SlideShare ist ein Scribd-Unternehmen logo

When Your CISO Says No - Security & Compliance in Office 365

Als PPTX, PDF herunterladen
Ricardo Wilkins
Ricardo Wilkins

Security & Compliance in Office 365, Azure, Microsoft Cloud. Auditing, metadata, physical security. http://www.sharepointcowbell.com

Technologie
1 von 32
When Your CISO Says NO Security & Compliance in Office 365 www.ceiamerica.com
CONSULTING | SOLUTIONS | RESULTS2 About Me Architect; Principal Consultant Microsoft Solutions Division Partner Technical Specialist (Purple Badge) SharePoint | Office365 | Azure www.sharepointcowbell.com
CONSULTING | SOLUTIONS | RESULTS3 •CISO Objections •The Path to Yes •Demos Talking Points
CONSULTING | SOLUTIONS | RESULTS Pre-adoption concern 60%cited concerns around data security as a barrier to adoption 45%concerned that the cloud would result in a lack of data control Benefits realized 94%experienced security benefits they didn’t previously have on-premise 62%said privacy protection increased as a result of moving to the cloud SECURITY • Design/Operation • Infrastructure • Network • Identity/access • Data PRIVACY COMPLIANCE TRANPARENCY Cloud Innovation: Risks & Benefits Source: Barriers to Cloud Adoption study, ComScore, Sept 2013
CONSULTING | SOLUTIONS | RESULTS Compliance
CONSULTING | SOLUTIONS | RESULTS United States______ CJIS CSA CCM DISA FDA CFR Title 21 Part 11 FEDRAMP FERPA FIPS 140-2 FISMA HIPAA/HITECH HITRUST IRS 1075 ISO/IEC 27001, 27018 MARS-E NIST 800-171 Section 508 VPATs SOC 1, 2 United Kingdom___ CSA CCM ENISA IAF EU Model Clauses ISO/IEC 27001, 27018 NIST 800-171 SOC 1, 2, 3 UK G-CloudSpain___ CSA CCM ENISA IAF EU Model Clauses EU-U.S. Privacy Shield ISO/IEC 27001, 27018 SOC 1, 2 Spain ENS Spain LOPD Auth. Singapore____ CSA CCM ISO/IEC 27001, 27018 MTCS SOC 1, 2 New Zealand____ CSA CCM ISO/IEC 27001, 27018 NZCC Framework SOC 1, 2, Japan____ CSA CCM CS Mark (Gold) FISC ISO/IEC 27001, 27018 Japan My Number Act SOC 1, 2 European Union___ CSA CCM ENISA IAF EU Model Clauses EU-U.S. Privacy Shield ISO/IEC 27001, 27018 SOC 1, 2, China____ China GB 18030 China MLPS China TRUCS Austrailia____ CSA CCM IRAP (CCSL) ISO/IEC 27001, 27018 SOC 1, 2 Argentina____ Argentina PDPA CSA CCM IRAP (CCSL) ISO/IEC 27001, 27018 SOC 1, 2 Over 900 controls in the Office 365 compliance framework enable us to stay up to date with the ever- evolving industry standards across geographies Microsoft is regularly audited, submits self-assessments to independent 3rd party auditors and holds key certifications Compliance
CONSULTING | SOLUTIONS | RESULTS Comprehensive Compliance DLP
CONSULTING | SOLUTIONS | RESULTS “No. The Cloud is easier to hack/breach…”
CONSULTING | SOLUTIONS | RESULTS Perimeter Computer room Building Seismic bracing Security operations center 24X7 security staff Days of backup power Cameras Alarms Two-factor access control: Biometric readers & card readers Barriers Fencing Datacenter Security
CONSULTING | SOLUTIONS | RESULTS “No. We can’t have our info visible on the open internet…”
CONSULTING | SOLUTIONS | RESULTS “No. We can’t have our info visible on the open internet…” Encryption a. Data at-rest i. Volume-level encryption (BitLocker, AES 128-bit, FIPS-compliant) ii. File-level encryption (encrypted keys; minimal MS staff access in gov’t cloud) b. Data in-transit i. TLS/SSL (2048-bit) ii. IPsec encryption iii.AES 256-bit iv.FIPS validated
CONSULTING | SOLUTIONS | RESULTS Encrypted in transit between client and service and within service data centers BitLocker encryption protects drives where content is stored Contents of each file encrypted with a unique key Large files are stored in parts with a unique key per par File contents and encryption key are stored separately UseAzure RMStoencrypt your secret databefore uploading Works across phones, tablets,andPCs Information protected bothwithinandoutsideorganization Masterkeyisused toencrypt/decrypt per-fileencryption keys Ifitisremoved oraccessisrevoked, SharePoint Onlinecannolonger decrypt your content Does notlimit/restrict SharePoint Onlinefunctionalitywhen enabled YouuploadittoAzure KeyVaultandgrantaccesstotheOffice365 service Youcanremove itorrevoke access toitatanytime “No. We can’t have our info visible on the open internet…”
CONSULTING | SOLUTIONS | RESULTS1313
CONSULTING | SOLUTIONS | RESULTS1414
CONSULTING | SOLUTIONS | RESULTS1515 8:40 12:40
CONSULTING | SOLUTIONS | RESULTS • Private VPN “No. We can’t have our info visible on the open internet…”  Customers can extend their on- premises sites using VPN or dedicated ExpressRoute connections  Customer owns and manage certificates, policies, and user access
CONSULTING | SOLUTIONS | RESULTS “No. We’ll never be able to determine Appropriate Usage by our users…”
CONSULTING | SOLUTIONS | RESULTS Powerful for experts, and easier for generalists to adopt Scenario oriented workflows with cross-cutting policies spanning features Powerful content discovery across Office 365 workloads Proactive suggestions leveraging Microsoft Security Intelligence Graph Security and Compliance Center
CONSULTING | SOLUTIONS | RESULTS Azure Active Directory Security & Compliance Center SharePoint Online Power BI Opt-in for all O365 tenants 1 billion events collected daily Office 365 Auditing
CONSULTING | SOLUTIONS | RESULTS Office 365 Auditing
CONSULTING | SOLUTIONS | RESULTS Audited Activities https://support.office.com/en-us/article/Search-the-audit-log-in-the-Office-365-Security-Compliance-Center-0d4d0f35-390b-4518-800e-0c7ec95e946c
CONSULTING | SOLUTIONS | RESULTS Tenant-scoped unless noted Allow sharing via anon access links and to authenticated external users Allow sharing to authenticated external users only (further limit to existing users) Don’t allow sharing to external users Limit external sharing using domains (allow and deny list) – also at site collection level Prevent external users from sharing files, folders, sites they don’t own Require external users to accept sharing invitations with the same account the invitations were sent to Abilitytochoose defaultlinktypefromanon,companyshareable, restricted OnOneDrive forBusiness only;When… Users inviteadditionalexternalusers toshared files Externalusers accept invitationstoaccessfiles Anon accesslinkiscreated or changed Prevent sharingofdocuments marked byDLPtoexternal users Sharing
CONSULTING | SOLUTIONS | RESULTS “No. ‘Need To Know’ and ‘Least Privilege’ needs to be supported…”
CONSULTING | SOLUTIONS | RESULTS SharePoint Permissions – It Works
CONSULTING | SOLUTIONS | RESULTS • Catch It Before it Happens • The “Minority Report” Method • Catch It After it Happens • and discipline the culprit • Minimize Issues Other Considerations: Timing
CONSULTING | SOLUTIONS | RESULTS • Physical Security • Azure RMS • Rights Management • Data Loss Prevention Catch Before
CONSULTING | SOLUTIONS | RESULTS Catch Before
CONSULTING | SOLUTIONS | RESULTS • Data Loss Prevention • Auditing Catch After
CONSULTING | SOLUTIONS | RESULTS Catch After
CONSULTING | SOLUTIONS | RESULTS • Labels, Tips • Rights Management Minimize
CONSULTING | SOLUTIONS | RESULTS Putting Pieces Together
CONSULTING | SOLUTIONS | RESULTS32 Resources 32 Thank You! Ricardo Wilkins – Architect, Microsoft Solutions Division Computer Enterprises, Inc. | www.ceiamerica.com rwilkins@ceiamerica.com Office 365 Trust Center Microsoft Trust Center Microsoft Secure Security Blogs on Office Blogs Compliance Blogs on Office Blogs Office 365 Roadmap

