Data governance in Office 365
Die SlideShare-Präsentation wird heruntergeladen.
×
Hier ansehen
Empfohlen
Weitere Verwandte Inhalte
Diashows für Sie (20)
Ähnlich wie Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Paolo Pialorsi (20)
Weitere von Rencore (11)
Aktuellste (20)
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Paolo Pialorsi
- 1. w: rencore.com | e: info@rencore.com | t: @rencoreab Manage Customization Risk and Save on Maintenance Costs! Customization governance, transformation and risk prevention for SharePoint & Office365 Understanding EU GDPR from an Office 365 perspective October 24th, 2017
- 2. rencore.com Our Guest: Erwin van Hunen Microsoft MVP, MCM SharePoint PnP Core Team Product Owner - Transformation Your Host: Paolo Pialorsi Microsoft MVP, MCSM SharePoint PnP Core Team Founder & CEO of PiaSys
- 3. rencore.com Q&A Please use the Q&A functionality in Zoom instead of chat. We will pick up some questions at the end and answer the others in the follow-up email. FAQ: Recording of this webinar? Yes, the session is recorded and you will get the recording later today.
- 4. http://www.piasys.com/ Understanding EU GDPR from an Office 365 perspective Paolo Pialorsi - @PaoloPia Senior Consultant – PiaSys.com
- 5. http://www.piasys.com/ Agenda Why GDPR compliancy matters? From an IT perspective Office 365 and GDPR GDPR Activity Hub
- 6. http://www.piasys.com/ Why GDPR compliancy matters?
- 7. http://www.piasys.com/ What is GDPR? GDPR = General Data Protection Regulation Regulation (EU) 2016/679 It will go LIVE on May 25, 2018 It’s a regulation not a directive Regulation: Immediately applicable and enforceable by law in all Member States Directive: needs to be transposed into national law by Member States Scope: protection of data for all individuals in the EU
- 8. http://www.piasys.com/ I’m outside EU, does it matter for me? Yes it does! If you process, hold, store, manage personal data of any EU resident … … you need to be compliant with GDPR! Regardless where you are and where your business is located!
- 9. http://www.piasys.com/ Common definitions Data Subject: an identified or identifiable natural person Personal Data: any information relating to a Data Subject Processing: any operation or set of operations which is performed on Personal Data or on sets of Personal Data
- 10. http://www.piasys.com/ GDPR Roles Data Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data Data Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller Data Protection Officer: provides guidance on the implementation of appropriate measures and on the demonstration of compliance
- 11. http://www.piasys.com/ Key changes under GDPR Personal Privacy •Individuals have the right to: •Access their personal data •Correct errors in their personal data •Erase their personal data •Object to processing of their personal data •Export personal data Controls and notifications •Organizations will need to: • Protect personal data using appropriate security • Notify authorities of personal data breaches • Obtain appropriate consents for processing data • Keep records detailing data processing Transparent policies •Organizations are required to: • Provide clear notice of data collection • Outline processing purposes and use cases • Define data retention and deletion policies IT and training •Organizations will need to: • Train privacy personnel and employees • Audit and update data policies • Employ a Data Protection Officer (if required) • Create and manage compliant vendor contracts
- 12. http://www.piasys.com/ Some IT requirements You need to keep track of events like: Data Breaches Data Consent Data Consent Withdrawal Identity Risks/Theft Data Processing Data Archived You need to collect requests for: Data Access Data Correction Data Export Data Processing Objection Data Erase
- 13. http://www.piasys.com/ Just to make an example … As soon as the controller becomes aware that a personal data breach has occurred, the controller should notify the personal data breach to the supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it A supervisor authority can be a data protection authority (DPA) Thus, you will need a workflow process for Data Breaches!
