B2 - The History of Content Security: Part 2 - Adam Levithan
Download as PPTX, PDF0 likes219 views
The document discusses the evolving landscape of content security, highlighting the frequency and financial impact of cyber incidents. It provides strategies for organizations to protect their content and manage data access, emphasizing the need for user awareness, classification, and multi-layered defenses. Additionally, it outlines Microsoft’s security features, compliance measures, and tools for monitoring and protecting organizational data.
B2 - The History of Content Security: Part 2 - Adam Levithan
- 1. History of Content Security Part II Adam Levithan 14 octobre 2017 #SPSParis
- 2. Community Member Since 2007 @collabadam Adam Levithan Senior Product Manager Secure Collaboration Copyright 2017 Exostar LLC | All Rights Reserved 3
- 3. Merci pour votre soutien
- 4. PART I
- 5. Copyright 2017 Exostar LLC | All Rights Reserved | Proprietary and Confidential 6 PART I
- 6. Copyright 2017 Exostar LLC | All Rights Reserved | Proprietary and Confidential 7 PART I I
- 7. Threat Landscape 82,000 cyber incidents impacting global organizations1 225 organizations impacted daily1 $4 million lost per breach2
- 9. Customers are sharing more than ever
- 10. MALICIOUS INSIDER ACCIDENTAL DATA EXPOSURE MALICIOUS OUTSIDER 59% 23% 14% SOURCE OF BREACH DATA – 2013-2017 – breachlevelindex.com How Do Data Leaks Happen?
- 11. Balancing end user and IT expectations
- 12. History of Security Part II Know Your Users Track EverythingProtect Your Content
- 13. History of Security Part II Know Your Users ClassifyTrack EverythingProtect Your Content IDENTIFY ACCESS ?
- 14. Life Sciences Scenario – Authentication Explosion
- 15. Life Sciences Scenario – Single Sign On
- 17. Secure your organization’s identity Require two-factor authentication Prevents stolen credentials from accessing Office 365 resources Enable on a per-person basis in the Office 365 admin center Authenticate via SMS, phone call, certificate, or hardware token Control Content Sharing Prevents accidental data leakage Enable at multiple levels, Tenant, Site Collection and Sites (coming soon) Track policies are being followed through Security & Compliance Center & Powershell
- 18. Govern your organization’s access Consider device-based conditional access Require a healthy device in addition to a trusted identity Limit functionality when an unmanaged device accesses SharePoint through the browser Health determined via domain join status or Intune compliance Force sign-out of idle sessions Prevents accidental exposure on shared devices Currently in preview, available for all customers in 2018 Evaluate the need for IP-based conditional access Simulate restricted access model of an on-premises deployment Restricts SharePoint access to specific client IP ranges that you configure
- 19. Limit risk of untrusted devices Restrict sync to trusted devices Prevent data from being stored locally on unmanaged devices Policy allows sync to only devices joined to your domain Safeguard data on mobile devices with Mobile Device Management Limit exposure of data accessed via the OneDrive and SharePoint mobile apps Disallow opening content in other apps, downloading files Encrypt app data when device is locked, prevent app data from being backed up
- 20. History of Security Part II ProtectProtect Your Content CONTENT APPLICATIONNETWORKPHYSICAL Know Your Users Track Everything
- 21. Things to Consider Known Vulnerabilities • Enable business apps • Block “bad” apps • Limit app functions • Limit file types • Block websites • Exploits • Malware Unknown Vulnerabilities • Detect Malicious websites • Bad domains • Stolen credentials • Dynamic analysis • Static analysis • Attack techniques • Anomaly detection • Analytics
- 22. Physical and logical isolation Limited datacenter access Restricted to essential personnel only Multiple factors of authentication including smart cards and biometrics On-premise security officers, motion sensors, video surveillance Intrusion detection alerts include anomalous activity by datacenter engineers Isolated network and identity Networks are isolated from the Microsoft corporate network Administered with dedicated Active Directory domains No domain trust outside of the service, no domain trust between test and production Further partitioned into isolated domains for management and security
- 23. Protected in transit Encrypted between client and service TLS 1.2 with Perfect Forward Secrecy, 2048-bit key TLS 1.0 is minimum supported protocol Connection will negotiate the most secure protocol supported by your client Only secure access is permitted SharePoint Online requires HTTPS for all authenticated connections HSTS header prevents HTTP downgrade on untrusted networks Encrypted within the service Customer content is always encrypted in transit between datacenters
- 24. Application security Security Development Lifecycle All engineers receive security training annually Code review and static analysis required for every change Microsoft Security Response Center Dedicated team for vulnerability report assessment and response Skilled engineers triage reports and evaluate mitigations Online Services Bug Bounty Incentivizes vulnerability hunting by external researchers Researchers receive credit and financial reward when they disclose responsibly
- 25. Service Encryption Application-level encryption Service uses per-file keys to protect SharePoint content Microsoft manages these keys Service automatically creates them when a file is uploaded or edited Microsoft can transparently roll them or upgrade them as needed Defense-in-depth Ensures separation between server admins, Azure admins, and customer content
