3. 10% de remise avec le code SPSPa15www.sharepointeurope.com
5. “By far, the most common record type exposed in 2014 were passwords, followed by usernames, email addresses,
and PII (name, address, SSN, DOB, phone number, etc.)…”
1 Billion
Criminals are starting to favour PII
over financial information, because
it's easier to sell and leverage
Source: http://www.cio.com/article/2848593/data-breach/nearly-a-billion-records-were-compromised-in-2014.html
Records Compromised in 2014
6. “It was often said that people were the weakest link in any security chain—and that was true when attacks were less
sophisticated. But today, no amount of education will stop hackers from getting into your network.”
$400
Million
There were 2,122 confirmed data
breaches in 2014
Source: http://www.forbes.com/sites/gilpress/2015/05/22/stopping-data-breaches-whose-job-is-it-anyway/
Losses Due to Data Breaches
7. “SCAMS strip Australians of at least $80 million a year and gathering a vault of personal information that can be used in
fraud sprees.”
$80
Million
Criminals are buying and selling
names, addresses, birth dates, bank
account and other personal details
on the black market to commit
identity fraud or find scam victims,
a report warns.
Source: http://www.heraldsun.com.au/news/law-order/scammers-steal-80-million-a-year-and-personal-information-from-australians/story-fni0fee2-1227358157405
Individual Losses Due to Scammers
9. Source: Gartner Report: IT Governance, Risk, and Compliance Management Solutions, http://www.gartner.com/resId=1884814
“Faced with never-ending and expanding regulatory and industry
mandates, organizations invest tremendous amounts of energy on
audit, compliance, controls, and (in some cases) risk management. At
the same time, they seek to free staff resources from mundane tasks
such as evidence gathering and simple reporting.”
10. • Introduction
• Importance of Regulatory and
Compliance Controls
• Controls in Office 365
• Demos
• Data Loss Prevention
• eDiscovery
• Auditing
• Document Fingerprinting
• Encrypted Email Communications
Our Agenda for Today
16. So what is Microsoft doing?
eDiscovery
Auditing
Encryption
Information
Management
Policies
Records Management
17. Two faces of compliance in Office 365
Built-in Office 365 capabilities
(global compliance)
Customer controls for
compliance/internal policies
• Access Control
• Auditing and Logging
• Continuity Planning
• Incident Response
• Risk Assessment
• Communications Protection
• Identification and Authorisation
• Information Integrity
• Awareness and Training
• Data Loss Prevention
• Archiving
• eDiscovery
• Encryption
• S/MIME
• Legal Hold
• Rights Management
23. 50%
Of the IT organizations will use security services firms that
specialize in data protection, security risk management and
security infrastructure management to enhance their security
postures
Source: http://www.gartner.com/newsroom/id/2828722
By 2018, Data Leakage Protection
24. What is meant by Data Loss Prevention?
in-use (endpoint actions) in-motion
(network traffic) at-rest (data storage)
[1] http://en.wikipedia.org/wiki/Data_loss_prevention_software
Good definition
http://csrc.nist.gov/groups/SNS/rbac/documents/data-loss.pdf
27. • Operating System and Apps fully
patched and up to date
• End-point security tools installed and
correctly configured
• Firewall enabled and correctly
configured
• Access to required applications only
• Access to “need to know” data
• Compliance Adherence Monitoring
In-use controls
(end-point)
29. Country PII Financial Health
USA
US State Security Breach Laws,
US State Social Security Laws, COPPA
GLBA & PCI-DSS
(Credit, Debit Card, Checking and
Savings, ABA, Swift Code)
Limited Investment:
