SlideShare ist ein Scribd-Unternehmen logo

Microsoft India - Security and Data Loss Protection Case Study

Als DOC, PDF herunterladen
Microsoft Private Cloud
Microsoft Private Cloud

To safeguard data stored in and transmitted from Microsoft® offices and portable devices around the world, the Microsoft IT Security team used the Active Directory® service to manage data-access rights and early versions of RSA® Data Loss Prevention (DLP) products to locate sensitive data. This solution required IT staff to create and maintain custom classification systems and then manually notify content owners to update their file-access and classification rules. Microsoft IT Security upgraded to Active Directory Rights Management Services in the Windows Server® 2008 operating system, as well as version 7 of DLP Datacenter. Now, Microsoft can automatically apply targeted and persistent protection according to industry best practices for improved regulatory compliance, freeing up IT time and lowering the risk of a security breach.

Technologie
1 von 9
Microsoft IT Customer Solution Case Study Microsoft IT Strengthens Security with Data Loss Prevention Solution Overview “With the RSA DLP Suite and Active Country or Region: United States Industry: IT services Directory Rights Management Services, we know where the sensitive information Customer Profile The Microsoft® IT division is, and we can automatically apply specific supports the daily computing operations of Microsoft safeguards just to the files that need Corporation, which is To safeguard data stored in and transmitted from headquartered in Redmond, Washington. Microsoft® offices and portable devices around the world, the Microsoft IT Security team used the Business Situation Microsoft relied on content Active Directory® service to manage data-access owners to adjust access and rights and early versions of RSA® Data Loss classification settings for sensitive data in file shares and Prevention (DLP) products to locate sensitive on SharePoint® sites; data on data. This solution required IT staff to create and users’ computers was vulnerable to security breaches. maintain custom classification systems and then manually notify content owners to update their Solution Microsoft used its Active file-access and classification rules. Microsoft IT Directory® Rights Management Security upgraded to Active Directory Rights Services and the RSA® Data Loss Prevention Suite from EMC Management Services in the Windows Server® Corporation to automatically 2008 operating system, as well as version 7 of apply persistent access rights to data according to its DLP Datacenter. Now, Microsoft can sensitivity level. automatically apply targeted and persistent Benefits protection according to industry best practices for • Automated process improved regulatory compliance, freeing up IT • Persistent protection • Easier, less costly time and lowering the risk of a security breach. compliance • Tighter information security • Freed IT time
Situation Microsoft® IT Operations is part of Classifying sensitive data is the greater Information Security complex, as a range of corporate organization at Microsoft and industry regulations govern Corporation. Its Microsoft IT its protection, such as Personally Security team is responsible for Identifiable Information (PII) and testing and deploying security Intellectual Property (IP). solutions that protect the entire Microsoft takes these into company’s data. The data to be account, along with internal safeguarded includes financial, corporate policies and legal personnel, and marketing requirements. Once at-risk data information, which is stored on has been identified, it must be and transferred among hundreds physically located, and content of thousands of personal owners must help classify its computers, servers, file shares, sensitivity as being low, medium, Storage Area Networks, and or high business impact (HBI) to Microsoft Office SharePoint® help ensure the proper level of Server sites. protection. Whereas less-sensitive data can The Data-Protection Challenge be adequately protected by The challenge is huge. With limiting users’ access, HBI data information residing in more often requires encryption in order places, such as mobile devices, to best meet regulatory and with employees, partners, standards. The challenge is customers, and vendors working finding a way to efficiently apply from home, the office, and the encryption just to selected field, enterprises face growing content, keeping in mind how it risks of inadvertent or malicious will be used and who will need to data leaks. For example, whether access it; applying encryption too intentionally or accidentally, broadly can be prohibitively sensitive information might be expensive in terms of dollars, IT sent as an attachment to an e- time, and lost productivity due to mail message or transmitted access issues and identity and outside the firewall via File key management. Transfer Protocol and could be intercepted. Furthermore, simply The Original Solution transmitting sensitive data In 2006, Microsoft IT Security outside the organization can addressed information security by breach regulatory compliance using two Data Loss Prevention guidelines. “Loss of sensitive (DLP) products from RSA, the data is an operational risk for security division of EMC Microsoft,” says Olav Opedal, Corporation. With RSA® DLP Senior Program Manager for Datacenter Enterprise 3.2, Microsoft IT Security. Microsoft IT Security could
“If we have an discover and apply safeguards to and used Active Directory to sensitive data at rest—that is, validate user access and access external or internal information residing in data rules. Microsoft IT Security repositories. In 2008, using DLP scanned for sensitive data using threat, our Network 6.0, the team could the RSA DLP products and then information is monitor and enforce information- manually notified the content security and regulatory- owners in cases when they protected with requirement classification policies should update the Active on data in motion—that is, Directory access control lists Active Directory information leaving the Microsoft (ACLs) or other classification Rights network. rules that controlled users’ data- access rights. Or, Microsoft IT Management To manage user-identity and Security sent notifications to the data-access rights, Microsoft IT end users and, in some cases, Services.” Security also used the Active handled the updates itself. Olav Opedal, Senior Program Directory® directory service, part Manager, Microsoft IT Security of the Windows Server® 2003 To increase efficiency and operating system. With Active compliance with information- Directory object user security policies, Microsoft IT authorization, the type of access Security wanted to further granted to objects (such as automate the solution—especially servers and shared volumes) is by automatically and selectively determined by the rights that are encrypting specific types of data, assigned to the user and which such as HBI documents, instead permissions are attached to the of relying on content owners to objects. An object is a set of adjust their ACLs and attributes that can include shared classification rules to restrict resources, such as printers; access. network user and computer accounts; and domains, Microsoft IT Security also wanted applications, and services. to better protect unencrypted documents. For example, users This solution required Microsoft IT who had general file-access Security to build and maintain rights to open and read a classification systems for file Microsoft Office Word document shares and SharePoint sites saved on their own storage around the company. Content device could forward that owners then classified their document outside of Microsoft, shares and sites based on the where they no longer had control types of documents stored in over it. If these users left them. Depending on the Microsoft, they would continue to classification the owners chose, have access to that document. Microsoft IT Security applied To improve the solution, Microsoft safeguards to those locations
