office 365 data security & compliancy
DESCRIPTION
Office 365 Data Security & Compliancy. Jethro Seghers MVP Office 365 MCITP SharePoint 2010 ITILv3 Certified. Jethro Seghers. Twitter: @ jseghers E-mail: [email protected] Blog: http://www.j-solutions.be/blog. Consultant. Blogger. Trainer. J-Solutions.be. - PowerPoint PPT PresentationTRANSCRIPT
Office 365Data Security & Compliancy Jethro Seghers
MVP Office 365MCITP SharePoint 2010ITILv3 Certified
@jseghers – http://www.j-solutions.be/blog
Blogger
Twitter: @jseghersE-mail: [email protected]: http://www.j-solutions.be/blog
Consultant
Jethro Seghers
Trainer
@jseghers – http://www.j-solutions.be/blog
J-Solutions.be Located in Belgium Provides IT Business Consultancy
SharePoint 2010 and Online Cloud Services – Office 365 and Windows Intune IT as a service – MOF and ITIL v3
@jseghers – http://www.j-solutions.be/blog
Agenda Office 365 Terminology Infrastructure settings Exchange Online Lync Online SharePoint Online Sources of Information
Data Security
The protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure
Data Compliance
Compliance is either a state of being in accordance with established guidelines, specifications, or legislation or the process of becoming so
BRINGING TOGETHER CLOUD VERSIONS OF OUR MOST TRUSTED COMMUNICATIONS AND COLLABORATION PRODUCTS WITH THE LATEST
VERSION OF OUR DESKTOP SUITE FOR BUSINESSES OF ALL SIZES.
Infrastructure
@jseghers – http://www.j-solutions.be/blog
Overview Microsoft Datacenters & their locations DataFlow Privacy Encryption Identity Protection Password Policies
@jseghers – http://www.j-solutions.be/blog
Microsoft Datacenters . Physical Security
Secure physical access for authorized personnel only State of the Art datacenters
Hosted Applications Security Anti SPAM Encryption Mail
Security Development Lifecycle Potential threats while running a service Exposed aspects of the service that are open to attack
@jseghers – http://www.j-solutions.be/blog
Microsoft Datacenters .. Secured Office 365 Services Infrastructure
Server Monitoring via System Center Secure Remote Access via RDS Intrusion Detection
Network-level Security Measures Customer Access via SSL Uptime 99,9 %
Identity & Access Management Access control follows the separation of duties
principle and granting least privilege.
@jseghers – http://www.j-solutions.be/blog
Where is our data stored: Example: EMEA A primary data center is where the application
software and the customer data running on the application software are hosted.
A backup data center is used for failover purposes Data center Dublin: Primary for F.O.P.E. Data center The Netherlands: SharePoint Online Dublin + The Netherlands: interchangeably
Exchange Online + Lync Online
@jseghers – http://www.j-solutions.be/blog
What is stored in the US: EMEA Customer Information Microsoft Online Portal Routing Lync Online Communications Office 365 Authentication
Additionally, Microsoft abides by the Safe Harbor Framework for transfer of data between the European Union and the United States.
