microsoft india - unified communications exchange server 2010 information protection and control...
DESCRIPTION
TRANSCRIPT
Exchange Server 2010 Information Protection and Control
NameTitleMicrosoft Corporation
The High Cost of Data Leakage
“HR executive accidentallye-mails lay-off plan to entire organization.”
“College staff member accidentally e-mails attachment containing personal information of 15,794 graduates.”
“Public-relations firm faces PR nightmare after unintentionally e-mailing journalists about one of its clients.”
“Secret Service agent sends unencrypted e-mail revealing details of vice presidential tour.”
Information Protection and Control (IPC)
Exchange Server 2010 helps prevent the unauthorized transmission of sensitive information with tools that can automatically:
MONITOR e-mail for specific content, recipients and other attributes
CONTROL distribution with automated, granular polices
PROTECT access to data wherever it travels using rights management
PREVENT• Violations of corporate policy and best practices • Non-compliance with government and industry regulations• Loss of intellectual property and proprietary information • High-profile leaks of private information and customer
records • Damage to corporate brand image and reputation
Benefits of Automated Controls
Reduce User Error• Majority of data loss incidents are accidental• Users forget policies or apply incorrect policy
Enable More Consistent Policy• Automation facilitates rapid policy changes across the
organization• Critical for internal/external governance and compliance
Improve Efficiency • Offload complex data polices from users • Enable centralized policy creation, execution and
management
LESS RESTRICTIVE MORE RESTRICTIVE
• Apply the right level of control based on the sensitivity of the data
• Maximize control and minimize unnecessary user disruptions
Benefits of Granular Controls
Alert “Allow
delivery but add a
warning.”
Append “Allow
delivery but add a
disclaimer.”
Protect“Allow
delivery but prevent
forwarding.”
Redirect“Block
delivery and
redirect.”
Review “Block
delivery until
reviewed.”
Block“Do not deliver.”
Modify “Allow
delivery but modify message.”
Classify “Allow
delivery but apply
classification.”
MailTipsAlert users about potential risks
Apply multiple alerts
Create custom MailTips to prompt policy reminders
Protect sensitive data from accidental distribution
Alert
Transport Rules
Conditions
Exceptions
Actions
If the message...Is from a member of the group ‘Executives’And is sent to recipients that are 'Outside the organization' And contains the keyword ‘Merger’
Do the following...Redirect message to: [email protected]
Except if the message...Is sent to ‘[email protected]
• Executed on the Hub Transport Server
• Structured like Inbox rules
• Apply to all messages sent inside and outside the organization
• Configured with simple GUI in Exchange Management Console
Easily enforce granular policies
<< >>
Conditions
Specific Users Detects mail between people, distribution lists
Specific Content Inspects subject, header and body for keywords, regular expressions
Message Properties Inspect message headers and properties or type
Classifications Scans for classifications such as Attorney-Client Privileged
Attachments Scans size, name and content (Office documents)
Classifications Can now also act on No Classifications
Message Types IRM protected, auto-replies, calendaring, voice mail
Supervision Lists Allows/Blocks based on listed recipients
Management Properties
Identifies manager and applies policy
User Properties Scans for user attributes (such as department, country)
Conditions When the message contains…
Fine tune rules with detailed criteria
<< >>
Actions
Block Blocks and deletes message and can send non-delivery report
Classify Applies classification such as attorney-client privilege
Modify Adds disclaimer to body or text to subject line
Reroute Adds additional recipients to cc or Bcc line or re-directs
Append Applies disclaimer per each user’s specific attributes
Review Enables review and approval of e-mail before delivery
Protect Applies rights protection to messages, attachments
Actions …do the following…
Apply the appropriate level of control
<< >>
Dynamic Signatures
Signatures integrated with Active Directory attributes
Option of basic text or HTML
Automatically apply signatures per user attributes
Append
Moderation Review
Moderate based on sender, DL, content
Approve or Reject with option to send response
Moderator can be a specific user or sender’s manager
Enable review and approval of e-mail before delivery
ProtectInformation Rights Management
• Persistent protection − Protects your sensitive information no matter where it is
sent− Usage rights locked within the document itself− Protects online and offline, inside and outside of the firewall
• Granular control − Users apply IRM protection directly within an e-mail− Organizations can create custom usage policy templates
such as "Confidential—Read Only"− Limit file access to only authorized users
Information Rights Management (IRM) provides persistent protection to control who can access, forward, print, or copy sensitive data within an e-mail.
Granular protection that travels with the data
Transport Protection Rules
• IRM protection can be triggered based on sender, recipient, content and other conditions
• Office 2003, 2007, and 2010 attachments also protected
Apply RMS policies automatically using Transport Rules
Apply “Do Not Forward” or custom RMS templates
Automatically apply IRMProtect
Outlook Protection RulesProvide users more IRM protection options
IRM protection can still be applied manually
User can be granted option to turn off rule for non-sensitive e-mail
Adding recipient or distribution list can trigger IRM protection automatically before sending
Protect
IRM in Outlook Web App
Native support for IRM in OWA eliminates need for Internet Explorer Rights Management add-on
Office documents also protected
Access to standard and custom RMS templates
Read and reply to protected messages
• Cross-browser support enables Firefox and Safari users to create and consume IRM-protected messages
Protect
Protected Voice Mail
“Do Not Forward” template
Prevent forwarding of voice mail
• Integration with AD RMS and Exchange Unified Messaging
• Permissions designated by sender (by marking the message as private) or by administrative policy
Protect
IRM Search
Multi-mailbox search includes option to search IRM-protected items
Conduct full-text search of IRM-protected mail and attachments in Outlook (online) and OWA
Index and search protected items
Protect
Protected messages sent to transport server
Messages and attachments decrypted to enable content filtering, transport rules
Infected messages and spam can be filtered
Messages are re-encrypted and delivered
IRM DecryptionEnable scanning, filtering, journaling
Journaled messages include decrypted clear-text copy
Protect
Protection and Control ScenariosScenarios Examples Supporting Exchange 2010 Features
Ethical WallRestrict e-mail between analysts and brokers
• Transport rules to block mail between specific users or groups
Supervision Manager required to sign-off on mail to sensitive partner
• Send to manager for approval• MailTips for moderated recipients
HR PolicyInappropriate content • Filter for keywords and block, redirect,
modify
Privacy
HIPAA (health data) GLBA (financial data) PIPEDA (Canada) PCI (Worldwide)
• Apply MailTips to alerts for external recipients
• Apply IRM protection to control access• Monitor for credit card numbers and
other personally identifiable information (PII)
Signatures EUPD 2003/58/EC• Append disclaimer that includes name,
title, department, etc.
Automatically monitor and control the distribution of sensitive information
Better protect access to data with persistent Information Rights Management
MailTips guide users with automatic alerts before sending
Transport Rules automatically enforce granular polices
Expanded Transport Rule conditions enable more specific policies
New actions: Dynamic Signatures, Moderation, IRM Protection
Apply by policy with Transport Protection Rules, Outlook Protection Rules
Extend user access with IRM in OWA, Outlook, Windows Mobile
Enable search, AV/AS scanning, filtering, journaling of protected mail
Ensure the right level of control is applied to the right messages
IPC with Exchange Server 2010
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Internet Explorer, Outlook, Windows Mobile, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this
presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.