Empfohlen

SharePoint, PowerApps, Flow and Azure Functions - What Does It All Mean?
SharePoint, PowerApps, Flow and Azure Functions - What Does It All Mean?SharePoint, PowerApps, Flow and Azure Functions - What Does It All Mean?
SharePoint, PowerApps, Flow and Azure Functions - What Does It All Mean?Ricardo Wilkins
 
Microsoft Teams - The Missing Manual
Microsoft Teams - The Missing ManualMicrosoft Teams - The Missing Manual
Microsoft Teams - The Missing ManualRicardo Wilkins
 
O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...
O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...
O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...NCCOMMS
 
Microsoft 365 and Microsoft Cloud App Security
Microsoft 365 and Microsoft Cloud App SecurityMicrosoft 365 and Microsoft Cloud App Security
Microsoft 365 and Microsoft Cloud App SecurityAlbert Hoitingh
 
[Sy] How to Develop Your Office 365 Information Governance Strategy in 4 Steps
[Sy] How to Develop Your Office 365 Information Governance Strategy in 4 Steps[Sy] How to Develop Your Office 365 Information Governance Strategy in 4 Steps
[Sy] How to Develop Your Office 365 Information Governance Strategy in 4 StepsEuropean Collaboration Summit
 
O365Con19 - Keep Control of Your Data with AIP and CA - Bram de Jager
O365Con19 - Keep Control of Your Data with AIP and CA - Bram de JagerO365Con19 - Keep Control of Your Data with AIP and CA - Bram de Jager
O365Con19 - Keep Control of Your Data with AIP and CA - Bram de JagerNCCOMMS
 
O365Con18 - Deep Dive into Microsoft 365 - Jussi Roine
O365Con18 - Deep Dive into Microsoft 365 - Jussi RoineO365Con18 - Deep Dive into Microsoft 365 - Jussi Roine
O365Con18 - Deep Dive into Microsoft 365 - Jussi RoineNCCOMMS
 
Dell EMC Spanning
Dell EMC SpanningDell EMC Spanning
Dell EMC SpanningNovosco
 

Empfohlen

SharePoint, PowerApps, Flow and Azure Functions - What Does It All Mean?
SharePoint, PowerApps, Flow and Azure Functions - What Does It All Mean?SharePoint, PowerApps, Flow and Azure Functions - What Does It All Mean?
SharePoint, PowerApps, Flow and Azure Functions - What Does It All Mean?Ricardo Wilkins
 
Microsoft Teams - The Missing Manual
Microsoft Teams - The Missing ManualMicrosoft Teams - The Missing Manual
Microsoft Teams - The Missing ManualRicardo Wilkins
 
O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...
O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...
O365Con19 - Tips and Tricks for Complex Migrations to SharePoint Online - And...NCCOMMS
 
Microsoft 365 and Microsoft Cloud App Security
Microsoft 365 and Microsoft Cloud App SecurityMicrosoft 365 and Microsoft Cloud App Security
Microsoft 365 and Microsoft Cloud App SecurityAlbert Hoitingh
 
[Sy] How to Develop Your Office 365 Information Governance Strategy in 4 Steps
[Sy] How to Develop Your Office 365 Information Governance Strategy in 4 Steps[Sy] How to Develop Your Office 365 Information Governance Strategy in 4 Steps
[Sy] How to Develop Your Office 365 Information Governance Strategy in 4 StepsEuropean Collaboration Summit
 
O365Con19 - Keep Control of Your Data with AIP and CA - Bram de Jager
O365Con19 - Keep Control of Your Data with AIP and CA - Bram de JagerO365Con19 - Keep Control of Your Data with AIP and CA - Bram de Jager
O365Con19 - Keep Control of Your Data with AIP and CA - Bram de JagerNCCOMMS
 
