respond to them efficiently, and doing so without having to use multiple solutions and moving data in and out of systems to increase risk – is critical.

Technology
1 of 38
Download to read offline
Intelligent compliance and risk management solutions
What are your biggest challenges? Evolving regulations Discovering data Classifying and mapping data Insider risks Responding to audits and DSRs Securing data Preventing data leaks Influx of data Managing the data lifecycle Multiple point solutions Scaling workflows and processes
Intelligent compliance and risk management solutions Simplify compliance and reduce risk Compliance Management Quickly investigate and respond with relevant data Discover & Respond Protect and govern data wherever it lives Information Protection & Governance Insider Risk Management Identify and take action on critical insider risks
Information Protection & Governance Protect and govern data wherever it lives
Discovering and managing data is challenging 88% of organizations no longer have confidence to detect and prevent loss of sensitive data¹ >80% of corporate data is “dark” – it’s not classified, protected or governed² #1 Protecting and governing sensitive data is biggest concern in complying with regulations3 1. Forrester. Security Concerns, Approaches and Technology Adoption. December 2018 2. IBM. Future of Cognitive Computing. November 2015 3. Microsoft GDPR research, 2017
Information Protection & Governance Protect and govern data – wherever it lives 88% KNOW YOUR DATA 88% PROTECT YOUR DATA GOVERN YOUR DATA PREVENT DATA LOSS Understand your data landscape and identify important data across your hybrid environment Apply flexible protection actions including encryption, access restrictions and visual markings Automatically retain, delete, and store data and records in a compliant manner Powered by an intelligent platform Unified approach to automatic data classification, policy management, analytics and APIs Prevent accidental oversharing of sensitive information
With Microsoft Information Protection, we better safeguard all files, whether they’re being accessed internally or sent externally. We can prevent unprotected files from being downloaded and viewed anywhere. We protect our IP without our security measures getting in the way of collaboration and innovation. Dave Vilwock Senior Manager of Application Development Komatsu
Built-in Built-in labeling and protection experience in Office apps, Office 365 services, other MS services like Power BI, Edge, and Windows Intelligent Accuracy in classification via ML based trainable classifiers and exact data match Unified Single admin console to configure and manage your policies and view analytics across on-premises, Office apps, Microsoft 365 services, third-party party services (via MCAS) and devices Extensible MIP development platform extends the protection experience, in a consistent way, to popular non-Microsoft apps and services Microsoft Information Protection
Automatically block messages which contain sensitive information Educate and guide end-users with notifications and “policy tips” Unified classification engine supporting 90+ sensitive information types and custom sensitive info type creation Data Loss Prevention for Microsoft Teams
Microsoft Information Governance Intelligent and built-in data and records management In-place management Retain data and manage records where your users collaborate Automated policy Classify and govern data at scale with pattern recognition and trainable classifiers Ongoing data ingestion Manage chats, social, and collaboration data beyond Microsoft with high-fidelity import Enhanced defensibility Demonstrate compliance with proof of disposals, defensible disposition, and rich audit trails Automatically retain, delete, and store data and records in a compliant manner Information Governance Keep what you need and delete what you don’t Records Management Manage high value content and meet recordkeeping obligations
Classify and govern data and records intelligently Manual Location SharePoint, OneDrive, Exchange, Teams, Skype, Yammer, Group Metadata and property E.g., Content type 5 OOTB + built your own Trainable classifiers E.g., resumes, contracts, those that are not easily found by pattern recognition 100+ OOTB + custom Sensitive information types E.g., financial, healthcare, privacy Keywords E.g., Project Foo Classify Doesitlooklike…Doesitcontain… Automated Policy Retention period E.g. 7 years retain + delete; 7 days delete Level of immutability Retention, record, or regulatory record labels Actions E.g., delete, disposition review Enforcement point E.g., when it was created, last modified, labeled, an event
Insider Risk Management Identify and take action on critical insider risks
Broad range of risks and violations from insiders Data spillage Confidentiality violations IP theft Workplace violence Fraud Policy violations Insider trading Conflicts of interest Sensitive data leaks Workplace harassment Security violations Regulatory compliance violations
The Microsoft Insider Risk Management solution has helped us receive a 9.6 out 10 score from security audits. We can now intelligently evaluate relevant insider activities and set up actions to filter and report based on risk associated with the data stored and escalate to relevant parties. Chad Ergun Chief Information Officer DGS Law
Insider Risk Management Identify and take action on critical insider risks Rich insights via tailored templates Machine learning correlates native and third-party signals to identify insider risks Privacy built-in Anonymity controls ensure data about risks is appropriately managed End-to-end investigations Integrated investigation workflows allow for collaboration across IT, HR, and legal
Communication Compliance Quickly identify and remediate corporate code-of-conduct policy violations Intelligent customizable playbooks Leverage machine learning to detect violations across Teams, Exchange and third-party party content Flexible remediation workflows Remediation workflows to quickly act on violations Actionable insights Interactive dashboard with policy violations, actions, and trends
Privileged Access Management Controlling privileged access by Microsoft service engineers and by your administrators The principle of zero standing access Just in time and just enough access Privileged workflow Logging and auditing
