We're currently living Part 1 of the Content Security Journey and now we've reached a critical juncture where technologies have evolved to support Part 2. Our journey to reach the Secure Productive Enterprise (SPE) includes understanding users, their roles, what devices they're working on, and how to protect that content at rest and flying across the network. Based on real-life use cases in the Aerospace & Defence and Life Sciences industries you will walk away with an understanding of the technologies available to you, and a clear way to communicate with business stakeholders.

1. History of
Content Security
Part II
Adam Levithan
14 octobre 2017
#SPSParis

2. Community Member
Since 2007
@collabadam
Adam Levithan
Senior Product Manager
Secure Collaboration
Copyright 2017 Exostar LLC | All Rights Reserved 3

3. Merci pour votre soutien

4. PART I

5. Copyright 2017 Exostar LLC | All Rights Reserved | Proprietary and Confidential 6
PART I

6. Copyright 2017 Exostar LLC | All Rights Reserved | Proprietary and Confidential 7
PART I I

7. Threat Landscape
82,000
cyber incidents impacting
global organizations1
225
organizations
impacted daily1
$4 million
lost per breach2

8. Threat Landscape

9. Customers are sharing more than ever

10. MALICIOUS
INSIDER
ACCIDENTAL
DATA EXPOSURE
MALICIOUS
OUTSIDER
59% 23% 14%
SOURCE OF BREACH DATA – 2013-2017 – breachlevelindex.com
How Do Data Leaks Happen?

11. Balancing end user and IT expectations

12. History of Security Part II
Know Your Users Track EverythingProtect Your Content

13. History of Security Part II
Know Your Users ClassifyTrack EverythingProtect Your Content
IDENTIFY ACCESS
?

14. Life Sciences Scenario – Authentication Explosion

15. Life Sciences Scenario – Single Sign On

16. On-premises /
Private cloud

17. Secure your organization’s identity
Require two-factor authentication
Prevents stolen credentials from accessing Office 365 resources
Enable on a per-person basis in the Office 365 admin center
Authenticate via SMS, phone call, certificate, or hardware token
Control Content Sharing
Prevents accidental data leakage
Enable at multiple levels, Tenant, Site Collection and Sites (coming soon)
Track policies are being followed through Security & Compliance Center & Powershell

18. Govern your organization’s access
Consider device-based conditional access
Require a healthy device in addition to a trusted identity
Limit functionality when an unmanaged device accesses SharePoint through the browser
Health determined via domain join status or Intune compliance
Force sign-out of idle sessions
Prevents accidental exposure on shared devices
Currently in preview, available for all customers in 2018
Evaluate the need for IP-based conditional access
Simulate restricted access model of an on-premises deployment
Restricts SharePoint access to specific client IP ranges that you configure

19. Limit risk of untrusted devices
Restrict sync to trusted devices
Prevent data from being stored locally on unmanaged devices
Policy allows sync to only devices joined to your domain
Safeguard data on mobile devices with Mobile Device Management
Limit exposure of data accessed via the OneDrive and SharePoint mobile apps
Disallow opening content in other apps, downloading files
Encrypt app data when device is locked, prevent app data from being backed up

20. History of Security Part II
ProtectProtect Your Content
CONTENT APPLICATIONNETWORKPHYSICAL
Know Your Users Track Everything

21. Things to Consider
Known Vulnerabilities
• Enable business apps
• Block “bad” apps
• Limit app functions
• Limit file types
• Block websites
• Exploits
• Malware
Unknown Vulnerabilities
• Detect Malicious websites
• Bad domains
• Stolen credentials
• Dynamic analysis
• Static analysis
• Attack techniques
• Anomaly detection
• Analytics

22. Physical and logical isolation
Limited datacenter access
Restricted to essential personnel only
Multiple factors of authentication including smart cards and biometrics
On-premise security officers, motion sensors, video surveillance
Intrusion detection alerts include anomalous activity by datacenter engineers
Isolated network and identity
Networks are isolated from the Microsoft corporate network
Administered with dedicated Active Directory domains
No domain trust outside of the service, no domain trust between test and production
Further partitioned into isolated domains for management and security

23. Protected in transit
Encrypted between client and service
TLS 1.2 with Perfect Forward Secrecy, 2048-bit key
TLS 1.0 is minimum supported protocol
Connection will negotiate the most secure protocol supported by your client
Only secure access is permitted
SharePoint Online requires HTTPS for all authenticated connections
HSTS header prevents HTTP downgrade on untrusted networks
Encrypted within the service
Customer content is always encrypted in transit between datacenters

24. Application security
Security Development Lifecycle
All engineers receive security training annually
Code review and static analysis required for every change
Microsoft Security Response Center
Dedicated team for vulnerability report assessment and response
Skilled engineers triage reports and evaluate mitigations
Online Services Bug Bounty
Incentivizes vulnerability hunting by external researchers
Researchers receive credit and financial reward when they disclose responsibly

25. Service Encryption
Application-level encryption
Service uses per-file keys to protect SharePoint content
Microsoft manages these keys
Service automatically creates them when a file is uploaded or edited
Microsoft can transparently roll them or upgrade them as needed
Defense-in-depth
Ensures separation between server admins, Azure admins, and customer content

