office 365 security and compliance overview - aktina eliades... · two faces of compliance in...
TRANSCRIPT
![Page 1: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/1.jpg)
Office 365 Security and Compliance overview
Angelos EliadesMicrosoft Certified Trainer, Training Manager at Aktina
![Page 2: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/2.jpg)
Common Business Requirements
• Security • Is my information safe?
• Retention • What happens when an employee leaves?
• Policies • How do we manage our information?
• Auditing • What's happening to the information?
• Control • Who has access to the information?
• Reporting • How do I know what's happening with the information?
![Page 3: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/3.jpg)
Office 365 Defense
Physical controls, video surveillance, access control
Edge routers, firewalls, intrusion detection, vulnerability scanning
Dual-factor authentication, intrusion detection, vulnerability scanning
Access control and monitoring, anti-malware, patch and configuration management
Secure engineering, access control and monitoring, anti-malware
Account management, training and awareness, screening
Threat and vulnerability management, security monitoring, and response, access control and monitoring, file/data integrity, encryption
Physical Layer
Logical Layer
Data Layer
![Page 4: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/4.jpg)
Two faces of compliance in Office 365
Built-in service capabilities (global compliance)
Customer controls for complianceand internal policies
• Access Control
• Auditing and Logging
• Continuity Planning
• Incident Response
• Risk Assessment
• Communications Protection
• Identification and Authorization
• Information Integrity
• Awareness and Training
• Data Loss Prevention
• Archiving
• Retention
• eDiscovery
• Legal Hold
• Encryption
• S/MIME
• Rights Management
• Office 365 email encryption
![Page 5: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/5.jpg)
Security best practices like penetration testing, Defense-in-depth to protect against cyber-threats
![Page 6: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/6.jpg)
Network security
Network Separated
Data Encrypted
• Networks within the Office 365 data centers are segmented. • Physical separation of critical, back-end servers & storage devices from public-facing interfaces. • Edge router security allows ability to detect intrusions and signs of vulnerability.• firewall rules and host based firewall rules are implemented in the network
![Page 7: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/7.jpg)
Personnel security - Just in time access
• Mandatory background check for high-privilege access, fingerprinting, security training. • Just-In-Time access and elevation that is granted on an as-needed (default access time is 4 hours)
• System grants least privilege required to complete task• Role Based Access Control - RBAC• Servers in Office 365 service, have a pre-determined set of processes that can be run using Applocker
Approvalprocess
Requestwith reason
Temporary access
Microsoft admin/engineerZero standing privileges
![Page 8: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/8.jpg)
Datacenters security
• Sectional Datacenters • No access to individual computing components • Very small IT staff onsite
• Physical Access Controls • Biometric sensors, 24-hour secured access• Motion sensors• Location known and recorded at all times• Security breach alarms.
• Physical Security of containers• Redundancy and Disaster Recovery• Regularly back up data
![Page 9: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/9.jpg)
Where is my data?
http://o365datacentermap.azurewebsites.net/
![Page 10: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/10.jpg)
Customer data isolation
• Designed to support logical isolation of data that multiple customers store in same physical hardware.
• Intended or unintended mingling of data belonging to a different customer/tenant is prevented by design using Active Directory organizational units
![Page 11: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/11.jpg)
Customer data Security
• Data in transit • Strong SSL/TLS protocols• Client to Server encryption • Datacenter-to-datacenter encryption
• Data at rest • BitLocker 256bit AES disk encryption • Auditing• Per-file encryption for customer content • Encryption at rest protects data on servers
![Page 12: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/12.jpg)
Encryption at rest with Per-file Encryption
1
2
5
3
4
6
Storage containers
E
![Page 13: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/13.jpg)
Breach simulations
![Page 14: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/14.jpg)
Privacy
Privacy by design means that Microsoft do not use your informationfor anything other than providing your services
![Page 15: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/15.jpg)
Recent worldwide uptimes
SLA: Commit to delivering at least 99.9%* uptime with a financially backed guarantee.*43 minutes per month, 10% service credits
2014 2015
99.95% 99.98% 99.99% 99.99% 99.95% 99.98% 99.98%
Q2 Q3 Q4 Q1 Q2 Q3 Q4
![Page 16: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/16.jpg)
Standards & Certifications
https://products.office.com/business/office-365-trust-center-top-10-trust-tenets-cloud-security-and-privacy
![Page 17: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/17.jpg)
Data security with access control, encryption and strong authentication
Unique customer controls with Rights Management Services to allow customers to protect information
![Page 18: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/18.jpg)
Anti Spam/ Anti Virus
• Multi-engine antimalware protects against 100% of known viruses. • Continuously updated anti-spam protection captures 98%+ of all inbound spam. • Advanced fingerprinting technologies that identify and stop new spam and phishing vectors in
real time. • Mark all bulk messages as spam. • Block unwanted email based on language or geographic origin.
