Overview of Compliance in SharePoint, Exchange, and Office 365

3. Why Compliance Legal and Regulatory requirements Organizational governance Internal and external threats Today’s Challenges Duplicate storage Add-ons for users Complex experience The Asks Lower the cost One experience Easier to manage Leave the end user alone Content Lifecycle Compliance

4. Empower the User Enable the Compliance Officer In Place and Extensible Easy for IT Outlook, Word, PowerPoint, SharePoint, Mobile Apps Exchange, SharePoint, Lync, AD, File Server, third parties Exchange, SharePoint, Lync Administration Exchange, SharePoint, Windows

5. Build compliance into the applications Index or Ingest to extend Unify compliance experience and configuration across the suite Bloomberg Immutable SharePoint Immutable Exchange Lync 3rd Party Archives … Exchange SharePoint Others Archive eDiscovery and Compliance Traditional Compliance Compliance In-Place Compliance Strategy

6. Enable Compliance Officers New Compliance Center

7. Store data for business and compliance needs Exchange In-Place Archive SharePoint Records Center Outlook OWA Retain folder hierarchy

8. Reduce risk by deleting data with policy Exchange Deletion Policies SharePoint Document Deletion Policies

9. Preserve important data Exchange Preservation SharePoint Preservation

10. Protect data with encryption IRM (RMS) Prevents sensitive information from being printed, forwarded, or copied by unauthorized people inside the organization S/MIME Sign and encrypt messages to users using certificates Office 365 Message Encryption Encrypt messages to any SMTP address

11. Data Loss Prevention identify monitor protect

12. Data Loss Prevention Content analysis Get Content Regex Analysis Function Analysis Additional Evidence Verdict Policy Tips Outlook and OWA Document Fingerprinting Protect intellectual property like patents, company confidential information, and other standardized form content

13.

14. Identify and Preserve Search and Process Review Produce eDiscovery Process

15. Discover and preserve with eDiscovery

16. Investigate and prove with auditing Exchange Auditing SharePoint Auditing

17. Content Lifecycle Compliance

18. Empower the User Enable the Compliance Officer In Place and Extensible Easy for IT Outlook, Word, PowerPoint, SharePoint, Mobile Apps Exchange, SharePoint, Lync, AD, File Server, third parties Exchange, SharePoint, Lync Administration Exchange, SharePoint, Windows

Hinweis der Redaktion

Welcome! This is an overview of the many compliance features in SharePoint and across Office 365. All of the features we will talk about are (or will be) available in both Office 365 as well as the on-premises versions of the SharePoint, Exchange and Lync. This is not about compliance or security processes, but the compliance features which you can use to manage the data in your own organizations. We will recap existing features as well as introduce new features.
Empower the Users Help them comply; Don’t get in their way Enable the Compliance Officer: Full featured Compliance; Scoped, restricted access; Efficient engagement with IT Easy for IT: In-Place and Extensible: Fidelity, Freshness and Immutability; Low cost; Index, Ingest and customize
Issues with traditional compliance: Third party components installed on Messaging and File Servers Separate servers/stores to store the data and provide compliance Client side plugins for end user compliance experiences Our solution: Compliance built into Exchange and SharePoint in the cloud or on-premises Index or ingest data into Message and File Archives Will allow third party components, not require them
I think the compliance center does the following:1. Unifies management making it easier for compliance officers and Admins2. Takes compliance administration out if the workload enabling you to enforce, delegate and evaluate compliance without impact on or interference by the workload Overview of Compliance Center – Show how SharePoint has been improved by the addition of direct links to Site Collections for Auditing and Encryption
The term archive can mean different things – Archiving is typically a term which covers moving data to a separate arhive then applying compliance features like retention and preservation (or hold policies). Here we talk about three compliance features – the In-Place Archive, retention or delete policies and preservation. Exchange: An integrated In-Place Archive enables users to save time by managing their archive as they do their mailbox. SharePoint: The Records Center is intended to serve as a central repository in which an organization can store and manage all of its records.
Explain Retention = Deletion. Exchange retention policies consist of a number of tags which can be automatically assigned to the mailbox, or choices can be given to the user to select from a set of “personal tags”. SharePoint has retention policies through the records center, content type policies and site policies. But the new feature here is the document deletion policies. Similar to Exchange, they are designed to provide deletion policies for unstructured data like OneDrive for Business – there is a session tomorrow SPC267 (what’s new with retention in Sharepoint and SD Pro) to explain these.
In-Place Hold: Content stays in Exchange and SharePoint; Hold entire mailboxes, SharePoint sites, or apply a query; No impact to users Exchange preservation: Includes Lync Information as well. SharePoint: Explain the difference between the SharePoint Records Hold – which locks the document, and the new In-Place Hold which is set from the ediscovery center, Hold Policy Center or Unified Hold.
When data is sensitive it needs to be protected … Information Rights Management – Encrypt content and restrict usage; usually within own organization or trusted partners Internal company confidential memo Office 365 Message Encryption – Encrypt messages to any SMTP address Personal account statement from a financial institution S/MIME – Sign and encrypt messages to users using certificates Peer to peer signed communication within a government agency
How do you identify the sensitive information in your organization …. Using DLP. Key theme, I, M, P Easy, you will see it in demos Remember, DLP is not for bad users, it is for good users, who either don’t know what they are doing is good or bad.
Out of the box classification rules work to detect common types of sensitive data – covers multiple entity and geographies. Policy engine Well defined entities (ex: CC#, SSN) Probabilistic techniques for fuzzy matches (ex: SOX, medical terms) Get Content RegEx Analysis - 4485 3647 3952 7352  a 16 digit number is detected Function Analysis - 4485 3647 3952 7352  matches checksum; 1234 1234 1234 1234  does NOT match Additional Evidence - Keyword Visa is near the number; A regular expression for date (2/2015) is near the number Custom classification rules Fingerprinting for org documents that share common characteristics (ex: 1040 form) Custom regex and keyword matches Office document meta-data
We are continuously expanding DLP across other workloads. Remind audience of the demo they saw in the keynote. As part of continued efforts, users will continue to see deeper DLP enhancements in SP. This will be a staged release with following features. We DO NOT communicate any timeline. We vaguely address the following to give a sense of direction we are heading into. Admins can Discover sensitive content in SharePoint sites Admins can Discover and Apply policy to sensitive content in SharePoint sites support tuning & Custom classification Policy Tips in SharePoint
EDiscovery is about finding your data Concerned about the cloud …. Data center operations auditing for exchange SharePoint Online introduces View Only auditing
Lower cost; Single experience across the products; In-Place means that the data has full Fidelity and is always up to date The compliance center Unifies management making it easier for compliance officers and Admins. The next step is to unified the compliance process themselves -- Take compliance administration out of the workload enabling you to enforce, delegate and evaluate compliance without impact on or interference by the workload. The first part of this that we are releasing is a Unified In0Place Hold policy experience – let’s take a look at it.
Empower the Users Help them comply; Don’t get in their way Enable the Compliance Officer: Full featured Compliance; Scoped, restricted access; Efficient engagement with IT Easy for IT: In-Place and Extensible: Fidelity, Freshness and Immutability; Low cost; Index, Ingest and customize

Overview of Compliance in SharePoint, Exchange, and Office 365

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Overview of Compliance in SharePoint, Exchange, and Office 365

Ähnlich wie Overview of Compliance in SharePoint, Exchange, and Office 365 (20)

Mehr von Quentin Christensen

Mehr von Quentin Christensen (12)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Overview of Compliance in SharePoint, Exchange, and Office 365

Hinweis der Redaktion