IT Security needed more The Microsoft IT team that advanced technology. manages Active Directory Rights Management Services simply creates Rights Management Solution Services templates that should be In December 2008, the used to protect particular types technology needed to solve these of sensitive data (Figure 1). The problems became available when templates specify which users RSA integrated its DLP products should have access to the data with Active Directory Rights and the level of access through Management Services. With the rights, such as view, edit, and addition of Rights Management print. Then Microsoft IT Security Services, Microsoft IT Security designs RSA DLP policies for can protect sensitive information finding sensitive data of that type, to specific users according to a and the new solution predefined set of rights—such as automatically applies the Rights the rights to view, edit, or print Management Services template documents—that are applied to the data at rest wherever it automatically. Rights resides in the enterprise. The Management Services is part of solution also sends notifications the Windows Server 2008 to content owners, who no longer operating system, which need to update their ACLs or Microsoft upgraded to in early classifications manually. To 2008. ensure that encryption is not applied too broadly, Microsoft IT Rights Management Services Security chose a Rights helps safeguard digital Management Services template information from unauthorized that allows users to collaborate use, both online and offline, inside on and copy protected content. and outside the firewall, by But if the content extends outside identifying which files should have of the organization, it is persistent usage policies and safeguarded with Rights rights management applied to Management Services protection them, and which ones should also and cannot be opened, viewed, be encrypted. With persistent edited, or copied, as the content protection from Rights can only be opened by current Management Services, these Microsoft employees. safeguards are part of the data itself. This means that no matter where the data resides, it carries the permissions and restrictions with it.
Figure 1. The five-step process for protecting HBI documents For Windows Server 2008 R2, instead of requiring content on files with joint DLP and Microsoft IT Security uses the File owners to classify entire file Active Directory Rights Classification Infrastructure (FCI) shares. Management Services to classify HBI files residing on a The Microsoft IT Security team file server. When used in worked with stakeholders across conjunction with the File Server the company to shape the new Resource Manager feature in solution. The stakeholders include Windows Server 2008 R2, IT staff teams from File Share can get insight into the Operations, Active Directory distribution of HBI data, automate Rights Management Services, the enforcement of document and other Collaboration Services retention policies, and apply user groups; various technical-support rights and encryption according tiers; and Microsoft Legal and to classification—all as part of the business-review groups. operating system. With the Stakeholder participation was addition of the Active Directory important because applying Rights Management Services Rights Management Services to Bulk Protection Tool, which will be documents would affect released in late 2009, Microsoft production server service levels IT Security can fully automate the and other aspects of the IT identification, monitoring, and infrastructure. Says Opedal, “We remediation of HBI data on file wanted to ensure that servers on a per-file basis— infrastructure, operations, and
“By building these technical support teams would be can also apply targeted ready, so service levels would encryption and other safeguards technologies into stay high. And, without feedback automatically. This automation and buy-in from stakeholders who has freed up IT resources, and the infrastructure, are willing to classify data, the Microsoft reports fewer data we’re creating a technology cannot discover the leaks. data as effectively.” solution with fewer Automated Process, Persistent Protection Microsoft IT Security is also The integration of Rights tools to buy, taking steps to help safeguard Management Services and RSA deploy, and data that falls outside the existing DLP reduces cost and increases rules and definitions it has efficiency. Microsoft IT Security manage. That’s programmed into RSA DLP can use the solution to centrally products. “Due to the complex apply targeted and persistent comprehensive nature of information—for rights, access policies, and security that’s example, intellectual property— safeguards to data based on there’s more sensitive data than sensitivity level, without the need built-in, not added we have written rules for to manually notify content owners identifying,” says Opedal. “But, or end users. Wherever sensitive we can assume that if data is data at rest resides—on personal stored in a highly sensitive site computers, servers, databases, that that data is also highly applications, and more—and sensitive.” The team is starting wherever it goes, those to use the new solution, including permissions stay with it. the Bulk Protection Tool, to address this situation. With the Opedal says, “We get automatic, addition of this tool, the team can persistent, and targeted fully automate identification, protection of sensitive information monitoring, and remediation of as the solution scans for it. If we HBI data on file servers on a per- have an external or internal file basis, for targeted encryption threat, our information is and rights management. protected with Active Directory Rights Management Services. Now, we can automatically detect Benefits sensitive information and apply In just six months, Microsoft IT safeguards, and the system Security implemented an end-to- notifies the owner that no further end information-security solution action is necessary. Thanks to and has scanned one-third of the the Active Directory Rights company’s file environment. The Management Services Bulk solution applies persistent Protection Tool and the new FCI safeguards according to data capabilities in Windows Server sensitivity level for easier and 2008 R2, content owners no less-costly compliance. The team longer have to classify their file
shares or manually encrypt their HBI documents.” Automation also reduces the risk of content owners not applying policies properly. Easier, Less Costly Compliance Microsoft can help safeguard its important information by applying controls based on data sensitivity, for targeted protection. Microsoft employees can stay compliant automatically with data handling standards that call for encryption of HBI documents—without the expense of applying encryption too broadly. This is important, as Microsoft has many terabytes of stored data. Says Opedal, “If we were to encrypt all that data, the cost would outweigh the benefits. With the RSA DLP Suite and Active Directory Rights Management Services, we know where the sensitive information is, and we can automatically apply specific safeguards just to the files that need them.” Tighter, More Efficient Information Security Microsoft IT Security has scanned millions of documents using the new solution and has encrypted thousands of them. Opedal expects to encrypt tens of thousands of additional documents by the time Microsoft IT Security has finished running the Active Directory Rights Management Services Bulk Protection Tool.
For More Information Freed IT Time Microsoft Server Product For more information about With automation, Microsoft IT Portfolio Microsoft products and Security has freed up one half of For more information about the services, call the Microsoft one developer’s time from Microsoft server product Sales Information Center at creating and maintaining portfolio, go to: (800) 426-9400. In Canada, call classification systems for file www.microsoft.com/servers/defa the Microsoft Canada shares. “That is developer time ult.mspx Information Centre at (877) that we can use for other 568-2495. Customers in the projects,” says Opedal. “We United States and Canada who expect to get the same time are deaf or hard-of-hearing can savings from our SharePoint sites reach Microsoft text telephone too, once we deploy the next (TTY/TDD) services at (800) version of Office SharePoint 892-5234. Outside the 50 Server.” United States and Canada, please contact your local Future Plans Microsoft subsidiary. To access In the long term, Microsoft will information using the World build the RSA Data Loss Wide Web, go to: Prevention classification www.microsoft.com technology into the Microsoft platform and future information For more information about protection products. The resulting Microsoft IT products and collaboration is designed to services, call (800) 426-9400 enable organizations to centrally or visit the Web site at: define information security policy, www.microsoft.com automatically identify and classify sensitive data virtually anywhere in the infrastructure, and use a range of controls to protect data at the endpoints, network, and data center. “By building these technologies into the Microsoft platform,” says Opedal, “we’re creating a solution with fewer tools to buy, deploy, and manage. That’s comprehensive security that’s built-in, not added on.” Software and Services • Technologies • Microsoft Server Product • Active Directory Rights Portfolio Management Services • Windows Server 2008 R2 This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Document published September 2009