![Page 19: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/19.jpg)
Multi-factor authentication using any phone
Push Notification One time Passcode
(OTP) Token
Office or mobile device
One-time Passcode (OTP) by SMS
Needs something you “know” (a password?) and something you “own” (a mobile phone?)
Mobile Apps Phone calls Text Messages
![Page 20: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/20.jpg)
Mobile Device Management-BYOD
ConditionalAccess
DeviceManagement
SelectiveWipe
Advanced ApplicationManagement
Microsoft IntuneMDM Office 365 Built-in
![Page 21: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/21.jpg)
Mobile Device Management Conditional access
![Page 22: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/22.jpg)
Mobile Device Management Device management
![Page 23: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/23.jpg)
Mobile Device Management Selective Wipe
![Page 24: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/24.jpg)
Rights Management Service
Prevents sensitive information from being printed, forwarded, or copied by unauthorized peopleinside the organization.
• Hosted service, with limited infrastructureto maintain.
• Persistent protection stays with the fileno matter where it goes.
• Granular permissions control who can opena file and then what they can do with it.
• Flexibility to use user-defined permissionpolicies and centrally defined templates.
• RMS can be applied to any file type using RMS app*
![Page 25: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/25.jpg)
RMS with SharePoint online
![Page 26: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/26.jpg)
RMS over other approaches
Functionality RMS in Office 365 S/MIMEACLs
(Access Control Lists)
BitLocker
Data is encrypted in the cloud
Encryption persists with content
Protection tied to user identity
Protection tied to policy (edit, print, do not forward, expire after 30 days)
Secure collaboration with teams and individuals
Native integration with my services (Content indexing, eDiscovery, BI, virus/malware scanning)
Lost or stolen hard disk
![Page 27: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/27.jpg)
Data Loss Prevention -DLP• Prevents sensitive data from leaking
either inside or outside the organization
• Provides an Alert when data such as Social Security & Credit Card Number is emailed.
• Alerts can be customized by Admin to catch intellectual Property from being emailed out.
• Permit users to manage their compliance • Doesn't disrupt user workflow• Works even when disconnected• Configurable and customizable• Admin customizable text and actions• Built-in templates based on common
regulations • Import DLP policy templates from security
partners or build your own
![Page 28: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/28.jpg)
DLP document fingerprinting
Scan email and attachments to look for patterns that match document
templates
Protect sensitive documents from being accidently shared outside
your organization
No coding required; simply upload sample documents to create
fingerprints
![Page 29: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/29.jpg)
eDiscovery and In-Place Hold
Hold Deletion Search
Keep the data you do want Delete the data you don't want Find the data you need
Data Held In-Place
Customize holds based on filters
Hold across multiple products in a single action
Capture deleted & edited messages
Automated time-based criteria to delete
Set policies at item or folder level admin or user
Set site level retention polices
Search across multiple products
De-duplication & search statistics
Case management
Export search results
Perform searches and place holds on mailboxes, SharePoint Online Sites, and OneDrive for Business locations.
![Page 30: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/30.jpg)
More encryption mechanisms
• Rights Management Service with DLP• S/MIME* provides secure certificate-based
email access. • Office 365 Message Encryption allows to
send encrypted email to any SMTP address
*Secure/ Multipurpose Internet Mail Extensions
![Page 31: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/31.jpg)
Security Threats and Countermeasures
Threats Countermeasures
• Stolen Password • Data Leakage • Unsecure Transport • Lost Devices
• Computer • Mobile • USB Drive
• Disk Failures • DOS / Unavailability
• Internal theft of Data
• Two Factor Authentication • DLP Policy • Mail Encryption
• Hard Drive Encryption• Remote Device Wipe • Portable File Encryption
• Redundant Storage • Throttling / 99-98 quarterly uptime
• Physical and Employee Security • Encryption in Transit • Encryption at Rest
![Page 32: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/32.jpg)
Office 365 email Encryption and DLP fingerprint
Demo
![Page 33: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/33.jpg)
![Page 34: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/34.jpg)
![Page 35: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/35.jpg)
![Page 36: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/36.jpg)
![Page 37: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/37.jpg)
![Page 38: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/38.jpg)
![Page 39: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/39.jpg)
![Page 40: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/40.jpg)
To send the message without removing the information, you must first select Override
![Page 41: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/41.jpg)
![Page 42: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/42.jpg)
![Page 43: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/43.jpg)
![Page 44: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/44.jpg)
![Page 45: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/45.jpg)
![Page 46: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/46.jpg)
![Page 47: Office 365 Security and Compliance overview - AKTINA Eliades... · Two faces of compliance in Office 365 Built-in service capabilities (global compliance) Customer controls for compliance](https://reader033.vdocuments.net/reader033/viewer/2022050104/5f4309482696597a8076cedd/html5/thumbnails/47.jpg)