- 26. Service Encryption with Customer Key Customer Keys Tenant Intermediate Key Site Encryption Key File Chunk Keys
- 27. Content security Volume encryption BitLocker encryption protects drives where content is stored Renders content unreadable if drive is removed from the server Per-file encryption Contents of each file encrypted with a unique key Large files are stored in parts with a unique key per part Encrypted contents, encryption keys, file part mapping are stored separately
- 28. DETECT PROTECT CLASSIFYMONITOR MICROSOFT’S INFORMATION PROTECTION TECHNOLOGIES WINDOWS INFORMATION PROTECTION OFFICE 365 ADVANCED SECURITY MANAGEMENT MICROSOFT CLOUD APP SECURITY MESSAGE ENCRYPTION CONDITIONAL ACCESS OFFICE APPS AZURE INFORMATION PROTECTION OFFICE 365 DLP 3rd PARTY DLP OFFICE 365 ADVANCED DATA GOVERNANCE SHAREPOINT & GROUPS
- 29. Information Protection Labeling A label is a simplified way for end-users to classify & protect their content Today, may require configuration in multiple places & add-in for Office client apps GOAL: Consistent & persistent labeling across information protection solutions COMING SOON Consistent label configuration and application COMING SOON Built-in native labeling support for Office apps – Mac and web to start; Windows, iOS & Android thereafter
- 30. Data Loss Prevention Detect sensitive information across Office 365 Choose from 80+ sensitive information types – or create your own Customize policies, exclusions and actions Block accidental sharing and educate users View and monitor reports, alerts, events NEW Custom sensitive information types NEW HIPAA sensitive information types NEW Large dictionary support
- 31. Data GovernanceLeverage intelligence to automate data retention and deletion
- 32. Advanced Data Governance NEW Consistently manage records that have retention periods associated with specific event triggers NEW Manual disposition review to defensibly delete what’s redundant, trivial or obsolete NEW Supervise employee communications to comply with security and regulatory guidelines Automate data retention by leveraging recommendations driven by machine learning Automatically classify the data most relevant for your organization or industry Policy recommendations (delete, move, encrypt, or share) based on data insights and intelligence
- 33. History of Security Part II Know Your Users ClassifyTrack EverythingProtectProtect Your Content
- 34. Copyright 2017 Exostar LLC | All Rights Reserved | Proprietary and Confidential 35 Compliance in Aerospace & Defense TechnologyNon-Technology Control Families - Access Control - Awareness and Training - Audit and Accountability - Configuration Management - Identification and Authentication - Incident Response - Maintenance - Media Protection - Physical Protection - Personnel Security - System and Communications Protection - System and Information Integrity Documents not supported by DLP Control Families - Access Control - Awareness and Training - Audit and Accountability - Incident Response - Media Protection - Personnel Security - Risk Assessment - Security Assessment - System and Information Integrity Documents Stored in Team Collaboration & supported by DLP Identity & Access Management Team Collaboration DLP Cloud
- 35. Know when policy is violated Incident report and alert emails inform you in real time when content violates policy. See the effectiveness of your policies Built-in reports help you see historical information and tune policies. Take action to correct violations Investigate violations in your organization and take remediation actions. Integrates with other systems Leverage the Activity Management API to pull information into SIEM and workflow tools. Monitor and Remediate
- 36. Meet your regulatory requirements Audit Office 365 activity Search and download audit logs from the Office 365 Security Center Configure activity alerts on specific audit event criteria Configure an eDiscovery Center Supports full lifecycle of electronic discovery across SharePoint, Exchange, and Skype Create cases, add content sources, run keyword queries, place holds Apply retention policies Retain content for a minimum period of time or delete content that exceeds a timespan Policy can be scoped to content containing specific keywords or sensitive information
- 37. Unified Auditing Pipeline Compliance Center Office 365 Activity Report PowerShell cmdlet Long-term Auditing Storage in O365 Azure AD SharePoint Online Exchange Online OneDrive for Business Office 365 Activity API Third party application Management Activity API
- 38. Leverage actionable insights Actionable insights and management control
- 39. Security and Compliance Center Powerful for experts, and easier for generalists to adopt Scenario oriented workflows with cross-cutting policies spanning features Powerful content discovery across Office 365 workloads Proactive suggestions leveraging Microsoft Security Intelligence Graph
- 40. Confidence through operational security tools to help you understand and investigate cyber-threats and take action to protect your organization from them
- 41. History of Security Part II Know Your Users ClassifyTrack EverythingProtectProtect Your Content QUESTIONS Adam Levithan [email protected] @collabadam
- 42. Thank you, for your for #SPSParis
Editor's Notes
- #9: 8
- #11: 10
- #12: 11
- #13: 12
- #22: Perimeter security Strong authentication Geo-redundancy Isolated subnets Isolated domain Domain partitioning BitLocker Per-file encryption Disaster recovery Security training Code reviews Static analysis
- #24: Microsoft Ignite 2016
- #25: Microsoft Ignite 2016
- #28: Microsoft Ignite 2016
- #29: Microsoft Ignite 2016
- #33: Microsoft Worldwide Partner Conference 2016
- #38: Microsoft Ignite 2016
- #39: 38
- #41: Microsoft Tech Summit FY17