O365Con18 - Deep Dive into Microsoft 365 - Jussi Roine
O365Con18 - Deep Dive into Microsoft 365 - Jussi RoineO365Con18 - Deep Dive into Microsoft 365 - Jussi Roine
O365Con18 - Deep Dive into Microsoft 365 - Jussi RoineNCCOMMS
 
Dell EMC Spanning
Dell EMC SpanningDell EMC Spanning
Dell EMC SpanningNovosco
 
Moving from SBS to Azure
Moving from SBS to AzureMoving from SBS to Azure
Moving from SBS to AzureRobert Crane
 
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerO365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerNCCOMMS
 
May 2018 Office 365 Need to Know Webinar
May 2018 Office 365 Need to Know WebinarMay 2018 Office 365 Need to Know Webinar
May 2018 Office 365 Need to Know WebinarRobert Crane
 
Overview of Microsoft Exchange Online
Overview of Microsoft Exchange OnlineOverview of Microsoft Exchange Online
Overview of Microsoft Exchange OnlineMicrosoft Private Cloud
 
What's New with OneDrive for Business - SPFestSeattle
What's New with OneDrive for Business - SPFestSeattleWhat's New with OneDrive for Business - SPFestSeattle
What's New with OneDrive for Business - SPFestSeattleDrew Madelung
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptxMohit Chhabra
 
Understanding Microsoft Teams Security & Compliance features and plan for Gov...
Understanding Microsoft Teams Security & Compliance features and plan for Gov...Understanding Microsoft Teams Security & Compliance features and plan for Gov...
Understanding Microsoft Teams Security & Compliance features and plan for Gov...Ravikumar Sathyamurthy
 
Microsoft Teams - Governance A - Z
Microsoft Teams - Governance A - ZMicrosoft Teams - Governance A - Z
Microsoft Teams - Governance A - ZJasper Oosterveld
 
Office 365 Disruption - Metalogix Roadshow - 20th October 2016
Office 365 Disruption - Metalogix Roadshow - 20th October 2016Office 365 Disruption - Metalogix Roadshow - 20th October 2016
Office 365 Disruption - Metalogix Roadshow - 20th October 2016Alistair Pugin
 
What is Office 365 | Benifits of Office 365 | Learn Office 365
What is Office 365 | Benifits of Office 365 | Learn Office 365What is Office 365 | Benifits of Office 365 | Learn Office 365
What is Office 365 | Benifits of Office 365 | Learn Office 365Gloire Tech
 
Introduction to Microsoft 365 Enterprise
Introduction to Microsoft 365 EnterpriseIntroduction to Microsoft 365 Enterprise
Introduction to Microsoft 365 EnterpriseRobert Crane
 
Securing Intellectual Property using Azure Rights Management Services
Securing Intellectual Property using Azure Rights Management ServicesSecuring Intellectual Property using Azure Rights Management Services
Securing Intellectual Property using Azure Rights Management ServicesSPC Adriatics
 
The Cloud promises - Global Azure Bootcamp Paris 2019
The Cloud promises - Global Azure Bootcamp Paris 2019The Cloud promises - Global Azure Bootcamp Paris 2019
The Cloud promises - Global Azure Bootcamp Paris 2019Alex Danvy
 
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...European Collaboration Summit
 
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...NCCOMMS
 
July 2021 Microsoft 365 Need to Know Webinar
July 2021 Microsoft 365 Need to Know WebinarJuly 2021 Microsoft 365 Need to Know Webinar
July 2021 Microsoft 365 Need to Know WebinarRobert Crane
 
Securing SharePoint & OneDrive in Office 365
Securing SharePoint & OneDrive in Office 365Securing SharePoint & OneDrive in Office 365
Securing SharePoint & OneDrive in Office 365Drew Madelung
 
The End of the Domain Controller
The End of the Domain ControllerThe End of the Domain Controller
The End of the Domain ControllerRobert Crane
 
Need to Know Webinar - October 2017
Need to Know Webinar - October 2017Need to Know Webinar - October 2017
Need to Know Webinar - October 2017Robert Crane
 
ECS19 - Jussi Roine - Microsoft 365 Deep Dive
ECS19 - Jussi Roine - Microsoft 365 Deep DiveECS19 - Jussi Roine - Microsoft 365 Deep Dive
ECS19 - Jussi Roine - Microsoft 365 Deep DiveEuropean Collaboration Summit
 
Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Ulf Mattsson
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceVignesh Ganesan I Microsoft MVP
 

Weitere ähnliche Inhalte

Was ist angesagt?

Moving from SBS to Azure
Moving from SBS to AzureMoving from SBS to Azure
Moving from SBS to AzureRobert Crane
 
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerO365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerNCCOMMS
 
May 2018 Office 365 Need to Know Webinar
May 2018 Office 365 Need to Know WebinarMay 2018 Office 365 Need to Know Webinar
May 2018 Office 365 Need to Know WebinarRobert Crane
 
What's New with OneDrive for Business - SPFestSeattle
What's New with OneDrive for Business - SPFestSeattleWhat's New with OneDrive for Business - SPFestSeattle
What's New with OneDrive for Business - SPFestSeattleDrew Madelung
 
Understanding Microsoft Teams Security & Compliance features and plan for Gov...
Understanding Microsoft Teams Security & Compliance features and plan for Gov...Understanding Microsoft Teams Security & Compliance features and plan for Gov...
Understanding Microsoft Teams Security & Compliance features and plan for Gov...Ravikumar Sathyamurthy
 
Microsoft Teams - Governance A - Z
Microsoft Teams - Governance A - ZMicrosoft Teams - Governance A - Z
Microsoft Teams - Governance A - ZJasper Oosterveld
 
Office 365 Disruption - Metalogix Roadshow - 20th October 2016
Office 365 Disruption - Metalogix Roadshow - 20th October 2016Office 365 Disruption - Metalogix Roadshow - 20th October 2016
Office 365 Disruption - Metalogix Roadshow - 20th October 2016Alistair Pugin
 
