3. Office 365 turvalisus, privaatsus ja vastavus
Need on teie andmed
Sinu oma, Sina kontrollid
Microsoft haldab teenust
Microsoft kannab kliendi ees vastutust
Teenuse halduse protseduurid on logitud ja nähtavad
Sisse projekteeritud
privaatsus
Alati vastab
nõuetele
Sisse projekteeritud
turvalisus
4. Microsoft is demonstrating our commitment to protect customer data from government
demands in court actions.
• U.S. Warrant Case. Microsoft is in litigation with the U.S. government to resist a criminal
search warrant seeking customer data stored outside the United States. The case is on
appeal. It raises important questions about the ability of the U.S. government to issue
search warrants for data outside the U.S., given that the government clearly cannot search
homes or business premises abroad.
• National Security Letters. Microsoft resisted a National Security Letter non-disclosure
order, which prohibited Microsoft from notifying the customer of a government demand to
disclose its data. The FBI withdrew the demand.
• Government Requests Transparency. Microsoft filed a lawsuit against the U.S. government
to permit greater disclosure about government demands for customer data. The U.S.
government settled, allowing Microsoft and others to share broader information with
customers.
Microsoft versus USA valitsus
8. Office 365 turvalisuse raamistik
24 Hour
Monitored
Physical
Hardware
Isolated
Customer Data
Secure
Network
Encrypted Data
Automated
operations
Microsoft
security best
practices
Built-inSecurity
Customer Controls
Independent Verification
9. Pidev monitooring ja mehitatud valve
Seismicbracing
24x7 onsite security
staff
Days of backup
power
Tens of thousands
of servers
Perimeter
security
Extensive
monitoring
Multi-factor
authentication
Fire
suppression
10. Enneta leket ja eelda leket
Eelda leket
Kübersõja õppused
Asukoha rünne
Keskne logimine ja
monitoorimine
Enneta leket
Ohu mudel
Koodi läbivaatus
Turvalisuse arendamise
elutsükkel
Turvatestid
Lekke eeldamine tuvastab ja tegeleb
oluliste puudujääkide kõrvaldamisega:
Tuvasta rünne & sissetung
Vasta ründele & sissetungile
Taasta andmelekkest ja andmete muutmisest
Testi turvaintsidentidele reageerimise plaane,
et kiirendada ründe tuvastamist ja taastamist
Vähenda sisemist ründepinda
(et sissetungi korral vähendada ründaja
ligipääsu)
Regulaarne keskkonna hindamine ja puhta
keskkonna taastamine.
11. Taotlus
Luba
Vajaduspõhine
taotlus
Puuduvad pidevad õigused
Ajutine
ligipääs
• Haldajale eraldatakse vähimad vajalikud õigused
eeldusel, et:
• talle on tehtud taustakontroll
• ta on üheselt tuvastatud
• ta on läbinud regulaarse turvakoolituse
juht
Vajaduspõhine ligipääs
Keerulised ühekordsed
salasõnad
„Lock Box“ ligipääsuhaldus
14. S/MIME
Office 365 Message Encryption
Transport Layer Security
BitLocker AES Encryption
PGP tugi kolmanda osapoole
rakenduste kaudu
Kolmanda osapoole krüpto -
näit CypherCloud Gateway
Exchange server
Data disk
Exchange server
Data disk
S/MIME protected
Message
Delivery
User
Office 365
Message
Encryption
SMTP to
partners:
TLS protected
Krüpteerimise võimalused
18. Ühendatud Active Directory, Azure Active Directory
and Active Directory Federation Services
• Federation: Secure SAML token based authentication
• Password Synchronization: Only a one way hash of the password will be
synchronized to WAAD such that the original password cannot be reconstructed
from it.
Täiendavad tuvastusmeetmed:
• Two-Factor Authentication – including phone-based 2FA
• Client-Based Access Control based on devices/locations
• Role-Based Access Control
Kasutajate ligipääs
19. Säilitamine Otsing
Secondary mailbox with
separate quota
Managed through EAC or
PowerShell
Available on-premises,
online, or through EOA
Automated and time-
based criteria
Set policies at item or
folder level
Expiration date shown
in email message
Capture deleted and
edited email messages
Time-Based In-Place Hold
Granular Query-Based In-
Place Hold
Optional notification
Web-based eDiscovery Center and
multi-mailbox search
Search primary, In-Place Archive,
and recoverable items
Delegate through roles-based
administration
De-duplication after discovery
Auditing to ensure controls
are met
In-Place Archive Governance Hold eDiscovery
Kirjade arhiveerimine ja säilitamine