Built in Encryption and Key Mgmt Meets rigorous industry standards Data is encrypted by default at-rest and in-transit Additional customer controls for added protection and control Option to manage and control your own encryption keys to help meet compliance needs OME/AIP TLS BitLocker Service Encryption
Discover & Respond Quickly investigate and respond with relevant data
Data is exploding GDPR OSHA CCPA Sarbanes- Oxley Act Federal Data Protection Law General Data Privacy Law PPA HIPAA PDPA Personal Information Security Specification PIPA US IRS Publication 583 EU Directive 2006/24/EC POPI Regulations are evolving Data Vendors Platforms Public Remote Private Cloud SaaS StructuredUnstructured Chat messages SMS Documents Corporate Emails Discovering and managing data is challenging
Discovering data efficiently is top of mind for many organizations 24 74% orgs to shift some employees to remote work permanently 63% expect their company to conduct more investigations over the next three years 71% are considering leveraging technology and/or best practices to improve legal operations
Risk Cost reduction Efficiency Logging and auditing from one place Export matter-relevant content Lower cost per custodian average Reduce collection activities Review relevant Microsoft 365 and non-Microsoft 365 content faster Do more, in-place eDiscovery in Microsoft 365 25
Advanced eDiscovery Quickly find and respond with only the relevant information Custodian Management and Communications Preserve content by custodian, send hold notifications and track acknowledgements Deep crawling and indexing Deep processing (e.g., much higher size limits, non-Microsoft file types) to extract and index text and metadata Review and manage case data Manage static sets of documents within a case, that can be independently searched, analyzed, shared, and acted upon Cull your data intelligently with ML Near duplicate detection, email threading, themes, and ML models to identify potential high value content
Advanced Audit Power fast and effective forensic and compliance investigations Access crucial events to investigations Preserve audit logs granularly by individual and event for up to a year High bandwidth access to data with ~2x the baseline
Compliance Management Simplify compliance and reduce risk
Managing data and compliance risks is challenging 200+ updates per day from 1000 regulatory bodies >50% of organizations state that IT and cybersecurity risks are their biggest concern among all risks #1 identifying and assessing risks is the most time- consuming task in risk management 1. Cost of Compliance 2019, Thomson Reuters 2. Risk management market landscape web survey, Gartner, May 2019 (n=500, buyers and influencers of IRM solutions, 1000+ employees 3. Deloitte’s 2019 survey of risk management
Shared responsibility model Customer management of risk Data classification and data accountability Shared management of risk Identity & access management | End point devices Provider management of risk Physical | Networking Cloud customer Cloud provider Responsibility On-Prem IaaS PaaS SaaS Data classification and accountability Client & end-point protection Identity & access management Application level controls Network controls Host infrastructure Physical security
Examples of shared responsibilities: NIST 800-53 responsibility Organization responsibility Office 365 Access to production environment Set up access control policy and SOP, leveraging Customer Lockbox / identity management solutions Protect data Encrypt data based on org’s compliance obligations. E.g. encrypt PII in transit between users, using its own encryption key, etc. Personnel control Allocate and staff sufficient resources to operate an organization-wide privacy program, including awareness- raising and training Access to production environment Set up access controls that strictly limit standing access to customer’s data or production environment Protect data Encrypt data at rest and in transit based on industrial standards (BitLocker, TLS, etc.) Personnel control Strict screening for employees, vendors, and contractors, and conduct trainings through onboarding process
Companies need tools and guidance Keeping up with new and frequently updated regulations is ongoing struggle Point-in-time assessments fail to identify risks between audits, a huge blindsight in a digital world Collaboration on risk and compliance management is inefficient and siloed Guidance is lacking to help with designing and implementing effective controls “I describe my role a lot of times like playing Whack-A-Mole at the county fair and I’m knocking down one mole’s head which is Sarbanes-Oxley and then PCI pops up, and I knock that one down, then something else pops up. So trying to keep everything going in the right direction and making sure something doesn’t pop up and come back to bite us is extremely challenging.” IT decision maker, hospitality industry
Microsoft Compliance Score Simplify compliance and reduce risk Continuous assessments Detect and monitor control effectiveness automatically with a risk-based score Recommended actions Reduce compliance risks with actionable guidance Built-in control mapping Scale your compliance efforts with built-in mapping across regulations and standards Compliance Score is a dashboard that provides your Compliance Score and a summary of your data protection and compliance posture. It also includes recommendations to improve data protection and compliance. This is a recommendation, it is up to you to evaluate and validate the effectiveness of customer controls as per your regulatory environment. Recommendations from Compliance Manager and Compliance Score should not be interpreted as a guarantee of compliance.
Consider a different approach Reduce number of solution vendors and leverage shared responsibility Know, protect and govern your sensitive data throughout its lifecycle Implement more intelligent, built-in compliance solutions
Microsoft 365 Compliance Intelligent compliance and risk management solutions
Discussion
© 2020 Razor Technology, LLC www.razor-tech.com  David Rosenthal  VP & General Manager  Digital Business  @DavidJRosenthal  Slideshare  Blog: www.razor-tech.com 5 Tower Bridge 300 Barr Harbor Dr., Suite 705 West Conshohocken, PA 19428 www.razor-tech.com David.Rosenthal@razor-tech.com Office: 866.RZR.DATA LETS KEEP IN TOUCH
Appendix