- 14. http://www.piasys.com/ Office 365 and GDPR
- 15. http://www.piasys.com/ In February 2017, Microsoft announced that its cloud services will comply with GDPR by May 25, 2018
- 16. http://www.piasys.com/ Main capabilities of Office 365 for GDPR compliancy • Tooling • Office 365 Secure Score • Data Loss Prevention (DLP) • Office 365 eDiscovery • Customer Lockbox • Monitoring & Logging • Advanced Threat Protection • Threat Intelligence • Cloud App Security • Office 365 Unified Audit Logs • Governance • Advanced Data Governance (ADG) • SharePoint Online Site Classification • Reporting • Security & Compliance Reports • Risk & Compliance Dashboard
- 17. http://www.piasys.com/ Office 365 Secure Score Accessible to all admins Based on the services you are using Compares your services settings with a baseline provided by Microsoft Gives you an “actions” queue to accomplish to improve your score Provides detailed instructions about what to do Whatever will be your score … … there is no guarantee that you will not be breached …
- 18. http://www.piasys.com/ Demo Office 365 Secure Score
- 19. http://www.piasys.com/ Data Loss Prevention Enable you to identify sensitive/personal data as it travels through Exchange Online, SharePoint Online, and OneDrive for Business You can use it to Identify sensitive information across many locations (SharePoint Online, Exchange Online, OneDrive for Business) Prevent accidental sharing of such sensitive information Monitor and protect from sharing sensitive data inside client applications Excel 2016, Word 2016, PowerPoint 2016 Help user stay compliant Collect data and view DLP reports about content matching policies
- 20. http://www.piasys.com/ Anatomy of DLP Policies Locations: SPO, EXO,OD4B Rules One or more for each policy Conditions and Actions Conditions Content: Classification Labels / Sensitive Information Types Context: inside/outside tenant Actions Restrict access to content
- 21. http://www.piasys.com/
- 22. http://www.piasys.com/ DLP Reporting Various reports available out of the box Top DLP policy matches for mail Top DLP rule matches for mail DLP policy matches by severity for mail DLP policy matches, overrides, and false positives for mail
- 23. http://www.piasys.com/ Demo Data Loss Prevention (DLP)
- 24. http://www.piasys.com/ Office 365 eDiscovery In-place eDiscovery for investigating cases and search for related content Provides hold, analyze, and export capabilities Targets almost every content in your organization Email Documents Skype for Business conversations Teams data Etc. Advanced eDiscovery leverages Machine learning Predictive coding Text analytics
- 25. http://www.piasys.com/ Customer Lockbox Ensures that Microsoft engineer does not get access to the customer’s content without customer’s explicit approval All access is obtained through a rigorous access control technology Administrators can approve or reject the request Customer Lockbox requests have a default lifetime of 12 hours You need Office 365 E5 or you have to buy the functionality separately
- 26. http://www.piasys.com/ Demo Customer Lockbox
- 27. http://www.piasys.com/ Advanced Threat Protection Cloud-based email filtering service Helps protect email against unknown, sophisticated malware attacks Main functionalities Anti-malware Safe links Safe attachments Spoof intelligence Quarantine Advanced anti-phishing capabilities DKIM (DomainKeys Identified Mail) Provides reach reporting and tracking
- 28. http://www.piasys.com/ Threat Intelligence Helps you proactively uncover and protect against advanced threats in Office 365 Office 365 Threat Intelligence monitors signals from sources User activity Authentication Email Compromised PCs Security incidents Provides tools like Threat dashboard Threat explorer Incidents Threat Intelligence Feeds Integration with Windows Defender
- 29. http://www.piasys.com/ Cloud App Security AKA “Advanced Security Management” Gives you insights into suspicious activity in Office 365 See how your organization's data in Office 365 is accessed and used Define policies that trigger alerts for atypical or suspicious activities Suspend user accounts exhibiting suspicious activity Require users to log back in to Office 365 apps after an alert has been triggered Lets you identify high-risk and abnormal usage
- 30. http://www.piasys.com/ Office 365 Unified Audit Logs Allows you to search logs for activities related to almost “everything” You can search by Target user(s) Date interval Files, Folders, Sites You can search online or you can export a CSV file for further analysis Provides information like Date, Client IP, User, Activity, Item, Details (JSON, depends on the service)
