Protect your data in / with the Cloud
1 like•659 views
This document discusses information rights management and protecting data in the cloud. It introduces Microsoft's Enterprise Mobility + Security solution, which provides identity-driven security, comprehensive security solutions, and managed mobile productivity. Key capabilities include Azure Active Directory for identity management, Azure Information Protection for data protection across apps and devices, and Microsoft Cloud App Security. The document also discusses challenges of protecting data and identities in complex environments and how these solutions can help.
Protect your data in / with the Cloud
- 1. Informations Rights Management ANK Business Services GmbH Michael Kirst-Neshva Microsoft MVP Office 365 GWAVACon EMEA 2016 Daten in der / mit der Cloud schützen
- 2. 2016 Michael Kirst-Neshva ANK Business Services GmbH Senior IT-Infrastructure Architect Microsoft MVP Office 365 Communities: Office365 CommunityDeutschland (Lead) UserGroup Office365 Deutschland(Lead) Azure CommunityDeutschland(Mitglied) Verband „Voice ofInformation“ (Mitglied) http://www.voi.de Competence Center „SharePoint MajorLeague“ http://www.mlsharepoint.de http://www.ankbs.de E-Mail:[email protected] E-Mail:[email protected] Twitter: @ankbs Blog | http://blog.ugoffice365.ms
- 3. Is it possible to keep up? Employees Business partners Customers Is it possible to stay secure? Apps Devices Data Users Data leaks Lost device Compromised identity Stolen credentials
- 4. Is it possible to keep up? Employees Business partners Customers The Microsoft vision Secure and protect against new threats Maximum productivity experience Integrate with what you have Apps Devices Data Users
- 5. User freedomSecure against new threats Do more with less Customers need Identity – driven security Productivity without compromise Comprehensive solutions Microsoft solution ENTERPRISE MOBILITY + SECURITY Identity-driven security Comprehensive solution Managed mobile productivity
- 7. Identity as the core of enterprise mobility Single sign-onSelf-service Simple connection On-premises Other directories Windows Server Active Directory SaaSAzure Public cloud CloudMicrosoft Azure Active Directory
- 8. 1000s of apps, 1 identity Provide one persona to the workforce for SSO to 1000s of cloud and on-premises apps Manage access at scale Manage identities and access at scale in the cloud and on-premises Cloud-powered protection Ensure user and admin accountability with better security and governance Enable business without borders Stay productive with universal access to every app and collaboration capability Azure Active Directory. Identity at the core of your business
- 9. Secure remote access to on- premises apps Single sign -on to mobile apps Support for lift-and- shift of traditional apps to the cloud Provide one persona to the modern workforce for SSO to 1000s of cloud and on- premises applications Single sign-on to SaaS apps 1000s of apps, 1 identity "Azure AD Premium makes life simpler for the business and for employees. It gives them access to enterprise applications from any device with a single sign-on that is secure and reliable. That is fundamental in increasing the adoption of cloud technology. Bristow is also using Application Proxy, and Azure AD Connect” - Kapil Mehta Productivity & Directory Services Manager, Bristow Group Inc.
- 10. Conditions Allow access or Block access Actions Enforce MFA per user/per app User, App sensitivity Device state LocationUser NOTIFICATIONS, ANALYSIS, REMEDIATION, RISK-BASED POLICIES CLOUD APP DISCOVERY PRIVILEGED IDENTITY MANAGEMENT MFA IDENTITY PROTECTION Risk CLOUD-POWERED PROTECTION
- 11. CLOUD-POWERED PROTECTION Identity Protection at its best Risk severity calculation Remediation recommendations Risk-based conditional access automatically protects against suspicious logins and compromised credentials Gain insights from a consolidated view of machine learning based threat detection Leaked credentials Infected devices Configuration vulnerabilities Risk- based policiesMFA Challenge Risky Logins Block attacks Change bad credentials Machine-Learning Engine Brute force attacks Suspicious sign- in activities
- 12. Collaboration in a borderless world Users want collaboration and productivity, you want protection and control Data Apps DevicesUsers Access everything from everywhere Share and store data across boundaries Protect sensitive data Employees Business partners Customers
- 13. Intune Azure Information Protection Protect your users, devices, and apps Detect problems early with visibility and threat analytics Protect your data, everywhere Extend enterprise-grade security to your cloud and SaaS apps Manage identity with hybrid integration to protect application access from identity attacks Advanced Threat Analytics Cloud App Security Azure Active Directory Identity Protection
- 14. Azure Information Protection Protect your data, everywhere
- 15. Challenges with the complex environment Employees Business partners Customers Apps Devices Data Users Data leaks Lost device Compromised identity Stolen credentials
- 16. The problem is ubiquitous Intellectual Property theft has increased 56% rise data theft Accidental or malicious breaches due to lack of internal controls 88% of organizations are Losing control of data 80% of employees admit to use non-approved SaaS app 91% of breaches could have been avoided Organizations no longer confident in their ability to detect and prevent threats Saving files to non-approved cloud storage apps is common Sources:
- 17. 2016 Unregulated, unknown Managed mobile environment How much control do you have? On-premises Perimeter protection Identity, device management protection Hybrid data = new normal It is harder to protect