Empfohlen

Data Loss Case Study - Backup and Disaster Revovery
Data Loss Case Study - Backup and Disaster RevoveryData Loss Case Study - Backup and Disaster Revovery
Data Loss Case Study - Backup and Disaster RevoveryMichael Rafferty
 
Data Loss Prevention de RSA
Data Loss Prevention de RSAData Loss Prevention de RSA
Data Loss Prevention de RSAAEC Networks
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Network Intelligence India
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 
Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Symantec
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)Hussein Al-Sanabani
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
 

Empfohlen

Data Loss Case Study - Backup and Disaster Revovery
Data Loss Case Study - Backup and Disaster RevoveryData Loss Case Study - Backup and Disaster Revovery
Data Loss Case Study - Backup and Disaster RevoveryMichael Rafferty
 
Data Loss Prevention de RSA
Data Loss Prevention de RSAData Loss Prevention de RSA
Data Loss Prevention de RSAAEC Networks
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Network Intelligence India
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 
Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Symantec
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)Hussein Al-Sanabani
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
 
Hyper-V improves appliance manufacturer’s productivity
Hyper-V improves appliance manufacturer’s productivityHyper-V improves appliance manufacturer’s productivity
Hyper-V improves appliance manufacturer’s productivityMicrosoft Private Cloud
 
AcXess saves U.S.$5 million in hardware with Hyper V
AcXess saves U.S.$5 million in hardware with Hyper VAcXess saves U.S.$5 million in hardware with Hyper V
AcXess saves U.S.$5 million in hardware with Hyper VMicrosoft Private Cloud
 
Microsoft at No. 1 Spot In Customer Satisfaction Audit - Data Quest
Microsoft at No. 1 Spot In Customer Satisfaction Audit - Data QuestMicrosoft at No. 1 Spot In Customer Satisfaction Audit - Data Quest
Microsoft at No. 1 Spot In Customer Satisfaction Audit - Data QuestMicrosoft Private Cloud
 
Cloud Computing Myth Busters - Know the Cloud
Cloud Computing Myth Busters - Know the CloudCloud Computing Myth Busters - Know the Cloud
Cloud Computing Myth Busters - Know the CloudMicrosoft Private Cloud
 
Economics of the Cloud - A Report Based On CFO Survey
Economics of the Cloud - A Report Based On CFO SurveyEconomics of the Cloud - A Report Based On CFO Survey
Economics of the Cloud - A Report Based On CFO SurveyMicrosoft Private Cloud
 
Assess The Economics Of The Cloud By Using In Depth Modeling
Assess The Economics Of The Cloud By Using In Depth ModelingAssess The Economics Of The Cloud By Using In Depth Modeling
Assess The Economics Of The Cloud By Using In Depth ModelingMicrosoft Private Cloud
 
A Guide To Finding Your Cloud Power
A Guide To Finding Your Cloud PowerA Guide To Finding Your Cloud Power
A Guide To Finding Your Cloud PowerMicrosoft Private Cloud
 
TicTacTi Advertising Improves by 400% by Adopting to Cloud Computing Case Study
TicTacTi Advertising Improves by 400% by Adopting to Cloud Computing Case StudyTicTacTi Advertising Improves by 400% by Adopting to Cloud Computing Case Study
TicTacTi Advertising Improves by 400% by Adopting to Cloud Computing Case StudyMicrosoft Private Cloud
 
REEDS Jeweller Moves to Online Services to Boost Productivity and Cut Costs b...
REEDS Jeweller Moves to Online Services to Boost Productivity and Cut Costs b...REEDS Jeweller Moves to Online Services to Boost Productivity and Cut Costs b...
REEDS Jeweller Moves to Online Services to Boost Productivity and Cut Costs b...Microsoft Private Cloud
 