- 31. http://www.piasys.com/ Office 365 Unified Log Activities • Files • Folders • Sharing and Access Requests • Synchronizations • Site Administration • Exchange Mailboxes • Sway • User Administration • Azure AD Group Administration • Application Administration • Role Administration • Directory Administration • eDiscovery • Power BI • Microsoft Teams • Dynamic 365 • Microsoft Flow
- 32. http://www.piasys.com/ Demo Office 365 Unified Logs
- 33. http://www.piasys.com/ Advanced Data Governance (ADG) Machine learning help customers find and retain important data while eliminating trivial, redundant and obsolete data that could cause risk if compromised Provides capabilities like: Proactive policy recommendations and automatic data classifications that allow you take actions on data—such as retention and deletion—throughout its lifecycle System default alerts to identify data governance risks, such as “Unusual volume of file deletion,” as well as the ability to create custom alerts by specifying alert matching conditions and threshold The ability to apply compliance controls to on-premises data by intelligently filtering and migrating that data to Office 365
- 34. http://www.piasys.com/ SharePoint Online Site Classification Allows you to define site classification at Azure AD tenant level You need PowerShell to enable it While creating “modern” sites you can apply a classification Becomes a property (.Classification) of the Site Collection Can be used later on for governance purposes You can read it through CSOM, or REST You can use the Microsoft Graph for “modern” team sites, too
- 35. http://www.piasys.com/ Demo SharePoint Online Site Classification
- 36. http://www.piasys.com/ GDPR Activity Hub
- 37. http://www.piasys.com/ What is the GDPR Activity Hub? Reference solution for Partners and Customers Ready to go portal Open source, related to the SharePoint PnP Project https://github.com/SharePoint/sp-dev-gdpr-activity-hub Based on tools, techniques, and patterns promoted by PnP Allows easy management of GDPR tasks and phases Based on Office 365 and SharePoint Online Showcase of Microsoft technologies’ capabilities
- 38. http://www.piasys.com/ Involved Technologies SharePoint Online modern sites SharePoint Framework client-side web parts Office 365 Groups/Microsoft Teams Remote provisioning Power BI
- 39. http://www.piasys.com/ Main Functionalities GDPR Dashboard Data repository based on SharePoint Online Custom pages for data management Insert Request client-side web part Insert Event/Incident client-side web part Basic sample flows for tasks management Tasks Management client-side web part GDPR Hierarchy client-side web part General capabilities
- 40. http://www.piasys.com/ General Capabilities Automated setup and provisioning General documentation Customizable model Open for community contribution It’s open source!
- 41. http://www.piasys.com/ Demo Lap around GDPR Activity Hub
- 42. http://www.piasys.com/ Wrap up! Be prepared for GDPR Almost every business is impacted! Start the assessment of your IT infrastructure Think about moving to the cloud, if you are not there, yet … Give an eye to the GDPR Activity Hub Play with the FREE assessment tool: https://assets.microsoft.com/en-us/gdpr-detailed-assessment.zip Keep an eye on the GDPR section for Microsoft Partners http://aka.ms/gdprpartners
- 43. Governance and Risk Prevention for SharePoint Customizing SharePoint lets you tailor the platform right to your needs but it also opens up the potential for threats What SharePoint customizations can technically do: • Access your data • Process your data • Open the platform to external services • Open the platform to external users Rencore’s AnalysisCloud helps you to identify data at risk. rencore.com
- 44. Governance and Risk Prevention for SharePoint AnalysisCloud brings governance and risk prevention to SharePoint Online customizations. AnalysisCloud: • Discovers all customizations live in your SharePoint • Analyzes customizations for potential and actual threats • Continuously tracks and monitors existing and new Learn more about AnalysisCloud: https://try.rencore.cloud rencore.com
- 45. rencore.com Questions & Answers Feel free to post your questions in the Q&A section
- 46. rencore.com Thank you for attending! The webinar recording will be sent to you later today.
