“ “ accidental email with attachment exposed hundreds of individuals’ names and social...
TRANSCRIPT
Data Loss Prevention (DLP) in Microsoft Office 365Asaf KashiGroup Program ManagerMicrosoft
OFC-B319
Large Retailer Leaks
Payment Information
via Email…“ “
Accidental email with attachment exposed hundreds of individuals’ names and Social Security Numbers…“ “
Data Loss Prevention in Microsoft Office Helps to
• identify• monitor• protect sensitive data through deep content analysis
Identify
Protect
Monitor
End user education
Demo
Outlook Policy Tips (or an IW’s view of Microsoft DLP)
Policy distribution
Contextual policy education
DLP policy configuration
Backend policy evaluation
Audit & incident data generation
Admin
Information workers
DLP system walkthrough
Integrated into Exchange Transport Rule (ETR) engine• Runs in categorizer during
OnResolvedMessage
• Integrated as a new ETR predicate
• Performs text extraction for body & attachments followed by classification
• Can be combined with any existing predicates & actions
SMTP receive
Categorizer
Queue management
Message delivery
Store driver
Text extraction
Transport rule agent
Classification
DLP content detection flow in Exchange
Content Processing Component
DLP content detection flow in SharePoint
Classification
Operator
Document
summary
PropertyMappin
g
Document
Parser
Custom Entity
Extraction
Word breaking
Ifilter sandbox
Language
Detection
Deleteitem
Crawler
Index
Delete Links
Insert new or updateditem
Runs in Content Processing Pipeline as an operatorInvoked for search crawler as new content discovered and changedClassification results and counts stored in the content index
Excel Format Handler
DLP Policy Enforcement
Flexible tools for policy enforcement that provide the right level of control
• Transport Rules• Rights Management• Data Loss Prevention
ALERT
CLASSIFY
ENCRYPT
APPEND OVERRIDE
REVIEW
REDIRECT
BLOCK
DLP policy templatesBuilt-in templates based on common regulations
Import DLP policy templates from partners
Build your own
Demo
DLP policy management
Sensitive content detectionPredefined rules targeted at sensitive data types
Advanced content detection
Combination of regular expressions, dictionaries, and internal functions (e.g. validate checksum on credit card numbers)
Extensibility for customer and ISV defined data types
Built-in DLP Content AreasCountry
PII Financial Health
US US State Security Breach Laws,US State Social Security Laws, COPPA
GLBA & PCI-DSS (Credit, Debit Card, Checking andSavings, ABA, Swift Code)
Limited Investment: US HIPPA, UK Health Service,Canada Health Insurance card
Rely on Partners and ISVs
GermanyEU data protection,Drivers License, Passport National Id
EU Credit, Debit Card,IBAN, VAT, BIC,Swift Code
UKData Protection Act,UK National Insurance, Tax Id, UK Driver License, Passport
EU Credit, Debit Card,IBAN, BIC, VAT,Swift Code
Canada PIPED Act,Social Insurance, Drivers License
Credit Card, Swift Code
France
EU data protection, Data Protection Act,National Id (INSEE),Drivers License, Passport
EU Credit, Debit Card,IBAN, BIC, VAT,Swift Code
JapanPIPA, Resident Registration, Social Insurance, Passport, Driving License
Credit Card,Bank Account,Swift Code
Australia Drivers License, Passport, Social Insurance Credit Card, Bank Account, Swift Code
Examples:Joseph F. FosterVisa: 4485 3647 3952 7352Expires: 2/2015
Get Content
4485 3647 3952 7352 a 16 digit number is detected
RegEx Analysis
1. 4485 3647 3952 7352 matches checksum2. 1234 1234 1234 1234 does NOT match
Function Analysis
1. Keyword Visa is near the number2. A regular expression for date (2/2015)
is near the number
Additional Evidence
1. There is a regular expression that matches a check sum
2. Additional evidence increases confidenceVerdict
Content analysis process
DLP Document FingerprintingAdvanced deep content analysis enabling new scenarios!
A tax firm needs to detect and encrypt standard tax forms, like the 1040 EZ, W2, etc.
Company Confidential documents like Patents detected based on their template
A Law firm can fingerprint legal forms, and have them detected automatically for policy application
Integrates with the existing DLP infrastructure as a custom sensitive information type
Surfaced in Exchange, Outlook and OWA
Fabrikam Patent Form Tracking Number Author Date Invention Title Names of all authors...
Get Template Content
1. Condensed representation of the template content
2. Document is not stored3. Stored as a sensitive information
type
Create Fingerprint
Fabrikam Patent Form Tracking Number 12345 Author Alex Date 1/28/2014 Invention Title Fabrikam Green Energy...
Get Email Content
1. Temporary in memory representation2. Used for comparson with source
fingerprint created at config time
Create Fingerprint
1. Compare the two fingerprints2. Evaluate a ’containtment coefficient’
to declare template contained in email content
Verdict
CO
NFI
GU
RATIO
NR
UN
TIM
EDocument Fingerprinting
CLASSIFICATION RULE with
FINGERPRINT
FINGERPRINTGENERATION
Evaluation
+ verdict
Demo
Document Fingerprinting
DLP in SharePoint Online
Search for sensitive data
Built-in classifications
Identification and export
Extends to data in OneDrive
Demo
DLP in SharePoint Online
User educationEmpower users to manage their compliance
Contextual policy education
Doesn’t disrupt user workflow
Can work even when disconnected
Admin customizable text and actions
Outlook
OWA
Policy Tips in OWA for devices
Demo
Tying it all together(Policy Tips and Document Fingerprints)
DLP reporting and auditingComprehensive view of DLP policy application
Drill into specific departures from policy to gain business insights
Export to excel workbook & email incident reports
Real Time Notifications
Audit dataClassificationRule detailsMatch details
DLP extensibility pointsCustom DLP content
Supplemental DLP policy rulesSupplemental DLP classification rules
Incident reports integration with custom workflows
Custom reporting solutions
Remote PowerShell management
NEW in SP1 – EXCHANGE and OUTLOOK 2013
DLP Feature Set in Office 365
Deep content analysis engine
46 OOB sensitive information types
40 OOB DLP Templates
Support for 3rd party defined DLP policy templates
Policy Tips in OWA and Mobile OWA
Advanced Document Fingerprinting in Exchange, Outlook, and OWA
5 new OOB sensitive information types
Policy Tips in Outlook 2013
Contextual user education and empowerment
Incident management Rich reporting
EXCHANGE and OUTLOOK 2013
DLP in SharePoint coming soon
ResourcesExchange 2013 DLP introductionhttp://blogs.technet.com/b/exchange/archive/2012/09/28/introducing-data-loss-prevention-in-the-new-exchange.aspxhttp://technet.microsoft.com/en-us/library/jj150527.aspx
DLP policy templateshttp://technet.microsoft.com/en-us/library/jj657730
Managing DLP policieshttp://technet.microsoft.com/en-us/library/jj673559
OOB DLP policy templateshttp://technet.microsoft.com/en-us/library/jj150530
Policy tips in Exchange 2013http://technet.microsoft.com/en-us/library/jj150512
Supported file types http://technet.microsoft.com/en-us/library/jj674307
MessageStats Quick Guide http://mbidemo.quest.com/Insights/#page/home
Q&A
Resources
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
msdn
Resources for Developers
http://microsoft.com/msdn
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Sessions on Demand
http://channel9.msdn.com/Events/TechEd
Complete an evaluation and enter to win!
Evaluate this session
Scan this QR code to evaluate this session.
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.