What is Office 365 | Benifits of Office 365 | Learn Office 365
What is Office 365 | Benifits of Office 365 | Learn Office 365What is Office 365 | Benifits of Office 365 | Learn Office 365
What is Office 365 | Benifits of Office 365 | Learn Office 365Gloire Tech
 
Introduction to Microsoft 365 Enterprise
Introduction to Microsoft 365 EnterpriseIntroduction to Microsoft 365 Enterprise
Introduction to Microsoft 365 EnterpriseRobert Crane
 
Securing Intellectual Property using Azure Rights Management Services
Securing Intellectual Property using Azure Rights Management ServicesSecuring Intellectual Property using Azure Rights Management Services
Securing Intellectual Property using Azure Rights Management ServicesSPC Adriatics
 
The Cloud promises - Global Azure Bootcamp Paris 2019
The Cloud promises - Global Azure Bootcamp Paris 2019The Cloud promises - Global Azure Bootcamp Paris 2019
The Cloud promises - Global Azure Bootcamp Paris 2019Alex Danvy
 
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...European Collaboration Summit
 
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...NCCOMMS
 
July 2021 Microsoft 365 Need to Know Webinar
July 2021 Microsoft 365 Need to Know WebinarJuly 2021 Microsoft 365 Need to Know Webinar
July 2021 Microsoft 365 Need to Know WebinarRobert Crane
 
Securing SharePoint & OneDrive in Office 365
Securing SharePoint & OneDrive in Office 365Securing SharePoint & OneDrive in Office 365
Securing SharePoint & OneDrive in Office 365Drew Madelung
 
The End of the Domain Controller
The End of the Domain ControllerThe End of the Domain Controller
The End of the Domain ControllerRobert Crane
 
Need to Know Webinar - October 2017
Need to Know Webinar - October 2017Need to Know Webinar - October 2017
Need to Know Webinar - October 2017Robert Crane
 

Was ist angesagt? (20)

Moving from SBS to Azure
Moving from SBS to AzureMoving from SBS to Azure
Moving from SBS to Azure
 
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander BerkouwerO365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer
 
May 2018 Office 365 Need to Know Webinar
May 2018 Office 365 Need to Know WebinarMay 2018 Office 365 Need to Know Webinar
May 2018 Office 365 Need to Know Webinar
 
Overview of Microsoft Exchange Online
Overview of Microsoft Exchange OnlineOverview of Microsoft Exchange Online
Overview of Microsoft Exchange Online
 
What's New with OneDrive for Business - SPFestSeattle
What's New with OneDrive for Business - SPFestSeattleWhat's New with OneDrive for Business - SPFestSeattle
What's New with OneDrive for Business - SPFestSeattle
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
 
Understanding Microsoft Teams Security & Compliance features and plan for Gov...
Understanding Microsoft Teams Security & Compliance features and plan for Gov...Understanding Microsoft Teams Security & Compliance features and plan for Gov...
Understanding Microsoft Teams Security & Compliance features and plan for Gov...
 
Microsoft Teams - Governance A - Z
Microsoft Teams - Governance A - ZMicrosoft Teams - Governance A - Z
Microsoft Teams - Governance A - Z
 
Office 365 Disruption - Metalogix Roadshow - 20th October 2016
Office 365 Disruption - Metalogix Roadshow - 20th October 2016Office 365 Disruption - Metalogix Roadshow - 20th October 2016
Office 365 Disruption - Metalogix Roadshow - 20th October 2016
 
What is Office 365 | Benifits of Office 365 | Learn Office 365
What is Office 365 | Benifits of Office 365 | Learn Office 365What is Office 365 | Benifits of Office 365 | Learn Office 365
What is Office 365 | Benifits of Office 365 | Learn Office 365
 
Introduction to Microsoft 365 Enterprise
Introduction to Microsoft 365 EnterpriseIntroduction to Microsoft 365 Enterprise
Introduction to Microsoft 365 Enterprise
 
Securing Intellectual Property using Azure Rights Management Services
Securing Intellectual Property using Azure Rights Management ServicesSecuring Intellectual Property using Azure Rights Management Services
Securing Intellectual Property using Azure Rights Management Services
 
The Cloud promises - Global Azure Bootcamp Paris 2019
The Cloud promises - Global Azure Bootcamp Paris 2019The Cloud promises - Global Azure Bootcamp Paris 2019
The Cloud promises - Global Azure Bootcamp Paris 2019
 
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...
 
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
 
July 2021 Microsoft 365 Need to Know Webinar
July 2021 Microsoft 365 Need to Know WebinarJuly 2021 Microsoft 365 Need to Know Webinar
July 2021 Microsoft 365 Need to Know Webinar
 
Securing SharePoint & OneDrive in Office 365
Securing SharePoint & OneDrive in Office 365Securing SharePoint & OneDrive in Office 365
Securing SharePoint & OneDrive in Office 365
 
The End of the Domain Controller
The End of the Domain ControllerThe End of the Domain Controller
The End of the Domain Controller
 
Need to Know Webinar - October 2017
Need to Know Webinar - October 2017Need to Know Webinar - October 2017
Need to Know Webinar - October 2017
 
ECS19 - Jussi Roine - Microsoft 365 Deep Dive
ECS19 - Jussi Roine - Microsoft 365 Deep DiveECS19 - Jussi Roine - Microsoft 365 Deep Dive
ECS19 - Jussi Roine - Microsoft 365 Deep Dive
 

Ähnlich wie When Your CISO Says No - Security & Compliance in Office 365

Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Ulf Mattsson
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceVignesh Ganesan I Microsoft MVP
 
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VMSecuring Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VMDrew Madelung
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Cloud Security Alliance Lviv Chapter
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsTechcello
 
Microsoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkMicrosoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkAlistair Pugin
 
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore
 
Cloud Software - Cloud-based System Security
Cloud Software - Cloud-based System SecurityCloud Software - Cloud-based System Security
Cloud Software - Cloud-based System SecurityNet at Work
 