Godiva Chocolatier Saves $250,000 Annually by Moving Email to Cloud Case Study
Godiva Chocolatier Saves $250,000 Annually by Moving Email to Cloud Case StudyGodiva Chocolatier Saves $250,000 Annually by Moving Email to Cloud Case Study
Godiva Chocolatier Saves $250,000 Annually by Moving Email to Cloud Case StudyMicrosoft Private Cloud
 
Aviva Insurance Enhanced its Global Communication and Collaboration with Micr...
Aviva Insurance Enhanced its Global Communication and Collaboration with Micr...Aviva Insurance Enhanced its Global Communication and Collaboration with Micr...
Aviva Insurance Enhanced its Global Communication and Collaboration with Micr...Microsoft Private Cloud
 
Microsoft Windows Server 2008 R2 - Upgrading from Windows 2000 to Server 2008...
Microsoft Windows Server 2008 R2 - Upgrading from Windows 2000 to Server 2008...Microsoft Windows Server 2008 R2 - Upgrading from Windows 2000 to Server 2008...
Microsoft Windows Server 2008 R2 - Upgrading from Windows 2000 to Server 2008...Microsoft Private Cloud
 
Simplify Your IT Management with Microsoft SharePoint Online: Whitepaper
Simplify Your IT Management with Microsoft SharePoint Online: WhitepaperSimplify Your IT Management with Microsoft SharePoint Online: Whitepaper
Simplify Your IT Management with Microsoft SharePoint Online: WhitepaperMicrosoft Private Cloud
 
Engage Customers through Real Time Meetings with Microsoft Office Live Meetin...
Engage Customers through Real Time Meetings with Microsoft Office Live Meetin...Engage Customers through Real Time Meetings with Microsoft Office Live Meetin...
Engage Customers through Real Time Meetings with Microsoft Office Live Meetin...Microsoft Private Cloud
 
Get Instant Messaging and Presence Functionality with Microsoft Office Commun...
Get Instant Messaging and Presence Functionality with Microsoft Office Commun...Get Instant Messaging and Presence Functionality with Microsoft Office Commun...
Get Instant Messaging and Presence Functionality with Microsoft Office Commun...Microsoft Private Cloud
 
Deployment Guide for Business Productivity Online Standard Suite: Whitepaper
Deployment Guide for Business Productivity Online Standard Suite: WhitepaperDeployment Guide for Business Productivity Online Standard Suite: Whitepaper
Deployment Guide for Business Productivity Online Standard Suite: WhitepaperMicrosoft Private Cloud
 
Communicate Easily with Others in Different Locations with Microsoft Office C...
Communicate Easily with Others in Different Locations with Microsoft Office C...Communicate Easily with Others in Different Locations with Microsoft Office C...
Communicate Easily with Others in Different Locations with Microsoft Office C...Microsoft Private Cloud
 
Introduction to Microsoft SharePoint Online Capabilities, Security, Deploymen...
Introduction to Microsoft SharePoint Online Capabilities, Security, Deploymen...Introduction to Microsoft SharePoint Online Capabilities, Security, Deploymen...
Introduction to Microsoft SharePoint Online Capabilities, Security, Deploymen...Microsoft Private Cloud
 
Cloud Based Communications Solutions from Microsoft
Cloud Based Communications Solutions from MicrosoftCloud Based Communications Solutions from Microsoft
Cloud Based Communications Solutions from MicrosoftMicrosoft Private Cloud
 
Reduce Capital & Operational Expenses with Business Productivity Online Suite
Reduce Capital & Operational Expenses with Business Productivity Online SuiteReduce Capital & Operational Expenses with Business Productivity Online Suite
Reduce Capital & Operational Expenses with Business Productivity Online SuiteMicrosoft Private Cloud
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Weitere ähnliche Inhalte

Mehr von Microsoft Private Cloud

Hyper-V improves appliance manufacturer’s productivity
Hyper-V improves appliance manufacturer’s productivityHyper-V improves appliance manufacturer’s productivity
Hyper-V improves appliance manufacturer’s productivityMicrosoft Private Cloud
 
AcXess saves U.S.$5 million in hardware with Hyper V
AcXess saves U.S.$5 million in hardware with Hyper VAcXess saves U.S.$5 million in hardware with Hyper V
AcXess saves U.S.$5 million in hardware with Hyper VMicrosoft Private Cloud
 
Microsoft at No. 1 Spot In Customer Satisfaction Audit - Data Quest
Microsoft at No. 1 Spot In Customer Satisfaction Audit - Data QuestMicrosoft at No. 1 Spot In Customer Satisfaction Audit - Data Quest
Microsoft at No. 1 Spot In Customer Satisfaction Audit - Data QuestMicrosoft Private Cloud
 
Cloud Computing Myth Busters - Know the Cloud
Cloud Computing Myth Busters - Know the CloudCloud Computing Myth Busters - Know the Cloud
Cloud Computing Myth Busters - Know the CloudMicrosoft Private Cloud
 
Economics of the Cloud - A Report Based On CFO Survey
Economics of the Cloud - A Report Based On CFO SurveyEconomics of the Cloud - A Report Based On CFO Survey
Economics of the Cloud - A Report Based On CFO SurveyMicrosoft Private Cloud
 
Assess The Economics Of The Cloud By Using In Depth Modeling
Assess The Economics Of The Cloud By Using In Depth ModelingAssess The Economics Of The Cloud By Using In Depth Modeling
Assess The Economics Of The Cloud By Using In Depth ModelingMicrosoft Private Cloud
 
TicTacTi Advertising Improves by 400% by Adopting to Cloud Computing Case Study
TicTacTi Advertising Improves by 400% by Adopting to Cloud Computing Case StudyTicTacTi Advertising Improves by 400% by Adopting to Cloud Computing Case Study
TicTacTi Advertising Improves by 400% by Adopting to Cloud Computing Case StudyMicrosoft Private Cloud
 