Recommended

Microsoft 365 Compliance
Microsoft 365 ComplianceMicrosoft 365 Compliance
Microsoft 365 Compliance
David J Rosenthal
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and Compliance
David J Rosenthal
 
Deep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss PreventionDeep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss Prevention
Drew Madelung
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
David J Rosenthal
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
David J Rosenthal
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
Robert Crane
 
Microsoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkMicrosoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance Framework
Alistair Pugin
 
Azure information protection
Azure information protectionAzure information protection
Azure information protection
Kjetil Lund-Paulsen
 

Recommended

Microsoft 365 Compliance
Microsoft 365 ComplianceMicrosoft 365 Compliance
Microsoft 365 Compliance
David J Rosenthal
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and Compliance
David J Rosenthal
 
Deep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss PreventionDeep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss Prevention
Drew Madelung
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
David J Rosenthal
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
David J Rosenthal
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
Robert Crane
 
Microsoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkMicrosoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance Framework
Alistair Pugin
 
Azure information protection
Azure information protectionAzure information protection
Azure information protection
Kjetil Lund-Paulsen
 
Data Loss Prevention in Office 365
Data Loss Prevention in Office 365Data Loss Prevention in Office 365
Data Loss Prevention in Office 365
CloudFronts Technologies LLP.
 
CollabDaysBE - Microsoft Purview Information Protection demystified
CollabDaysBE - Microsoft Purview Information Protection demystifiedCollabDaysBE - Microsoft Purview Information Protection demystified
CollabDaysBE - Microsoft Purview Information Protection demystified
Albert Hoitingh
 
Microsoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert HoitinghMicrosoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert Hoitingh
Albert Hoitingh
 
Microsoft Azure Information Protection
Microsoft Azure Information Protection Microsoft Azure Information Protection
Microsoft Azure Information Protection
Syed Sabhi Haider
 
Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365
Dock 365
 
Microsoft 365 Security Overview
Microsoft 365 Security OverviewMicrosoft 365 Security Overview
Microsoft 365 Security Overview
Robert Crane
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD
Andrew Bettany
 
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansMicrosoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
David J Rosenthal
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Vignesh Ganesan I Microsoft MVP
 
Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)
Radhakrishnan Govindan
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken
 
[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...
[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...
[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...
☁️ Gustavo Magella
 
Microsoft Information Protection.pptx
Microsoft Information Protection.pptxMicrosoft Information Protection.pptx
Microsoft Information Protection.pptx
ChrisaldyChandra
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
David J Rosenthal
 
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VMSecuring Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Drew Madelung
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
arnaudlh
 
Microsoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 OverviewMicrosoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 Overview
David J Rosenthal
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - Ajay
Anoop Nair
 
Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + Security
AntonioMaio2
 
[Webinar Slides] Data Explosion in Your Organization? Harness It with a Compr...
[Webinar Slides] Data Explosion in Your Organization? Harness It with a Compr...[Webinar Slides] Data Explosion in Your Organization? Harness It with a Compr...
[Webinar Slides] Data Explosion in Your Organization? Harness It with a Compr...
AIIM International
 
Unit 5 v2
Unit 5 v2Unit 5 v2
Unit 5 v2
ShubhraGoyal4
 

More Related Content

What's hot

Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansMicrosoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
David J Rosenthal
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
David J Rosenthal
 
Microsoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 OverviewMicrosoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 Overview
David J Rosenthal
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
 
Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + Security
AntonioMaio2
 

What's hot (20)

Data Loss Prevention in Office 365
Data Loss Prevention in Office 365Data Loss Prevention in Office 365
Data Loss Prevention in Office 365
 
CollabDaysBE - Microsoft Purview Information Protection demystified
CollabDaysBE - Microsoft Purview Information Protection demystifiedCollabDaysBE - Microsoft Purview Information Protection demystified
CollabDaysBE - Microsoft Purview Information Protection demystified
 
Microsoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert HoitinghMicrosoft Information Protection demystified Albert Hoitingh
Microsoft Information Protection demystified Albert Hoitingh
 
Microsoft Azure Information Protection
Microsoft Azure Information Protection Microsoft Azure Information Protection
Microsoft Azure Information Protection
 
Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365
 
Microsoft 365 Security Overview
Microsoft 365 Security OverviewMicrosoft 365 Security Overview
Microsoft 365 Security Overview
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD
 
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansMicrosoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
 
Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...
[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...
[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...
 
Microsoft Information Protection.pptx
Microsoft Information Protection.pptxMicrosoft Information Protection.pptx
Microsoft Information Protection.pptx
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
 
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VMSecuring Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
 
Microsoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 OverviewMicrosoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 Overview
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - Ajay
 
Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + Security
 

Similar to Microsoft 365 Compliance and Security Overview

Perpetual Information Security - Driving Data Protection in an Evolving Compl...
Perpetual Information Security - Driving Data Protection in an Evolving Compl...Perpetual Information Security - Driving Data Protection in an Evolving Compl...
Perpetual Information Security - Driving Data Protection in an Evolving Compl...
SafeNet
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
Ulf Mattsson
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Sirius
 

Similar to Microsoft 365 Compliance and Security Overview (20)

[Webinar Slides] Data Explosion in Your Organization? Harness It with a Compr...
[Webinar Slides] Data Explosion in Your Organization? Harness It with a Compr...[Webinar Slides] Data Explosion in Your Organization? Harness It with a Compr...
[Webinar Slides] Data Explosion in Your Organization? Harness It with a Compr...
 
Unit 5 v2
Unit 5 v2Unit 5 v2
Unit 5 v2
 
Perpetual Information Security - Driving Data Protection in an Evolving Compl...
Perpetual Information Security - Driving Data Protection in an Evolving Compl...Perpetual Information Security - Driving Data Protection in an Evolving Compl...
Perpetual Information Security - Driving Data Protection in an Evolving Compl...
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
 
CC ss.pptx
CC ss.pptxCC ss.pptx
CC ss.pptx
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
 
Information Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based ApproachInformation Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based Approach
 
II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At Microsoft
 
Cloud computing
Cloud computing Cloud computing
Cloud computing
 
Breakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsBreakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview Solutions
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
 
CIO WaterCooler Focus: GDPR Jasmit Sagoo
CIO WaterCooler Focus: GDPR Jasmit SagooCIO WaterCooler Focus: GDPR Jasmit Sagoo
CIO WaterCooler Focus: GDPR Jasmit Sagoo
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data security
 
Manage Risk by Protecting the Apps and Data That Drive Business Productivity
Manage Risk by Protecting the Apps and Data That Drive Business ProductivityManage Risk by Protecting the Apps and Data That Drive Business Productivity
Manage Risk by Protecting the Apps and Data That Drive Business Productivity
 
Value Microsoft 365 E5 English
Value Microsoft 365 E5 EnglishValue Microsoft 365 E5 English
Value Microsoft 365 E5 English
 
M365 Records Management Community Webinar
M365 Records Management Community WebinarM365 Records Management Community Webinar
M365 Records Management Community Webinar
 