Windows Azure Security & Compliance
Windows Azure Security & ComplianceWindows Azure Security & Compliance
Windows Azure Security & ComplianceNuno Godinho
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyCloud Standards Customer Council
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Ulf Mattsson
 
One name unify them all
One name unify them allOne name unify them all
One name unify them allBizTalk360
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewAlert Logic
 
Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Shahar Geiger Maor
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applicationskanimozhin
 
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Ulf Mattsson
 
June 2020 Microsoft 365 Need to Know Webinar
June 2020 Microsoft 365 Need to Know WebinarJune 2020 Microsoft 365 Need to Know Webinar
June 2020 Microsoft 365 Need to Know WebinarRobert Crane
 
Security and Compliance with SharePoint and Office 365
Security and Compliance with SharePoint and Office 365Security and Compliance with SharePoint and Office 365
Security and Compliance with SharePoint and Office 365Richard Harbridge
 

Ähnlich wie When Your CISO Says No - Security & Compliance in Office 365 (20)

Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...Cloud data governance, risk management and compliance ny metro joint cyber...
Cloud data governance, risk management and compliance ny metro joint cyber...
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
 
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VMSecuring Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
 
Microsoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkMicrosoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance Framework
 
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
 
Cloud Software - Cloud-based System Security
Cloud Software - Cloud-based System SecurityCloud Software - Cloud-based System Security
Cloud Software - Cloud-based System Security
 
Windows Azure Security & Compliance
Windows Azure Security & ComplianceWindows Azure Security & Compliance
Windows Azure Security & Compliance
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...
 
One name unify them all
One name unify them allOne name unify them all
One name unify them all
 
Security and compliance in Office 365 -Part 1
Security and compliance in Office 365 -Part 1Security and compliance in Office 365 -Part 1
Security and compliance in Office 365 -Part 1
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
 
Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
 
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...
 
June 2020 Microsoft 365 Need to Know Webinar
June 2020 Microsoft 365 Need to Know WebinarJune 2020 Microsoft 365 Need to Know Webinar
June 2020 Microsoft 365 Need to Know Webinar
 
Security and Compliance with SharePoint and Office 365
Security and Compliance with SharePoint and Office 365Security and Compliance with SharePoint and Office 365
Security and Compliance with SharePoint and Office 365
 

Mehr von Ricardo Wilkins

InfoPath - I Ain't Dead Yet!
InfoPath - I Ain't Dead Yet!InfoPath - I Ain't Dead Yet!
InfoPath - I Ain't Dead Yet!Ricardo Wilkins
 
Ricardo Wilkins - Modern Work CSM @ Microsoft
Ricardo Wilkins - Modern Work CSM @ MicrosoftRicardo Wilkins - Modern Work CSM @ Microsoft
Ricardo Wilkins - Modern Work CSM @ MicrosoftRicardo Wilkins
 
FAQ: Working with Files in Microsoft Teams
FAQ: Working with Files in Microsoft TeamsFAQ: Working with Files in Microsoft Teams
FAQ: Working with Files in Microsoft TeamsRicardo Wilkins
 
Top Ten Tips for Teams - Microsoft Teams
Top Ten Tips for Teams - Microsoft TeamsTop Ten Tips for Teams - Microsoft Teams
Top Ten Tips for Teams - Microsoft TeamsRicardo Wilkins
 
Microsoft Flow - A Real-World Walkthru
Microsoft Flow - A Real-World WalkthruMicrosoft Flow - A Real-World Walkthru
Microsoft Flow - A Real-World WalkthruRicardo Wilkins
 
Columbus SharePoint User Group - April 2019
Columbus SharePoint User Group - April 2019Columbus SharePoint User Group - April 2019
Columbus SharePoint User Group - April 2019Ricardo Wilkins
 
OneNote - The Missing Manual
OneNote - The Missing ManualOneNote - The Missing Manual
OneNote - The Missing ManualRicardo Wilkins
 
Teams - The Missing Manual
Teams - The Missing ManualTeams - The Missing Manual
Teams - The Missing ManualRicardo Wilkins
 
SharePoint Cincy 2018 - Site Management - Notes from the Field
SharePoint Cincy 2018 - Site Management - Notes from the FieldSharePoint Cincy 2018 - Site Management - Notes from the Field
SharePoint Cincy 2018 - Site Management - Notes from the FieldRicardo Wilkins
 
Moving Your SharePoint Development to the Cloud
Moving Your SharePoint Development to the CloudMoving Your SharePoint Development to the Cloud
Moving Your SharePoint Development to the CloudRicardo Wilkins
 
SharePoint PowerShell for the Admin and Developer - A Venn Diagram Experience
SharePoint PowerShell for the Admin and Developer - A Venn Diagram ExperienceSharePoint PowerShell for the Admin and Developer - A Venn Diagram Experience
SharePoint PowerShell for the Admin and Developer - A Venn Diagram ExperienceRicardo Wilkins
 
SharePoint 2013 Dev Features
SharePoint 2013 Dev FeaturesSharePoint 2013 Dev Features
SharePoint 2013 Dev FeaturesRicardo Wilkins
 
Cloud Computing Tips for Small Business
Cloud Computing Tips for Small BusinessCloud Computing Tips for Small Business
Cloud Computing Tips for Small BusinessRicardo Wilkins
 
The ABC’s of Building Apps for SharePoint 2013
The ABC’s of Building Apps for SharePoint 2013The ABC’s of Building Apps for SharePoint 2013
The ABC’s of Building Apps for SharePoint 2013Ricardo Wilkins
 
SharePoint & Azure Integration
SharePoint & Azure IntegrationSharePoint & Azure Integration
SharePoint & Azure IntegrationRicardo Wilkins
 
DevOps - Bridging the gap between development and operations
DevOps - Bridging the gap between development and operationsDevOps - Bridging the gap between development and operations
DevOps - Bridging the gap between development and operationsRicardo Wilkins
 
SharePoint 2010 ALM for Dev Managers
SharePoint 2010 ALM for Dev ManagersSharePoint 2010 ALM for Dev Managers
SharePoint 2010 ALM for Dev ManagersRicardo Wilkins
 
Business Process Automation with SharePoint & Workflow - The Good, the Bad, a...
Business Process Automation with SharePoint & Workflow - The Good, the Bad, a...Business Process Automation with SharePoint & Workflow - The Good, the Bad, a...
Business Process Automation with SharePoint & Workflow - The Good, the Bad, a...Ricardo Wilkins
 

Mehr von Ricardo Wilkins (20)

InfoPath - I Ain't Dead Yet!
InfoPath - I Ain't Dead Yet!InfoPath - I Ain't Dead Yet!
InfoPath - I Ain't Dead Yet!
 