REEDS Jeweller Moves to Online Services to Boost Productivity and Cut Costs b...
REEDS Jeweller Moves to Online Services to Boost Productivity and Cut Costs b...REEDS Jeweller Moves to Online Services to Boost Productivity and Cut Costs b...
REEDS Jeweller Moves to Online Services to Boost Productivity and Cut Costs b...Microsoft Private Cloud
 
Godiva Chocolatier Saves $250,000 Annually by Moving Email to Cloud Case Study
Godiva Chocolatier Saves $250,000 Annually by Moving Email to Cloud Case StudyGodiva Chocolatier Saves $250,000 Annually by Moving Email to Cloud Case Study
Godiva Chocolatier Saves $250,000 Annually by Moving Email to Cloud Case StudyMicrosoft Private Cloud
 
Aviva Insurance Enhanced its Global Communication and Collaboration with Micr...
Aviva Insurance Enhanced its Global Communication and Collaboration with Micr...Aviva Insurance Enhanced its Global Communication and Collaboration with Micr...
Aviva Insurance Enhanced its Global Communication and Collaboration with Micr...Microsoft Private Cloud
 
Microsoft Windows Server 2008 R2 - Upgrading from Windows 2000 to Server 2008...
Microsoft Windows Server 2008 R2 - Upgrading from Windows 2000 to Server 2008...Microsoft Windows Server 2008 R2 - Upgrading from Windows 2000 to Server 2008...
Microsoft Windows Server 2008 R2 - Upgrading from Windows 2000 to Server 2008...Microsoft Private Cloud
 
Simplify Your IT Management with Microsoft SharePoint Online: Whitepaper
Simplify Your IT Management with Microsoft SharePoint Online: WhitepaperSimplify Your IT Management with Microsoft SharePoint Online: Whitepaper
Simplify Your IT Management with Microsoft SharePoint Online: WhitepaperMicrosoft Private Cloud
 
Engage Customers through Real Time Meetings with Microsoft Office Live Meetin...
Engage Customers through Real Time Meetings with Microsoft Office Live Meetin...Engage Customers through Real Time Meetings with Microsoft Office Live Meetin...
Engage Customers through Real Time Meetings with Microsoft Office Live Meetin...Microsoft Private Cloud
 
Get Instant Messaging and Presence Functionality with Microsoft Office Commun...
Get Instant Messaging and Presence Functionality with Microsoft Office Commun...Get Instant Messaging and Presence Functionality with Microsoft Office Commun...
Get Instant Messaging and Presence Functionality with Microsoft Office Commun...Microsoft Private Cloud
 
Deployment Guide for Business Productivity Online Standard Suite: Whitepaper
Deployment Guide for Business Productivity Online Standard Suite: WhitepaperDeployment Guide for Business Productivity Online Standard Suite: Whitepaper
Deployment Guide for Business Productivity Online Standard Suite: WhitepaperMicrosoft Private Cloud
 
Communicate Easily with Others in Different Locations with Microsoft Office C...
Communicate Easily with Others in Different Locations with Microsoft Office C...Communicate Easily with Others in Different Locations with Microsoft Office C...
Communicate Easily with Others in Different Locations with Microsoft Office C...Microsoft Private Cloud
 
Introduction to Microsoft SharePoint Online Capabilities, Security, Deploymen...
Introduction to Microsoft SharePoint Online Capabilities, Security, Deploymen...Introduction to Microsoft SharePoint Online Capabilities, Security, Deploymen...
Introduction to Microsoft SharePoint Online Capabilities, Security, Deploymen...Microsoft Private Cloud
 
Cloud Based Communications Solutions from Microsoft
Cloud Based Communications Solutions from MicrosoftCloud Based Communications Solutions from Microsoft
Cloud Based Communications Solutions from MicrosoftMicrosoft Private Cloud
 
Reduce Capital & Operational Expenses with Business Productivity Online Suite
Reduce Capital & Operational Expenses with Business Productivity Online SuiteReduce Capital & Operational Expenses with Business Productivity Online Suite
Reduce Capital & Operational Expenses with Business Productivity Online SuiteMicrosoft Private Cloud
 

Mehr von Microsoft Private Cloud (20)

Hyper-V improves appliance manufacturer’s productivity
Hyper-V improves appliance manufacturer’s productivityHyper-V improves appliance manufacturer’s productivity
Hyper-V improves appliance manufacturer’s productivity
 
AcXess saves U.S.$5 million in hardware with Hyper V
AcXess saves U.S.$5 million in hardware with Hyper VAcXess saves U.S.$5 million in hardware with Hyper V
AcXess saves U.S.$5 million in hardware with Hyper V
 
Microsoft at No. 1 Spot In Customer Satisfaction Audit - Data Quest
Microsoft at No. 1 Spot In Customer Satisfaction Audit - Data QuestMicrosoft at No. 1 Spot In Customer Satisfaction Audit - Data Quest
Microsoft at No. 1 Spot In Customer Satisfaction Audit - Data Quest
 
Cloud Computing Myth Busters - Know the Cloud
Cloud Computing Myth Busters - Know the CloudCloud Computing Myth Busters - Know the Cloud
Cloud Computing Myth Busters - Know the Cloud
 
Economics of the Cloud - A Report Based On CFO Survey
Economics of the Cloud - A Report Based On CFO SurveyEconomics of the Cloud - A Report Based On CFO Survey
Economics of the Cloud - A Report Based On CFO Survey
 
Assess The Economics Of The Cloud By Using In Depth Modeling
Assess The Economics Of The Cloud By Using In Depth ModelingAssess The Economics Of The Cloud By Using In Depth Modeling
Assess The Economics Of The Cloud By Using In Depth Modeling
 