Information protection and compliance
Information protection and complianceInformation protection and compliance
Information protection and compliance
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
 
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) planCWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 

More from David J Rosenthal

Microsoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleMicrosoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made Simple
David J Rosenthal
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chain
David J Rosenthal
 
Microsoft Viva Introduction
Microsoft Viva IntroductionMicrosoft Viva Introduction
Microsoft Viva Introduction
David J Rosenthal
 
Microsoft Viva Learning
Microsoft Viva LearningMicrosoft Viva Learning
Microsoft Viva Learning
David J Rosenthal
 
Microsoft Viva Topics
Microsoft Viva TopicsMicrosoft Viva Topics
Microsoft Viva Topics
David J Rosenthal
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
David J Rosenthal
 
Windows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldWindows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid World
David J Rosenthal
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the Enterprise
David J Rosenthal
 
Microsoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantMicrosoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital Assistant
David J Rosenthal
 
What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021
David J Rosenthal
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft Azure
David J Rosenthal
 
Nintex Worflow Overview
Nintex Worflow OverviewNintex Worflow Overview
Nintex Worflow Overview
David J Rosenthal
 

More from David J Rosenthal (20)

Microsoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleMicrosoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made Simple
 
Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021
 
Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021
 
Viva Connections from Microsoft
Viva Connections from MicrosoftViva Connections from Microsoft
Viva Connections from Microsoft
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chain
 
Microsoft Viva Introduction
Microsoft Viva IntroductionMicrosoft Viva Introduction
Microsoft Viva Introduction
 
Microsoft Viva Learning
Microsoft Viva LearningMicrosoft Viva Learning
Microsoft Viva Learning
 
Microsoft Viva Topics
Microsoft Viva TopicsMicrosoft Viva Topics
Microsoft Viva Topics
 
A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 Overview
 
Windows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldWindows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid World
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the Enterprise
 
Microsoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantMicrosoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital Assistant
 
What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft Azure
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Nintex Worflow Overview
Nintex Worflow OverviewNintex Worflow Overview
Nintex Worflow Overview
 
Microsoft Power BI Overview
Microsoft Power BI OverviewMicrosoft Power BI Overview
Microsoft Power BI Overview
 
Better Meetings with Microsoft Teams
Better Meetings with Microsoft TeamsBetter Meetings with Microsoft Teams
Better Meetings with Microsoft Teams
 