Ricardo Wilkins - Modern Work CSM @ Microsoft
Ricardo Wilkins - Modern Work CSM @ MicrosoftRicardo Wilkins - Modern Work CSM @ Microsoft
Ricardo Wilkins - Modern Work CSM @ Microsoft
 
FAQ: Working with Files in Microsoft Teams
FAQ: Working with Files in Microsoft TeamsFAQ: Working with Files in Microsoft Teams
FAQ: Working with Files in Microsoft Teams
 
Top Ten Tips for Teams - Microsoft Teams
Top Ten Tips for Teams - Microsoft TeamsTop Ten Tips for Teams - Microsoft Teams
Top Ten Tips for Teams - Microsoft Teams
 
Microsoft Flow - A Real-World Walkthru
Microsoft Flow - A Real-World WalkthruMicrosoft Flow - A Real-World Walkthru
Microsoft Flow - A Real-World Walkthru
 
Columbus SharePoint User Group - April 2019
Columbus SharePoint User Group - April 2019Columbus SharePoint User Group - April 2019
Columbus SharePoint User Group - April 2019
 
OneNote - The Missing Manual
OneNote - The Missing ManualOneNote - The Missing Manual
OneNote - The Missing Manual
 
Teams - The Missing Manual
Teams - The Missing ManualTeams - The Missing Manual
Teams - The Missing Manual
 
SharePoint Cincy 2018 - Site Management - Notes from the Field
SharePoint Cincy 2018 - Site Management - Notes from the FieldSharePoint Cincy 2018 - Site Management - Notes from the Field
SharePoint Cincy 2018 - Site Management - Notes from the Field
 
OneNote Overview
OneNote OverviewOneNote Overview
OneNote Overview
 
Moving Your SharePoint Development to the Cloud
Moving Your SharePoint Development to the CloudMoving Your SharePoint Development to the Cloud
Moving Your SharePoint Development to the Cloud
 
SharePoint PowerShell for the Admin and Developer - A Venn Diagram Experience
SharePoint PowerShell for the Admin and Developer - A Venn Diagram ExperienceSharePoint PowerShell for the Admin and Developer - A Venn Diagram Experience
SharePoint PowerShell for the Admin and Developer - A Venn Diagram Experience
 
InfoPath
InfoPathInfoPath
InfoPath
 
SharePoint 2013 Dev Features
SharePoint 2013 Dev FeaturesSharePoint 2013 Dev Features
SharePoint 2013 Dev Features
 
Cloud Computing Tips for Small Business
Cloud Computing Tips for Small BusinessCloud Computing Tips for Small Business
Cloud Computing Tips for Small Business
 
The ABC’s of Building Apps for SharePoint 2013
The ABC’s of Building Apps for SharePoint 2013The ABC’s of Building Apps for SharePoint 2013
The ABC’s of Building Apps for SharePoint 2013
 
SharePoint & Azure Integration
SharePoint & Azure IntegrationSharePoint & Azure Integration
SharePoint & Azure Integration
 
DevOps - Bridging the gap between development and operations
DevOps - Bridging the gap between development and operationsDevOps - Bridging the gap between development and operations
DevOps - Bridging the gap between development and operations
 
SharePoint 2010 ALM for Dev Managers
SharePoint 2010 ALM for Dev ManagersSharePoint 2010 ALM for Dev Managers
SharePoint 2010 ALM for Dev Managers
 
Business Process Automation with SharePoint & Workflow - The Good, the Bad, a...
Business Process Automation with SharePoint & Workflow - The Good, the Bad, a...Business Process Automation with SharePoint & Workflow - The Good, the Bad, a...
Business Process Automation with SharePoint & Workflow - The Good, the Bad, a...
 

