office 365 security concerns, eu general data protection regulation (gdpr)
TRANSCRIPT
Office 365 Security ConcernsSonja Madsen
SONJA MADSEN
SONJASAPPS2015 Office App Awards Best International Developer
Microsoft Most Valuable Professional
[email protected]@sonjamadsenwww.sonjasapps.com
Office 365
SharePointOfficeSkypeAzure AD
Anywhere, Anytime
Data security, governance and compliance
Office 365 Security
Physical, Logical, Data, Customer Controlled
Physical Security• Secret location• Badges• Smart cards • Biometric scanners• Motion sensors• Security officers• Video surveillance • Two-factor authentication
Logical Security• Automated operations• Customer Lock Box
Data Security• Multi-tenant service• SSL/TLS• BitLocker
Data Loss Prevention (DLP)Mobile device management (MDM)Password and multi-factor authenticationMessage encryption and S/MIME IP filtering EU General Data Protection Regulation and Rights
Customer Controlled Security
Data Loss Prevention (DLP)• Sensitive data such as social security or
credit card numbers
• Office 365 Compliance• SAS 70 / SSAE16 Assessments• ISO 27001• HIPAA-Business Associate Agreement• FISMA/FedRAMP Authority to Operate• PCI DSS Level One
Regulatory standards
• Sensitive data in emails• Data management• Content search• Service assurance
Security & Compliance
Mobile device management (MDM)• Windows Phone 8.1• iOS 7.1 or later versions• Android 4 or later versions• Windows 8.1*• Windows 8.1 RT*
MDM
• Require a 4-digit password and block Bluetooth• Control mobile access• Wipe only corporate data
Password and multi-factor authentication
• "Hard" passwords• Expiration• A phone call, text message, or an
app notification
Message encryption and S/MIME
• Send a message with a link to a page • Authenticate with login and one-time passcode• Anti-malware/spam controls • Company-wide blacklists and whitelists
• S/MIME uses certificates to digitally sign and encrypt the email content• Sender's email client encrypts message with recipient's public key • Recipient's private key is used to validate sender's certificate
IP Filtering
RMS
• Azure RMS for rights management on OneDrive, Exchange Online and SharePoint Online• Uses encryption, identity, and authorization policies• Encryption keys used to enforce RMS policies are stored in the cloud
EU General Data Protection Regulation and Rights
• One low for all EU states• One-stop-shop• Ensure companies outside of the EU
comply with new rules• The same rules for all companies
GDPR• Right to be forgotten• Explicit consent when processing data• Easier access to one’s own data• Data protection by design and by default• Notified in case of data breach• “Services for data” at risk
Denmark
• Stricter laws• Cross-border data transfers• Data Protection Officer or DPO
How Can You Prepare• 2018• Data protection Officer• Systems and data strategy
Metalogix• ControlPoint• Sensitive Content Manager
Thank You