A Guide To Finding Your Cloud Power
A Guide To Finding Your Cloud PowerA Guide To Finding Your Cloud Power
A Guide To Finding Your Cloud Power
 
TicTacTi Advertising Improves by 400% by Adopting to Cloud Computing Case Study
TicTacTi Advertising Improves by 400% by Adopting to Cloud Computing Case StudyTicTacTi Advertising Improves by 400% by Adopting to Cloud Computing Case Study
TicTacTi Advertising Improves by 400% by Adopting to Cloud Computing Case Study
 
REEDS Jeweller Moves to Online Services to Boost Productivity and Cut Costs b...
REEDS Jeweller Moves to Online Services to Boost Productivity and Cut Costs b...REEDS Jeweller Moves to Online Services to Boost Productivity and Cut Costs b...
REEDS Jeweller Moves to Online Services to Boost Productivity and Cut Costs b...
 
Godiva Chocolatier Saves $250,000 Annually by Moving Email to Cloud Case Study
Godiva Chocolatier Saves $250,000 Annually by Moving Email to Cloud Case StudyGodiva Chocolatier Saves $250,000 Annually by Moving Email to Cloud Case Study
Godiva Chocolatier Saves $250,000 Annually by Moving Email to Cloud Case Study
 
Aviva Insurance Enhanced its Global Communication and Collaboration with Micr...
Aviva Insurance Enhanced its Global Communication and Collaboration with Micr...Aviva Insurance Enhanced its Global Communication and Collaboration with Micr...
Aviva Insurance Enhanced its Global Communication and Collaboration with Micr...
 
Microsoft Windows Server 2008 R2 - Upgrading from Windows 2000 to Server 2008...
Microsoft Windows Server 2008 R2 - Upgrading from Windows 2000 to Server 2008...Microsoft Windows Server 2008 R2 - Upgrading from Windows 2000 to Server 2008...
Microsoft Windows Server 2008 R2 - Upgrading from Windows 2000 to Server 2008...
 
Simplify Your IT Management with Microsoft SharePoint Online: Whitepaper
Simplify Your IT Management with Microsoft SharePoint Online: WhitepaperSimplify Your IT Management with Microsoft SharePoint Online: Whitepaper
Simplify Your IT Management with Microsoft SharePoint Online: Whitepaper
 
Engage Customers through Real Time Meetings with Microsoft Office Live Meetin...
Engage Customers through Real Time Meetings with Microsoft Office Live Meetin...Engage Customers through Real Time Meetings with Microsoft Office Live Meetin...
Engage Customers through Real Time Meetings with Microsoft Office Live Meetin...
 
Get Instant Messaging and Presence Functionality with Microsoft Office Commun...
Get Instant Messaging and Presence Functionality with Microsoft Office Commun...Get Instant Messaging and Presence Functionality with Microsoft Office Commun...
Get Instant Messaging and Presence Functionality with Microsoft Office Commun...
 
Deployment Guide for Business Productivity Online Standard Suite: Whitepaper
Deployment Guide for Business Productivity Online Standard Suite: WhitepaperDeployment Guide for Business Productivity Online Standard Suite: Whitepaper
Deployment Guide for Business Productivity Online Standard Suite: Whitepaper
 
Communicate Easily with Others in Different Locations with Microsoft Office C...
Communicate Easily with Others in Different Locations with Microsoft Office C...Communicate Easily with Others in Different Locations with Microsoft Office C...
Communicate Easily with Others in Different Locations with Microsoft Office C...
 
Introduction to Microsoft SharePoint Online Capabilities, Security, Deploymen...
Introduction to Microsoft SharePoint Online Capabilities, Security, Deploymen...Introduction to Microsoft SharePoint Online Capabilities, Security, Deploymen...
Introduction to Microsoft SharePoint Online Capabilities, Security, Deploymen...
 
Cloud Based Communications Solutions from Microsoft
Cloud Based Communications Solutions from MicrosoftCloud Based Communications Solutions from Microsoft
Cloud Based Communications Solutions from Microsoft
 
Reduce Capital & Operational Expenses with Business Productivity Online Suite
Reduce Capital & Operational Expenses with Business Productivity Online SuiteReduce Capital & Operational Expenses with Business Productivity Online Suite
Reduce Capital & Operational Expenses with Business Productivity Online Suite
 

Kürzlich hochgeladen

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 

Kürzlich hochgeladen (20)

Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 

Microsoft India - Security and Data Loss Protection Case Study

  • 1. Microsoft IT Customer Solution Case Study Microsoft IT Strengthens Security with Data Loss Prevention Solution Overview “With the RSA DLP Suite and Active Country or Region: United States Industry: IT services Directory Rights Management Services, we know where the sensitive information Customer Profile The Microsoft® IT division is, and we can automatically apply specific supports the daily computing operations of Microsoft safeguards just to the files that need Corporation, which is To safeguard data stored in and transmitted from headquartered in Redmond, Washington. Microsoft® offices and portable devices around the world, the Microsoft IT Security team used the Business Situation Microsoft relied on content Active Directory® service to manage data-access owners to adjust access and rights and early versions of RSA® Data Loss classification settings for sensitive data in file shares and Prevention (DLP) products to locate sensitive on SharePoint® sites; data on data. This solution required IT staff to create and users’ computers was vulnerable to security breaches. maintain custom classification systems and then manually notify content owners to update their Solution Microsoft used its Active file-access and classification rules. Microsoft IT Directory® Rights Management Security upgraded to Active Directory Rights Services and the RSA® Data Loss Prevention Suite from EMC Management Services in the Windows Server® Corporation to automatically 2008 operating system, as well as version 7 of apply persistent access rights to data according to its DLP Datacenter. Now, Microsoft can sensitivity level. automatically apply targeted and persistent Benefits protection according to industry best practices for • Automated process improved regulatory compliance, freeing up IT • Persistent protection • Easier, less costly time and lowering the risk of a security breach. compliance • Tighter information security • Freed IT time
  • 2.
  • 3. Situation Microsoft® IT Operations is part of Classifying sensitive data is the greater Information Security complex, as a range of corporate organization at Microsoft and industry regulations govern Corporation. Its Microsoft IT its protection, such as Personally Security team is responsible for Identifiable Information (PII) and testing and deploying security Intellectual Property (IP). solutions that protect the entire Microsoft takes these into company’s data. The data to be account, along with internal safeguarded includes financial, corporate policies and legal personnel, and marketing requirements. Once at-risk data information, which is stored on has been identified, it must be and transferred among hundreds physically located, and content of thousands of personal owners must help classify its computers, servers, file shares, sensitivity as being low, medium, Storage Area Networks, and or high business impact (HBI) to Microsoft Office SharePoint® help ensure the proper level of Server sites. protection. Whereas less-sensitive data can The Data-Protection Challenge be adequately protected by The challenge is huge. With limiting users’ access, HBI data information residing in more often requires encryption in order places, such as mobile devices, to best meet regulatory and with employees, partners, standards. The challenge is customers, and vendors working finding a way to efficiently apply from home, the office, and the encryption just to selected field, enterprises face growing content, keeping in mind how it risks of inadvertent or malicious will be used and who will need to data leaks. For example, whether access it; applying encryption too intentionally or accidentally, broadly can be prohibitively sensitive information might be expensive in terms of dollars, IT sent as an attachment to an e- time, and lost productivity due to mail message or transmitted access issues and identity and outside the firewall via File key management. Transfer Protocol and could be intercepted. Furthermore, simply The Original Solution transmitting sensitive data In 2006, Microsoft IT Security outside the organization can addressed information security by breach regulatory compliance using two Data Loss Prevention guidelines. “Loss of sensitive (DLP) products from RSA, the data is an operational risk for security division of EMC Microsoft,” says Olav Opedal, Corporation. With RSA® DLP Senior Program Manager for Datacenter Enterprise 3.2, Microsoft IT Security. Microsoft IT Security could
  • 4. “If we have an discover and apply safeguards to and used Active Directory to sensitive data at rest—that is, validate user access and access external or internal information residing in data rules. Microsoft IT Security repositories. In 2008, using DLP scanned for sensitive data using threat, our Network 6.0, the team could the RSA DLP products and then information is monitor and enforce information- manually notified the content security and regulatory- owners in cases when they protected with requirement classification policies should update the Active on data in motion—that is, Directory access control lists Active Directory information leaving the Microsoft (ACLs) or other classification Rights network. rules that controlled users’ data- access rights. Or, Microsoft IT Management To manage user-identity and Security sent notifications to the data-access rights, Microsoft IT end users and, in some cases, Services.” Security also used the Active handled the updates itself. Olav Opedal, Senior Program Directory® directory service, part Manager, Microsoft IT Security of the Windows Server® 2003 To increase efficiency and operating system. With Active compliance with information- Directory object user security policies, Microsoft IT authorization, the type of access Security wanted to further granted to objects (such as automate the solution—especially servers and shared volumes) is by automatically and selectively determined by the rights that are encrypting specific types of data, assigned to the user and which such as HBI documents, instead permissions are attached to the of relying on content owners to objects. An object is a set of adjust their ACLs and attributes that can include shared classification rules to restrict resources, such as printers; access. network user and computer accounts; and domains, Microsoft IT Security also wanted applications, and services. to better protect unencrypted documents. For example, users This solution required Microsoft IT who had general file-access Security to build and maintain rights to open and read a classification systems for file Microsoft Office Word document shares and SharePoint sites saved on their own storage around the company. Content device could forward that owners then classified their document outside of Microsoft, shares and sites based on the where they no longer had control types of documents stored in over it. If these users left them. Depending on the Microsoft, they would continue to classification the owners chose, have access to that document. Microsoft IT Security applied To improve the solution, Microsoft safeguards to those locations
  • 5. IT Security needed more The Microsoft IT team that advanced technology. manages Active Directory Rights Management Services simply creates Rights Management Solution Services templates that should be In December 2008, the used to protect particular types technology needed to solve these of sensitive data (Figure 1). The problems became available when templates specify which users RSA integrated its DLP products should have access to the data with Active Directory Rights and the level of access through Management Services. With the rights, such as view, edit, and addition of Rights Management print. Then Microsoft IT Security Services, Microsoft IT Security designs RSA DLP policies for can protect sensitive information finding sensitive data of that type, to specific users according to a and the new solution predefined set of rights—such as automatically applies the Rights the rights to view, edit, or print Management Services template documents—that are applied to the data at rest wherever it automatically. Rights resides in the enterprise. The Management Services is part of solution also sends notifications the Windows Server 2008 to content owners, who no longer operating system, which need to update their ACLs or Microsoft upgraded to in early classifications manually. To 2008. ensure that encryption is not applied too broadly, Microsoft IT Rights Management Services Security chose a Rights helps safeguard digital Management Services template information from unauthorized that allows users to collaborate use, both online and offline, inside on and copy protected content. and outside the firewall, by But if the content extends outside identifying which files should have of the organization, it is persistent usage policies and safeguarded with Rights rights management applied to Management Services protection them, and which ones should also and cannot be opened, viewed, be encrypted. With persistent edited, or copied, as the content protection from Rights can only be opened by current Management Services, these Microsoft employees. safeguards are part of the data itself. This means that no matter where the data resides, it carries the permissions and restrictions with it.