Kürzlich hochgeladen

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 

Kürzlich hochgeladen (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

When Your CISO Says No - Security & Compliance in Office 365

  • 1. When Your CISO Says NO Security & Compliance in Office 365 www.ceiamerica.com
  • 2. CONSULTING | SOLUTIONS | RESULTS2 About Me Architect; Principal Consultant Microsoft Solutions Division Partner Technical Specialist (Purple Badge) SharePoint | Office365 | Azure www.sharepointcowbell.com
  • 3. CONSULTING | SOLUTIONS | RESULTS3 •CISO Objections •The Path to Yes •Demos Talking Points
  • 4. CONSULTING | SOLUTIONS | RESULTS Pre-adoption concern 60%cited concerns around data security as a barrier to adoption 45%concerned that the cloud would result in a lack of data control Benefits realized 94%experienced security benefits they didn’t previously have on-premise 62%said privacy protection increased as a result of moving to the cloud SECURITY • Design/Operation • Infrastructure • Network • Identity/access • Data PRIVACY COMPLIANCE TRANPARENCY Cloud Innovation: Risks & Benefits Source: Barriers to Cloud Adoption study, ComScore, Sept 2013
  • 5. CONSULTING | SOLUTIONS | RESULTS Compliance
  • 6. CONSULTING | SOLUTIONS | RESULTS United States______ CJIS CSA CCM DISA FDA CFR Title 21 Part 11 FEDRAMP FERPA FIPS 140-2 FISMA HIPAA/HITECH HITRUST IRS 1075 ISO/IEC 27001, 27018 MARS-E NIST 800-171 Section 508 VPATs SOC 1, 2 United Kingdom___ CSA CCM ENISA IAF EU Model Clauses ISO/IEC 27001, 27018 NIST 800-171 SOC 1, 2, 3 UK G-CloudSpain___ CSA CCM ENISA IAF EU Model Clauses EU-U.S. Privacy Shield ISO/IEC 27001, 27018 SOC 1, 2 Spain ENS Spain LOPD Auth. Singapore____ CSA CCM ISO/IEC 27001, 27018 MTCS SOC 1, 2 New Zealand____ CSA CCM ISO/IEC 27001, 27018 NZCC Framework SOC 1, 2, Japan____ CSA CCM CS Mark (Gold) FISC ISO/IEC 27001, 27018 Japan My Number Act SOC 1, 2 European Union___ CSA CCM ENISA IAF EU Model Clauses EU-U.S. Privacy Shield ISO/IEC 27001, 27018 SOC 1, 2, China____ China GB 18030 China MLPS China TRUCS Austrailia____ CSA CCM IRAP (CCSL) ISO/IEC 27001, 27018 SOC 1, 2 Argentina____ Argentina PDPA CSA CCM IRAP (CCSL) ISO/IEC 27001, 27018 SOC 1, 2 Over 900 controls in the Office 365 compliance framework enable us to stay up to date with the ever- evolving industry standards across geographies Microsoft is regularly audited, submits self-assessments to independent 3rd party auditors and holds key certifications Compliance
  • 7. CONSULTING | SOLUTIONS | RESULTS Comprehensive Compliance DLP
  • 8. CONSULTING | SOLUTIONS | RESULTS “No. The Cloud is easier to hack/breach…”
  • 9. CONSULTING | SOLUTIONS | RESULTS Perimeter Computer room Building Seismic bracing Security operations center 24X7 security staff Days of backup power Cameras Alarms Two-factor access control: Biometric readers & card readers Barriers Fencing Datacenter Security
  • 10. CONSULTING | SOLUTIONS | RESULTS “No. We can’t have our info visible on the open internet…”
  • 11. CONSULTING | SOLUTIONS | RESULTS “No. We can’t have our info visible on the open internet…” Encryption a. Data at-rest i. Volume-level encryption (BitLocker, AES 128-bit, FIPS-compliant) ii. File-level encryption (encrypted keys; minimal MS staff access in gov’t cloud) b. Data in-transit i. TLS/SSL (2048-bit) ii. IPsec encryption iii.AES 256-bit iv.FIPS validated
  • 12. CONSULTING | SOLUTIONS | RESULTS Encrypted in transit between client and service and within service data centers BitLocker encryption protects drives where content is stored Contents of each file encrypted with a unique key Large files are stored in parts with a unique key per par File contents and encryption key are stored separately UseAzure RMStoencrypt your secret databefore uploading Works across phones, tablets,andPCs Information protected bothwithinandoutsideorganization Masterkeyisused toencrypt/decrypt per-fileencryption keys Ifitisremoved oraccessisrevoked, SharePoint Onlinecannolonger decrypt your content Does notlimit/restrict SharePoint Onlinefunctionalitywhen enabled YouuploadittoAzure KeyVaultandgrantaccesstotheOffice365 service Youcanremove itorrevoke access toitatanytime “No. We can’t have our info visible on the open internet…”
  • 13. CONSULTING | SOLUTIONS | RESULTS1313
  • 14. CONSULTING | SOLUTIONS | RESULTS1414
  • 15. CONSULTING | SOLUTIONS | RESULTS1515 8:40 12:40
  • 16. CONSULTING | SOLUTIONS | RESULTS • Private VPN “No. We can’t have our info visible on the open internet…”  Customers can extend their on- premises sites using VPN or dedicated ExpressRoute connections  Customer owns and manage certificates, policies, and user access
  • 17. CONSULTING | SOLUTIONS | RESULTS “No. We’ll never be able to determine Appropriate Usage by our users…”
  • 18. CONSULTING | SOLUTIONS | RESULTS Powerful for experts, and easier for generalists to adopt Scenario oriented workflows with cross-cutting policies spanning features Powerful content discovery across Office 365 workloads Proactive suggestions leveraging Microsoft Security Intelligence Graph Security and Compliance Center
  • 19. CONSULTING | SOLUTIONS | RESULTS Azure Active Directory Security & Compliance Center SharePoint Online Power BI Opt-in for all O365 tenants 1 billion events collected daily Office 365 Auditing
  • 20. CONSULTING | SOLUTIONS | RESULTS Office 365 Auditing
  • 21. CONSULTING | SOLUTIONS | RESULTS Audited Activities https://support.office.com/en-us/article/Search-the-audit-log-in-the-Office-365-Security-Compliance-Center-0d4d0f35-390b-4518-800e-0c7ec95e946c
  • 22. CONSULTING | SOLUTIONS | RESULTS Tenant-scoped unless noted Allow sharing via anon access links and to authenticated external users Allow sharing to authenticated external users only (further limit to existing users) Don’t allow sharing to external users Limit external sharing using domains (allow and deny list) – also at site collection level Prevent external users from sharing files, folders, sites they don’t own Require external users to accept sharing invitations with the same account the invitations were sent to Abilitytochoose defaultlinktypefromanon,companyshareable, restricted OnOneDrive forBusiness only;When… Users inviteadditionalexternalusers toshared files Externalusers accept invitationstoaccessfiles Anon accesslinkiscreated or changed Prevent sharingofdocuments marked byDLPtoexternal users Sharing
  • 23. CONSULTING | SOLUTIONS | RESULTS “No. ‘Need To Know’ and ‘Least Privilege’ needs to be supported…”
  • 24. CONSULTING | SOLUTIONS | RESULTS SharePoint Permissions – It Works
  • 25. CONSULTING | SOLUTIONS | RESULTS • Catch It Before it Happens • The “Minority Report” Method • Catch It After it Happens • and discipline the culprit • Minimize Issues Other Considerations: Timing
  • 26. CONSULTING | SOLUTIONS | RESULTS • Physical Security • Azure RMS • Rights Management • Data Loss Prevention Catch Before
  • 27. CONSULTING | SOLUTIONS | RESULTS Catch Before
  • 28. CONSULTING | SOLUTIONS | RESULTS • Data Loss Prevention • Auditing Catch After
  • 29. CONSULTING | SOLUTIONS | RESULTS Catch After
  • 30. CONSULTING | SOLUTIONS | RESULTS • Labels, Tips • Rights Management Minimize
  • 31. CONSULTING | SOLUTIONS | RESULTS Putting Pieces Together
  • 32. CONSULTING | SOLUTIONS | RESULTS32 Resources 32 Thank You! Ricardo Wilkins – Architect, Microsoft Solutions Division Computer Enterprises, Inc. | www.ceiamerica.com rwilkins@ceiamerica.com Office 365 Trust Center Microsoft Trust Center Microsoft Secure Security Blogs on Office Blogs Compliance Blogs on Office Blogs Office 365 Roadmap