Recently uploaded

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 

Recently uploaded (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

Microsoft 365 Compliance and Security Overview

  • 1. Intelligent compliance and risk management solutions
  • 2. What are your biggest challenges? Evolving regulations Discovering data Classifying and mapping data Insider risks Responding to audits and DSRs Securing data Preventing data leaks Influx of data Managing the data lifecycle Multiple point solutions Scaling workflows and processes
  • 3.
  • 4. Intelligent compliance and risk management solutions Simplify compliance and reduce risk Compliance Management Quickly investigate and respond with relevant data Discover & Respond Protect and govern data wherever it lives Information Protection & Governance Insider Risk Management Identify and take action on critical insider risks
  • 5. Information Protection & Governance Protect and govern data wherever it lives
  • 6.
  • 7. Discovering and managing data is challenging 88% of organizations no longer have confidence to detect and prevent loss of sensitive data¹ >80% of corporate data is “dark” – it’s not classified, protected or governed² #1 Protecting and governing sensitive data is biggest concern in complying with regulations3 1. Forrester. Security Concerns, Approaches and Technology Adoption. December 2018 2. IBM. Future of Cognitive Computing. November 2015 3. Microsoft GDPR research, 2017
  • 8. Information Protection & Governance Protect and govern data – wherever it lives 88% KNOW YOUR DATA 88% PROTECT YOUR DATA GOVERN YOUR DATA PREVENT DATA LOSS Understand your data landscape and identify important data across your hybrid environment Apply flexible protection actions including encryption, access restrictions and visual markings Automatically retain, delete, and store data and records in a compliant manner Powered by an intelligent platform Unified approach to automatic data classification, policy management, analytics and APIs Prevent accidental oversharing of sensitive information
  • 9. With Microsoft Information Protection, we better safeguard all files, whether they’re being accessed internally or sent externally. We can prevent unprotected files from being downloaded and viewed anywhere. We protect our IP without our security measures getting in the way of collaboration and innovation. Dave Vilwock Senior Manager of Application Development Komatsu
  • 10. Built-in Built-in labeling and protection experience in Office apps, Office 365 services, other MS services like Power BI, Edge, and Windows Intelligent Accuracy in classification via ML based trainable classifiers and exact data match Unified Single admin console to configure and manage your policies and view analytics across on-premises, Office apps, Microsoft 365 services, third-party party services (via MCAS) and devices Extensible MIP development platform extends the protection experience, in a consistent way, to popular non-Microsoft apps and services Microsoft Information Protection
  • 11. Automatically block messages which contain sensitive information Educate and guide end-users with notifications and “policy tips” Unified classification engine supporting 90+ sensitive information types and custom sensitive info type creation Data Loss Prevention for Microsoft Teams
  • 12. Microsoft Information Governance Intelligent and built-in data and records management In-place management Retain data and manage records where your users collaborate Automated policy Classify and govern data at scale with pattern recognition and trainable classifiers Ongoing data ingestion Manage chats, social, and collaboration data beyond Microsoft with high-fidelity import Enhanced defensibility Demonstrate compliance with proof of disposals, defensible disposition, and rich audit trails Automatically retain, delete, and store data and records in a compliant manner Information Governance Keep what you need and delete what you don’t Records Management Manage high value content and meet recordkeeping obligations
  • 13. Classify and govern data and records intelligently Manual Location SharePoint, OneDrive, Exchange, Teams, Skype, Yammer, Group Metadata and property E.g., Content type 5 OOTB + built your own Trainable classifiers E.g., resumes, contracts, those that are not easily found by pattern recognition 100+ OOTB + custom Sensitive information types E.g., financial, healthcare, privacy Keywords E.g., Project Foo Classify Doesitlooklike…Doesitcontain… Automated Policy Retention period E.g. 7 years retain + delete; 7 days delete Level of immutability Retention, record, or regulatory record labels Actions E.g., delete, disposition review Enforcement point E.g., when it was created, last modified, labeled, an event
  • 14. Insider Risk Management Identify and take action on critical insider risks
  • 15.
  • 16. Broad range of risks and violations from insiders Data spillage Confidentiality violations IP theft Workplace violence Fraud Policy violations Insider trading Conflicts of interest Sensitive data leaks Workplace harassment Security violations Regulatory compliance violations
  • 17. The Microsoft Insider Risk Management solution has helped us receive a 9.6 out 10 score from security audits. We can now intelligently evaluate relevant insider activities and set up actions to filter and report based on risk associated with the data stored and escalate to relevant parties. Chad Ergun Chief Information Officer DGS Law
  • 18. Insider Risk Management Identify and take action on critical insider risks Rich insights via tailored templates Machine learning correlates native and third-party signals to identify insider risks Privacy built-in Anonymity controls ensure data about risks is appropriately managed End-to-end investigations Integrated investigation workflows allow for collaboration across IT, HR, and legal
  • 19. Communication Compliance Quickly identify and remediate corporate code-of-conduct policy violations Intelligent customizable playbooks Leverage machine learning to detect violations across Teams, Exchange and third-party party content Flexible remediation workflows Remediation workflows to quickly act on violations Actionable insights Interactive dashboard with policy violations, actions, and trends
  • 20. Privileged Access Management Controlling privileged access by Microsoft service engineers and by your administrators The principle of zero standing access Just in time and just enough access Privileged workflow Logging and auditing