@jseghers – http://www.j-solutions.be/blog
Privacy .Microsoft Online Services Customer Data
Usage Data Account andAddress Book Data
Customer Data(excluding CoreCustomer Data)
CoreCustomer Data
Operating and Troubleshooting the Service
Yes Yes Yes Yes
Security, Spam and Malware Prevention
Yes Yes Yes Yes
Improving the Purchased Service, Analytics
Yes Yes Yes No
Personalization, User Profile Promotions
No Yes No No
Communications (Tips, Advice, Surveys, Promotions)
No Yes No No
@jseghers – http://www.j-solutions.be/blog
Privacy ..Microsoft Online Services Customer Data
Usage Data Account andAddress Book Data
Customer Data(excluding CoreCustomer Data)
CoreCustomer Data
Voluntary Disclosure to Law Enforcement
No No No No
Advertising No No No No
@jseghers – http://www.j-solutions.be/blog
Encryption HTTPS Communication with
portal.microsoftonline.com HTTPS Communication between clients and
Exchange Online for all protocols PGP: Transportation and storage of Exchange
Online Messages Lync Online: Instant Messaging, IM Federation SharePoint Online: HTTPS Connection (only for
Enterprise)
@jseghers – http://www.j-solutions.be/blog
Identity Protection Identity stored in Microsoft Online Identity federation via SSO Granular Licenses Different Administrator Roles
Bronze Sky customer premises
Identity architecture: Identity options1. Microsoft Online IDs
ADMS Online
Directory Sync
Identity platform
Provisioningplatform Lync
Online
SharePoint Online
Exchange Online
FederationGateway
Active Directory Federation Server
2.0
Trust
IdP DirectoryStore
Admin Portal
Authentication platform IdP
Service connector
Microsoft Office 365 Services
2. Microsoft Online IDs + DirSync3. Federated IDs + DirSync
Identity options comparison1. MS Online IDs
Appropriate for• Smaller organizations
without AD on-premise
Pros• No servers required on-
premise
Cons• No SSO• 2 sets of credentials to
manage with differing password policies
• Users and groups mastered in the cloud
2. MS Online IDs + Dir Sync
Appropriate for• Orgs with AD on-premise
Pros• Users and groups mastered
on-premise• Enables co-existence
scenarios
Cons• No SSO• 2 sets of credentials to
manage with differing password policies
• Single server deployment
3. Federated IDs + Dir Sync
Appropriate for• Larger enterprise
organizations with AD on-premise
Pros• SSO with corporate cred• Users and groups mastered
on-premise• Password policy controlled
on-premise• Enables co-existence
scenarios
Cons• High availability server
deployments required
@jseghers – http://www.j-solutions.be/blog
Password Policy Password Restriction: 8 characters minimum and
16 characters maximum Values allowed:
A-Z a-z 0-9 ! @ # $ % ^ & * - _ + = [ ] { } | \ : ‘ , . ? / ` ~ “ < > ( ) ; No UNICODE
Cannot contain the username alias (part before @ symbol) Password expiry duration:
This is set to 90 days and is not configurable
@jseghers – http://www.j-solutions.be/blog
Password Policy Password expiry:
Can be enabled/disable via powershell at user level Password strength
Strong passwords require 3 out of 4 of the following: Lowercase characters Uppercase characters Numbers (0-9) Symbols (see password restrictions above)
Password history Last password cannot be used again
@jseghers – http://www.j-solutions.be/blog
Password Policy Account Lockout
After 10 unsuccessful logon attempts (wrong password), the user will need to solve a CAPTCHA dialog as part of logon.
Is this Independently Verified?
@jseghers – http://www.j-solutions.be/blog
MS Online Certification and Compliance Finder Certified for ISO 27001 EU Safe Harbor HIPAA-Business Associate Agreement Data Processing Agreement FISMA
Exchange Online
@jseghers – http://www.j-solutions.be/blog
Exchange Online . Archiving
100 GB for E Subscriptions – 25 GB for P Subscriptions Moderation Security/Distribution Groups Item Level Recovery
14 days Transport Rules Retention Policies – Managed Folder Assistent Deleted Mailbox Recovery
Within 30 days
@jseghers – http://www.j-solutions.be/blog
Exchange Online .. Journaling F.O.P.E. Auditing Retention Hold
Only via PowerShell Disables Retention Policies on Mailbox
Litigation Hold Only via PowerShell Logging of every change on a Mailbox
Mobile Device
DEMO
Lync Online
@jseghers – http://www.j-solutions.be/blog
Lync Online Privacy Settings External Communications User Defined Settings
Sending files via IM Make audio and video calls Record Call and conferences Federation with Lync users in other organizations Federation with Users of public IM service providers Dial-in Conferencing
DEMO
SharePoint Online
@jseghers – http://www.j-solutions.be/blog
SharePoint Online . Information Management Policy – Records Use Of Term Store & Required Fields – Content
Types Drop Off Library Audit Blocked File Types Security Versioning Recycle Bin Backup: 14 days
@jseghers – http://www.j-solutions.be/blog
SharePoint Online .. Governance defines your security and compliancy
Very hard to maintain and to make it required. Missing functionalities that are available on Premise.
DEMO
@jseghers – http://www.j-solutions.be/blog
3rd Party Tools Backup SharePoint Online:
Metavis AvePoint: DocAve Online
Compliance Tools: Axceler: Control Point AvePoint: DocAve Online
@jseghers – http://www.j-solutions.be/blog
Sources Of Information Office 365 Trust Center : http://
www.microsoft.com/en-us/office365/trust-center.aspx
Service Description Office 365 Password Policy Security White Paper Data Boundaries
Questions