US HIPPA,
UK Health Service,
Canada Health Insurance card
Rely on Partners and ISVs
Germany
EU data protection,
Drivers License, Passport National Id
EU Credit, Debit Card,
IBAN, VAT, BIC, Swift Code
UK
Data Protection Act,
UK National Insurance, Tax Id, UK Driver
License, Passport
EU Credit, Debit Card,
IBAN, BIC, VAT, Swift Code
Canada
PIPED Act,
Social Insurance, Drivers License
Credit Card,
Swift Code
France
EU data protection,
Data Protection Act,
National Id (INSEE),
Drivers License, Passport
EU Credit, Debit Card,
IBAN, BIC, VAT,
Swift Code
Japan
PIPA,
Resident Registration, Social Insurance,
Passport, Driving License
Credit Card,
Bank Account,
Swift Code
Built-in DLP content areas
30. Establishing DLP
Design and implement
• Determine sensitive information types and
related policies or regulations
• Establish policies to protect sensitive data
• Implement Office 365 DLP features
Operate
• Detect sensitive data in email
• Detect sensitive data with document
fingerprinting
• User awareness with Outlook Policy tips
31. What do we mean by eDiscovery?
Source: Wikipedia (http://en.wikipedia.org/wiki/Electronic_discovery)
32. eDiscovery Process
Find relevant content (documents, emails, Lync conversions)DISCOVERY
PRESERVATION
Place content on legal hold to prevent content modification
and/or removal
Collect and send relevant content for processing
Prepare files for review
PRODUCTION
REVIEW
Lawyers determine which content will be
supplied to opposition
Provide relevant content to opposition
COLLECTION
PROCESSING
41. eDiscovery Considerations
• Recoverable Items quotas separate from mailbox quotas
and need to be monitored
• In-Place Hold vs. Single Item Recovery vs. Retention Hold
• Hybrid data sources
44. Risk mitigation
• Centrally managed proactive
enforcement
• Reduced collection touch points
• Consistent and repeatable
Minimised business impact
• Transparent to users
• Minimises the need for offline
copies, until they are needed
• Instantly searchable/exportable
Lower cost!
Important Benefits
51. Content Analysis Process
Joseph F. Foster
Visa: 4485 3647 3952 7352
Expires: 2/2012
Get
Content
4485 3647 3952 7352 a 16 digit number
is detected
RegEx
Analysis
1. 4485 3647 3952 7352 matches checksum
2. 1234 1234 1234 1234 does NOT match
Function
Analysis
1. Keyword Visa is near the number
2. A regular expression for date (2/2012)
is near the number
Additional
Evidence
1. There is a regular expression that matches
a check sum
2. Additional evidence increases confidence
Verdict
52. Office 365 Message Encryption – Encrypt messages to any SMTP address
Information Rights Management – Encrypt content and restrict usage; usually
within own organization or trusted partners
S/MIME – Sign and encrypt messages to users using certificates
Encryption Solutions in Office 365
Template may not be modified
Twitter hashtag: #spsparis for all sessions
Keep the flags corresponding to your session
Data travels with you. Transparent, with controls applied automatically. Anywhere in the world.
From mainstream products
Encryption at Rest: Uses Transparent Data Encryption (TDE). TDE leverages from a server level certificate to do page level encryption on the raw sharepoint database files. Using a symmetric key stored in the SharePoint master database in the form of a certificate. Data is encrypted in AES or 3DES and the original certificate is required to access the database.
Secure Connections: Done via Secure Socket Layer (SSL). SSL performs a certificate exchange process to validate the server's authenticity and encrypt the data passed across the servers, encrypting the information transmitted between them. Attackers trying to use sniff the trafic using WireShark or some similar tool would only see unintelligible content.
Improvement from Litigation hold.