26. Service Encryption with Customer Key
Customer Keys Tenant Intermediate Key Site Encryption Key File Chunk Keys

27. Content security
Volume encryption
BitLocker encryption protects drives where content is stored
Renders content unreadable if drive is removed from the server
Per-file encryption
Contents of each file encrypted with a unique key
Large files are stored in parts with a unique key per part
Encrypted contents, encryption keys, file part mapping are stored separately

28. DETECT
PROTECT
CLASSIFYMONITOR
MICROSOFT’S
INFORMATION
PROTECTION
TECHNOLOGIES
WINDOWS INFORMATION
PROTECTION
OFFICE 365 ADVANCED
SECURITY MANAGEMENT
MICROSOFT CLOUD APP
SECURITY
MESSAGE ENCRYPTION
CONDITIONAL ACCESS
OFFICE APPS
AZURE INFORMATION
PROTECTION
OFFICE 365 DLP
3rd PARTY DLP
OFFICE 365 ADVANCED
DATA GOVERNANCE
SHAREPOINT & GROUPS

29. Information Protection Labeling
A label is a simplified way for end-users to classify
& protect their content
Today, may require configuration in multiple places
& add-in for Office client apps
GOAL: Consistent & persistent labeling across
information protection solutions
COMING SOON Consistent label configuration
and application
COMING SOON Built-in native labeling
support for Office apps – Mac and web to start;
Windows, iOS & Android thereafter

30. Data Loss Prevention
Detect sensitive information across Office 365
Choose from 80+ sensitive information types – or
create your own
Customize policies, exclusions and actions
Block accidental sharing and educate users
View and monitor reports, alerts, events
NEW Custom sensitive information types
NEW HIPAA sensitive information types
NEW Large dictionary support

31. Data GovernanceLeverage intelligence to automate data retention and deletion

32. Advanced Data Governance
NEW Consistently manage records that have retention
periods associated with specific
event triggers
NEW Manual disposition review to defensibly delete
what’s redundant, trivial or obsolete
NEW Supervise employee communications to comply
with security and regulatory guidelines
Automate data retention by leveraging
recommendations driven by machine learning
Automatically classify the data most relevant for your
organization or industry
Policy recommendations (delete, move, encrypt, or
share) based on data insights and intelligence

33. History of Security Part II
Know Your Users ClassifyTrack EverythingProtectProtect Your Content

34. Copyright 2017 Exostar LLC | All Rights Reserved | Proprietary and Confidential 35
Compliance in Aerospace & Defense
TechnologyNon-Technology
Control Families
- Access Control
- Awareness and Training
- Audit and Accountability
- Configuration Management
- Identification and
Authentication
- Incident Response
- Maintenance
- Media Protection
- Physical Protection
- Personnel Security
- System and Communications
Protection
- System and Information
Integrity
Documents not supported by DLP
Control Families
- Access Control
- Awareness and Training
- Audit and Accountability
- Incident Response
- Media Protection
- Personnel Security
- Risk Assessment
- Security Assessment
- System and Information Integrity
Documents Stored in Team Collaboration & supported by DLP
Identity &
Access
Management
Team
Collaboration
DLP
Cloud

35. Know when policy is violated
Incident report and alert emails inform you in real time when content
violates policy.
See the effectiveness of your policies
Built-in reports help you see historical information and tune policies.
Take action to correct violations
Investigate violations in your organization and take remediation
actions.
Integrates with other systems
Leverage the Activity Management API to pull information into SIEM
and workflow tools.
Monitor and Remediate

36. Meet your regulatory requirements
Audit Office 365 activity
Search and download audit logs from the Office 365 Security Center
Configure activity alerts on specific audit event criteria
Configure an eDiscovery Center
Supports full lifecycle of electronic discovery across SharePoint, Exchange, and Skype
Create cases, add content sources, run keyword queries, place holds
Apply retention policies
Retain content for a minimum period of time or delete content that exceeds a timespan
Policy can be scoped to content containing specific keywords or sensitive information

37. Unified
Auditing
Pipeline
Compliance Center
Office 365 Activity Report
PowerShell cmdlet
Long-term
Auditing Storage
in O365
Azure AD
SharePoint Online
Exchange Online
OneDrive for Business
Office 365 Activity API
Third party application
Management
Activity API

38. Leverage actionable insights
Actionable insights and management control

39. Security and Compliance Center
Powerful for experts, and easier for generalists to
adopt
Scenario oriented workflows with cross-cutting
policies spanning features
Powerful content discovery across Office 365
workloads
Proactive suggestions leveraging Microsoft Security
Intelligence Graph

40. Confidence through operational security
tools to help you understand and investigate
cyber-threats and take action to protect your
organization from them

41. History of Security Part II
Know Your Users ClassifyTrack EverythingProtectProtect Your Content
QUESTIONS Adam Levithan
Adam.levithan@Exostar.com
@collabadam

42. Thank you, for your for #SPSParis