Hinweis der Redaktion

  1. Source: Barriers to Cloud Adoption study, ComScore, Sept 2013 Slide script: Azure can help reduce the cost, complexity, and risk associated with security and compliance in the cloud. A survey funded by Microsoft and performed by ComScore demonstrates that while many organizations have initial concerns about moving to the cloud, a majority of cloud adopters achieve significant security benefits: CLICK. Before embarking on cloud computing, 60% cited concerns around data security as a barrier to adoption, and 45% were concerned that the cloud would result in a lack of data control CLICK. However, after moving to the cloud, a majority of cloud adopters achieve significant security benefits. 94% experienced security benefits they didn’t previously have on-premises and 62% said privacy protection increased as a result of moving to the field. Few individual customer organizations can replicate the technology and operational processes that Microsoft uses to help safeguard its enterprise cloud services and comply with a wide range of international standards. When companies use Microsoft Azure, they benefit from Microsoft’s scale and experience running highly secure and compliant online services around the globe. Microsoft’s expertise becomes the customer’s expertise.
  2. Office 365 is a global service and continuous compliance refers to our commitment to evolve the Office 365 controls and stay up to date with standards and regulations that apply to your industry and geography. Because regulations often share the same or similar controls, this makes it easier for Microsoft to meet the requirements of new regulations or those specific to your organization and industry.  We have built a specialist compliance team is continuously tracking standards and regulations, developing common control sets for our product team to build into the service. ·         EU Model Clauses: Ensures appropriate safeguards are in place to protect personal data that leaves the European Economic Area (prep for any questions regarding safe harbor by reading this: http://blogs.microsoft.com/on-the-issues/2015/10/06/a-message-to-our-customers-about-eu-us-safe-harbor/ ·         ISO 27018: Microsoft was the first cloud service provider to comply with this new standard which protects personally identifiable information and ensures your data will not be used for advertising purposes 
  3. Slide script: Microsoft datacenters employ controls at the perimeter, building, and computer room with increasing security at each level, utilizing a combination of technology and traditional physical measures. Security starts at the perimeter with camera monitoring, security officers, physical barriers and fencing. At the building, seismic bracing and extensive environmental protections protect the physical structure and integrated alarms, cameras, and access controls (including two-factor authentication via biometrics and smart cards) govern access. The systems are monitored 24x7 from the operations center. Similar access controls are used at the computer room, which also has redundant power.
  4. Office 365 services follow industry cryptographic standards such as TLS/SSL and AES to protect the confidentiality and integrity of customer data. For data in transit, all customer-facing servers negotiate a secure session by using TLS/SSL with client machines to secure the customer data. This applies to protocols on any device used by clients, such as Skype for Business Online, Outlook, and Outlook on the web. For data at rest, Office 365 deploys BitLocker with AES 256-bit encryption on servers that hold all messaging data, including email and IM conversations, as well as content stored in SharePoint Online and OneDrive for Business. BitLocker volume encryption addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers and disks. In some scenarios, we use file-level encryption. For example, the files and presentations uploaded by meeting participants are encrypted by using AES encryption. OneDrive for Business and SharePoint Online also use file-level encryption to encrypt data at rest. Office 365 moves beyond a single encryption key per disk to deliver a unique encryption key so that every file stored in SharePoint Online—including OneDrive for Business folders—is encrypted with its own key. Your organization’s files are distributed across multiple Azure Storage containers, each with separate credentials, rather than storing them in a single database. Spreading encrypted files across storage locations, encrypting the map of file locations itself, and physically separating master encryption keys from both content and the file map make OneDrive for Business and SharePoint Online a highly secure environment for stored files.
  5. Data is moving to the cloud at an increased pace Employees are bringing their own devices and accessing corporate data to these devices Multiple ways of sharing the data with both internal and external individuals Need to be in touch with your tenant and what is happening with your tenant – who is logging in, where are the logging in from,
  6. Increased transparency Monitor and investigate actions taken on your data, intelligently identify risks, contain and respond to threats, and protect valuable IP. Continuous activity logging and reporting User and admin activity events are logged across SharePoint Online, OneDrive for Business, Exchange Online and Azure Active Directory. The Office 365 activity report enables you to investigate a user’s activity by searching for a user, file or other resource across SharePoint Online, OneDrive for Business, Exchange Online and Azure Active Directory. Office 365 Management Activity API The Management Activity API is a RESTful API that provides an unprecedented level of visibility into all user and admin transactions within Office 365. The Management Activity API allows organizations and other software providers to integrate Office 365 activity data into their security and compliance monitoring and reporting solution You can create an activity alert that will send you an email notification when users perform specific activities in Office 365. Activity alerts are similar to searching for events in the Office 365 audit log, except that you'll be sent an email message when an event for an activity that you've created an alert for happens. Why use activity alerts instead of searching the audit log? There might be certain kinds of activity or activity performed by specific users that you really want to know about. Instead of having to remember to search the audit log for those activities, you can use activity alerts to have Office 365 send you an email message when users perform those activities. For example, you can create an activity alert to notify you when a user deletes files in SharePoint or you can create an alert to notify you when a user permanently deletes messages from their mailbox. The email notification sent to you includes information about which activity was performed and the user who performed it.