  • 6. Figure 1. The five-step process for protecting HBI documents For Windows Server 2008 R2, instead of requiring content on files with joint DLP and Microsoft IT Security uses the File owners to classify entire file Active Directory Rights Classification Infrastructure (FCI) shares. Management Services to classify HBI files residing on a The Microsoft IT Security team file server. When used in worked with stakeholders across conjunction with the File Server the company to shape the new Resource Manager feature in solution. The stakeholders include Windows Server 2008 R2, IT staff teams from File Share can get insight into the Operations, Active Directory distribution of HBI data, automate Rights Management Services, the enforcement of document and other Collaboration Services retention policies, and apply user groups; various technical-support rights and encryption according tiers; and Microsoft Legal and to classification—all as part of the business-review groups. operating system. With the Stakeholder participation was addition of the Active Directory important because applying Rights Management Services Rights Management Services to Bulk Protection Tool, which will be documents would affect released in late 2009, Microsoft production server service levels IT Security can fully automate the and other aspects of the IT identification, monitoring, and infrastructure. Says Opedal, “We remediation of HBI data on file wanted to ensure that servers on a per-file basis— infrastructure, operations, and
  • 7. “By building these technical support teams would be can also apply targeted ready, so service levels would encryption and other safeguards technologies into stay high. And, without feedback automatically. This automation and buy-in from stakeholders who has freed up IT resources, and the infrastructure, are willing to classify data, the Microsoft reports fewer data we’re creating a technology cannot discover the leaks. data as effectively.” solution with fewer Automated Process, Persistent Protection Microsoft IT Security is also The integration of Rights tools to buy, taking steps to help safeguard Management Services and RSA deploy, and data that falls outside the existing DLP reduces cost and increases rules and definitions it has efficiency. Microsoft IT Security manage. That’s programmed into RSA DLP can use the solution to centrally products. “Due to the complex apply targeted and persistent comprehensive nature of information—for rights, access policies, and security that’s example, intellectual property— safeguards to data based on there’s more sensitive data than sensitivity level, without the need built-in, not added we have written rules for to manually notify content owners identifying,” says Opedal. “But, or end users. Wherever sensitive we can assume that if data is data at rest resides—on personal stored in a highly sensitive site computers, servers, databases, that that data is also highly applications, and more—and sensitive.” The team is starting wherever it goes, those to use the new solution, including permissions stay with it. the Bulk Protection Tool, to address this situation. With the Opedal says, “We get automatic, addition of this tool, the team can persistent, and targeted fully automate identification, protection of sensitive information monitoring, and remediation of as the solution scans for it. If we HBI data on file servers on a per- have an external or internal file basis, for targeted encryption threat, our information is and rights management. protected with Active Directory Rights Management Services. Now, we can automatically detect Benefits sensitive information and apply In just six months, Microsoft IT safeguards, and the system Security implemented an end-to- notifies the owner that no further end information-security solution action is necessary. Thanks to and has scanned one-third of the the Active Directory Rights company’s file environment. The Management Services Bulk solution applies persistent Protection Tool and the new FCI safeguards according to data capabilities in Windows Server sensitivity level for easier and 2008 R2, content owners no less-costly compliance. The team longer have to classify their file
  • 8. shares or manually encrypt their HBI documents.” Automation also reduces the risk of content owners not applying policies properly. Easier, Less Costly Compliance Microsoft can help safeguard its important information by applying controls based on data sensitivity, for targeted protection. Microsoft employees can stay compliant automatically with data handling standards that call for encryption of HBI documents—without the expense of applying encryption too broadly. This is important, as Microsoft has many terabytes of stored data. Says Opedal, “If we were to encrypt all that data, the cost would outweigh the benefits. With the RSA DLP Suite and Active Directory Rights Management Services, we know where the sensitive information is, and we can automatically apply specific safeguards just to the files that need them.” Tighter, More Efficient Information Security Microsoft IT Security has scanned millions of documents using the new solution and has encrypted thousands of them. Opedal expects to encrypt tens of thousands of additional documents by the time Microsoft IT Security has finished running the Active Directory Rights Management Services Bulk Protection Tool.
  • 9. For More Information Freed IT Time Microsoft Server Product For more information about With automation, Microsoft IT Portfolio Microsoft products and Security has freed up one half of For more information about the services, call the Microsoft one developer’s time from Microsoft server product Sales Information Center at creating and maintaining portfolio, go to: (800) 426-9400. In Canada, call classification systems for file www.microsoft.com/servers/defa the Microsoft Canada shares. “That is developer time ult.mspx Information Centre at (877) that we can use for other 568-2495. Customers in the projects,” says Opedal. “We United States and Canada who expect to get the same time are deaf or hard-of-hearing can savings from our SharePoint sites reach Microsoft text telephone too, once we deploy the next (TTY/TDD) services at (800) version of Office SharePoint 892-5234. Outside the 50 Server.” United States and Canada, please contact your local Future Plans Microsoft subsidiary. To access In the long term, Microsoft will information using the World build the RSA Data Loss Wide Web, go to: Prevention classification www.microsoft.com technology into the Microsoft platform and future information For more information about protection products. The resulting Microsoft IT products and collaboration is designed to services, call (800) 426-9400 enable organizations to centrally or visit the Web site at: define information security policy, www.microsoft.com automatically identify and classify sensitive data virtually anywhere in the infrastructure, and use a range of controls to protect data at the endpoints, network, and data center. “By building these technologies into the Microsoft platform,” says Opedal, “we’re creating a solution with fewer tools to buy, deploy, and manage. That’s comprehensive security that’s built-in, not added on.” Software and Services • Technologies • Microsoft Server Product • Active Directory Rights Portfolio Management Services • Windows Server 2008 R2 This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Document published September 2009