  • 21. Built in Encryption and Key Mgmt Meets rigorous industry standards Data is encrypted by default at-rest and in-transit Additional customer controls for added protection and control Option to manage and control your own encryption keys to help meet compliance needs OME/AIP TLS BitLocker Service Encryption
  • 22. Discover & Respond Quickly investigate and respond with relevant data
  • 23. Data is exploding GDPR OSHA CCPA Sarbanes- Oxley Act Federal Data Protection Law General Data Privacy Law PPA HIPAA PDPA Personal Information Security Specification PIPA US IRS Publication 583 EU Directive 2006/24/EC POPI Regulations are evolving Data Vendors Platforms Public Remote Private Cloud SaaS StructuredUnstructured Chat messages SMS Documents Corporate Emails Discovering and managing data is challenging
  • 24. Discovering data efficiently is top of mind for many organizations 24 74% orgs to shift some employees to remote work permanently 63% expect their company to conduct more investigations over the next three years 71% are considering leveraging technology and/or best practices to improve legal operations
  • 25. Risk Cost reduction Efficiency Logging and auditing from one place Export matter-relevant content Lower cost per custodian average Reduce collection activities Review relevant Microsoft 365 and non-Microsoft 365 content faster Do more, in-place eDiscovery in Microsoft 365 25
  • 26. Advanced eDiscovery Quickly find and respond with only the relevant information Custodian Management and Communications Preserve content by custodian, send hold notifications and track acknowledgements Deep crawling and indexing Deep processing (e.g., much higher size limits, non-Microsoft file types) to extract and index text and metadata Review and manage case data Manage static sets of documents within a case, that can be independently searched, analyzed, shared, and acted upon Cull your data intelligently with ML Near duplicate detection, email threading, themes, and ML models to identify potential high value content
  • 27. Advanced Audit Power fast and effective forensic and compliance investigations Access crucial events to investigations Preserve audit logs granularly by individual and event for up to a year High bandwidth access to data with ~2x the baseline
  • 29. Managing data and compliance risks is challenging 200+ updates per day from 1000 regulatory bodies >50% of organizations state that IT and cybersecurity risks are their biggest concern among all risks #1 identifying and assessing risks is the most time- consuming task in risk management 1. Cost of Compliance 2019, Thomson Reuters 2. Risk management market landscape web survey, Gartner, May 2019 (n=500, buyers and influencers of IRM solutions, 1000+ employees 3. Deloitte’s 2019 survey of risk management
  • 30. Shared responsibility model Customer management of risk Data classification and data accountability Shared management of risk Identity & access management | End point devices Provider management of risk Physical | Networking Cloud customer Cloud provider Responsibility On-Prem IaaS PaaS SaaS Data classification and accountability Client & end-point protection Identity & access management Application level controls Network controls Host infrastructure Physical security
  • 31. Examples of shared responsibilities: NIST 800-53 responsibility Organization responsibility Office 365 Access to production environment Set up access control policy and SOP, leveraging Customer Lockbox / identity management solutions Protect data Encrypt data based on org’s compliance obligations. E.g. encrypt PII in transit between users, using its own encryption key, etc. Personnel control Allocate and staff sufficient resources to operate an organization-wide privacy program, including awareness- raising and training Access to production environment Set up access controls that strictly limit standing access to customer’s data or production environment Protect data Encrypt data at rest and in transit based on industrial standards (BitLocker, TLS, etc.) Personnel control Strict screening for employees, vendors, and contractors, and conduct trainings through onboarding process
  • 32. Companies need tools and guidance Keeping up with new and frequently updated regulations is ongoing struggle Point-in-time assessments fail to identify risks between audits, a huge blindsight in a digital world Collaboration on risk and compliance management is inefficient and siloed Guidance is lacking to help with designing and implementing effective controls “I describe my role a lot of times like playing Whack-A-Mole at the county fair and I’m knocking down one mole’s head which is Sarbanes-Oxley and then PCI pops up, and I knock that one down, then something else pops up. So trying to keep everything going in the right direction and making sure something doesn’t pop up and come back to bite us is extremely challenging.” IT decision maker, hospitality industry
  • 33. Microsoft Compliance Score Simplify compliance and reduce risk Continuous assessments Detect and monitor control effectiveness automatically with a risk-based score Recommended actions Reduce compliance risks with actionable guidance Built-in control mapping Scale your compliance efforts with built-in mapping across regulations and standards Compliance Score is a dashboard that provides your Compliance Score and a summary of your data protection and compliance posture. It also includes recommendations to improve data protection and compliance. This is a recommendation, it is up to you to evaluate and validate the effectiveness of customer controls as per your regulatory environment. Recommendations from Compliance Manager and Compliance Score should not be interpreted as a guarantee of compliance.
  • 34. Consider a different approach Reduce number of solution vendors and leverage shared responsibility Know, protect and govern your sensitive data throughout its lifecycle Implement more intelligent, built-in compliance solutions
  • 35. Microsoft 365 Compliance Intelligent compliance and risk management solutions
  • 37. © 2020 Razor Technology, LLC www.razor-tech.com  David Rosenthal  VP & General Manager  Digital Business  @DavidJRosenthal  Slideshare  Blog: www.razor-tech.com 5 Tower Bridge 300 Barr Harbor Dr., Suite 705 West Conshohocken, PA 19428 www.razor-tech.com David.Rosenthal@razor-tech.com Office: 866.RZR.DATA LETS KEEP IN TOUCH