- 19. Azure Information Protection The evolution of Azure RMS DOCUMENT TRACKING DOCUMENT REVOCATION Monitor & respond LABELINGCLASSIFICATION Classification & labeling ENCRYPTION Protect ACCESS CONTROL POLICY ENFORCEMENT Full Data Lifecycle
- 20. Our solution: Data Lifecycle Classification and Protection At data creation Manual and automatic - as much as possible Persistent labels Industry standard that enables a wide ecosystem User awareness through visual labels Encryption with RMS DLP & compliance actions Audit trails to track data Orchestrate
- 21. SECRET CONFIDENTIAL INTERNAL NOT RESTRICTED IT admin sets policies, templates, and rules PERSONAL Classify data based on sensitivity Start with the data that is most sensitive IT can set automatic rules; users can complement it Associate actions such as visual markings and protection
- 22. Due Diligence Documentation Due Diligence Category Documentation Task Owner Status Business Plan, Corporate Structure, Financing Business plan Current five-year business plan Prior business plan Corporate organization Articles of incorporation Bylaws Recent changes in corporate structure Parent, subsidiaries, and affiliates Shareholders’ agreements Minutes from board meetings
- 26. Reclassification You can override a classification and optionally be required to provide a justification Automatic Policies can be set by IT Admins for automatically applying classification and protection to data Recommended Based on the content you’re working on, you can be prompted with suggested classification User set Users can choose to apply a sensitivity label to the email or file they are working on with a single click
- 27. FINANCE CONFIDENTIAL Persistent labels that travel with the document Labels are metadata written to documents Labels are in clear text so that other systems such as a DLP engine can read it
- 28. VIEW EDIT COPY PASTE Email attachment FILE Protect data needing protection by: Encrypting data Including authentication requirement and a definition of use rights (permissions) to the data Providing protection that is persistent and travels with the data Personal apps Corporate apps
- 29. Share internally, with business partners, and customers Bob Jane Internal user ******* External user ******* Any device/ any platform Roadmap Sue File share SharePoint Email LoB
- 30. Information protection Identity-driven security Managed mobile productivity Identity and access management Azure Information Protection Premium P2 (includes P1 features) Azure Information Protection Premium P1 Microsoft Cloud App Security Microsoft Advanced Threat Analytics Microsoft Intune Azure Active Directory Premium P2 (includes P1 features) Azure Active Directory Premium P1 E3 E5
- 31. Azure Information Protection Premium P1/P2 Feature Azure Information Protection Premium P1 (EMS E3) Azure Information Protection Premium P2 (EMS E5) View labels and watermarks in Office Yes Yes Manual labeling (user driven) Yes Yes Apply content marking and RMS protection in Office Yes Yes Automatic and recommended labeling Yes Classification, labeling and protection with MCAS Yes HYOK (Hold you own key – multi RMS server support) Yes
- 32. Apps and Data SaaS Microsoft protecting you Malware Protection Center Cyber Hunting Teams Security Response Center DeviceInfrastructure CERTs PaaS IaaS Identity INTELLIGENT SECURITY GRAPH Cyber Defense Operations Center Digital Crimes Unit Antivirus NetworkIndustry Partners
- 33. SECURE MODERN ENTERPRISE Identity Apps and Data Infrastructure Devices Identity Embraces identity as primary security perimeter and protects identity systems, admins, and credentials as top priorities Apps and Data Aligns security investments with business priorities including identifying and securing communications, data, and applications Infrastructure Operates on modern platform and uses cloud intelligence to detect and remediate both vulnerabilities and attacks Devices Accesses assets from trusted devices with hardware security assurances, great user experience, and advanced threat detectionSecure Platform (secure by design)
- 34. Identity Pillar Phase 2: Identity Embraces identity as primary security perimeter and protects identity systems, admins, and credentials as top priorities
- 35. Identity Pillar Phase 2: Identity Embraces identity as primary security perimeter and protects identity systems, admins, and credentials as top priorities Azure Active Directory (AAD) Cloud App Security (CAS) Windows 10 Windows Hello Cybersecurity Architect Windows 10 Credential Guard Microsoft Passport Managed ATA Windows Server 2016 Shielded VMs Code Integrity Advanced Threat Analytics (ATA) • Enhanced Security Administrative Environment (ESAE) • Active Directory Service Hardening (ADSH) • Windows Server 2016 Deployment Windows 10 Deployment Managed ATA
- 36. Apps and Data Pillar Phase 2: Apps and Data Aligns security investments to business priorities and applies both security fundamentals and modern protections
- 37. Apps and Data Capability Mapping Phase 2: Apps and Data Aligns security investments to business priorities and applies both security fundamentals and modern protections Cloud App Security (CAS) Cybersecurity Architect • Windows 10 Deployment Cybersecurity Architect • Rights Management Services • Azure RMS • Office 365 Integration • Office 365 • Data Leakage Protection (DLP) • Exchange Online Advanced Threat Protection • Conditional Access • Intune • Azure Active Directory • Windows 10 • Enterprise Data Protection • Cloud App Security (CAS) • Conditional Access
- 38. 2016 Michael Kirst-Neshva [email protected] Thank You! Kommen Sie an unseren Stand und wir beraten Sie gerne über die weiteren Schritte