While in Exchange 2010, administrators could only either hold all mailbox data indefinitely or until the hold was removed, in Exchange 2013 In-Place Hold allows administrators to specify what to hold and for how long to hold it for. This allows administrators to create granular hold policies to preserve mailbox items in the following scenarios:
Indefinite In-Place Hold is similar to litigation hold in Exchange 2010 as it is intended to preserve all mailbox items indefinitely, during which period items are never deleted;
Query-based In-Place Hold preserves items based on specified query parameters such as keywords, senders and recipients, start and end dates, and also item types such as e-mails, calendar items, etc. After a query-based In-Place Hold is created, all existing and future mailbox items (including e-mails received at a later date) that match the query parameters are preserved. Note that a query-based hold cannot be used to place unsearchable items on hold (items that could not be indexed by Exchange Search);
Time-based In-Place Hold allows administrators to specify an exact duration of time to hold items for. The duration is calculated from the date a mailbox item is received or created. For example, if a mailbox is placed on a time-based hold with a retention period of 365 days and an e-mail is deleted after 300 days from the date it was received, it is held for an additional 65 days before being permanently deleted;
Multiple holds - place a user on multiple holds to meet different case requirements. In this scenario, search parameters of all In-Place Holds are applied together using an OR operator. If a mailbox is placed on more than five holds, all items are held until the holds are removed, replicating the indefinite hold behavior until the number of holds on the mailbox is reduced to five or less.
Preserving Lync Content
Exchange 2013, Lync 2013 and SharePoint 2013 provide an integrated preservation and eDiscovery experience that allows administrators to preserve and search items across the different data stores. As such, Exchange 2013 allows the archive of Lync 2013 content in Exchange, removing the requirement of having a separate SQL Server database to store archived Lync content.
When placing a mailbox on In-Place Hold, Lync content (such as instant messaging conversations and files shared in online meetings) are archived in the mailbox. Searching the mailbox using the eDiscovery Center in SharePoint 2013 or In-Place eDiscovery in Exchange 2013, any archived Lync content matching the search query is also returned.
To enable archiving of Lync 2013 content in Exchange 2013, administrators must configure Lync integration with Exchange.
Placing all users on hold for a fixed duration
Placing a user on multiple In-Place Holds
In-Place Hold and Litigation Hold
Recoverable Items include:-
Deletions
Purges
Discovery Hold
Versions
Audits
Calendar logging
ALL SEACHABLE
While in Exchange 2010, administrators could only either hold all mailbox data indefinitely or until the hold was removed, in Exchange 2013 In-Place Hold allows administrators to specify what to hold and for how long to hold it for. This allows administrators to create granular hold policies to preserve mailbox items in the following scenarios:
Indefinite In-Place Hold is similar to litigation hold in Exchange 2010 as it is intended to preserve all mailbox items indefinitely, during which period items are never deleted;
Query-based In-Place Hold preserves items based on specified query parameters such as keywords, senders and recipients, start and end dates, and also item types such as e-mails, calendar items, etc. After a query-based In-Place Hold is created, all existing and future mailbox items (including e-mails received at a later date) that match the query parameters are preserved. Note that a query-based hold cannot be used to place unsearchable items on hold (items that could not be indexed by Exchange Search);
Time-based In-Place Hold allows administrators to specify an exact duration of time to hold items for. The duration is calculated from the date a mailbox item is received or created. For example, if a mailbox is placed on a time-based hold with a retention period of 365 days and an e-mail is deleted after 300 days from the date it was received, it is held for an additional 65 days before being permanently deleted;
Multiple holds - place a user on multiple holds to meet different case requirements. In this scenario, search parameters of all In-Place Holds are applied together using an OR operator. If a mailbox is placed on more than five holds, all items are held until the holds are removed, replicating the indefinite hold behavior until the number of holds on the mailbox is reduced to five or less.
Preserving Lync Content
Exchange 2013, Lync 2013 and SharePoint 2013 provide an integrated preservation and eDiscovery experience that allows administrators to preserve and search items across the different data stores. As such, Exchange 2013 allows the archive of Lync 2013 content in Exchange, removing the requirement of having a separate SQL Server database to store archived Lync content.
When placing a mailbox on In-Place Hold, Lync content (such as instant messaging conversations and files shared in online meetings) are archived in the mailbox. Searching the mailbox using the eDiscovery Center in SharePoint 2013 or In-Place eDiscovery in Exchange 2013, any archived Lync content matching the search query is also returned.
To enable archiving of Lync 2013 content in Exchange 2013, administrators must configure Lync integration with Exchange.