office 365 security concerns, eu general data protection regulation (gdpr)

25
Office 365 Security Concerns Sonja Madsen

Upload: sonja-madsen

Post on 08-Apr-2017

1.247 views

Category:

Internet


1 download

TRANSCRIPT

Page 1: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

Office 365 Security ConcernsSonja Madsen

Page 2: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

SONJA MADSEN

SONJASAPPS2015 Office App Awards Best International Developer

Microsoft Most Valuable Professional

[email protected]@sonjamadsenwww.sonjasapps.com

Page 3: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

Office 365

SharePointOfficeSkypeAzure AD

Page 4: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

Anywhere, Anytime

Page 5: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

Data security, governance and compliance

Page 6: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

Office 365 Security

Physical, Logical, Data, Customer Controlled

Page 7: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

Physical Security• Secret location• Badges• Smart cards • Biometric scanners• Motion sensors• Security officers• Video surveillance • Two-factor authentication

Page 8: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

Logical Security• Automated operations• Customer Lock Box

Page 9: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

Data Security• Multi-tenant service• SSL/TLS• BitLocker

Page 10: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

Data Loss Prevention (DLP)Mobile device management (MDM)Password and multi-factor authenticationMessage encryption and S/MIME IP filtering EU General Data Protection Regulation and Rights

Customer Controlled Security

Page 11: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

Data Loss Prevention (DLP)• Sensitive data such as social security or

credit card numbers

Page 12: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

• Office 365 Compliance• SAS 70 / SSAE16 Assessments• ISO 27001• HIPAA-Business Associate Agreement• FISMA/FedRAMP Authority to Operate• PCI DSS Level One

Regulatory standards

Page 13: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

• Sensitive data in emails• Data management• Content search• Service assurance

Security & Compliance

Page 14: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

Mobile device management (MDM)• Windows Phone 8.1• iOS 7.1 or later versions• Android 4 or later versions• Windows 8.1*• Windows 8.1 RT*

Page 15: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

MDM

• Require a 4-digit password and block Bluetooth• Control mobile access• Wipe only corporate data

Page 16: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

Password and multi-factor authentication

• "Hard" passwords• Expiration• A phone call, text message, or an

app notification

Page 17: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

Message encryption and S/MIME

• Send a message with a link to a page • Authenticate with login and one-time passcode• Anti-malware/spam controls • Company-wide blacklists and whitelists

• S/MIME uses certificates to digitally sign and encrypt the email content• Sender's email client encrypts message with recipient's public key • Recipient's private key is used to validate sender's certificate

Page 18: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

IP Filtering

Page 19: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

RMS

• Azure RMS for rights management on OneDrive, Exchange Online and SharePoint Online• Uses encryption, identity, and authorization policies• Encryption keys used to enforce RMS policies are stored in the cloud

Page 20: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

EU General Data Protection Regulation and Rights

• One low for all EU states• One-stop-shop• Ensure companies outside of the EU

comply with new rules• The same rules for all companies

Page 21: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

GDPR• Right to be forgotten• Explicit consent when processing data• Easier access to one’s own data• Data protection by design and by default• Notified in case of data breach• “Services for data” at risk

Page 22: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

Denmark

• Stricter laws• Cross-border data transfers• Data Protection Officer or DPO

Page 23: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

How Can You Prepare• 2018• Data protection Officer• Systems and data strategy

Page 24: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

Metalogix• ControlPoint• Sensitive Content Manager

Page 25: Office 365 security concerns, EU General Data Protection Regulation (GDPR)

Thank You