Security in age of Digital

TransformationMarko Ristic

marko.ristic@softline.com

+381653306626

We convert digital

technologies into

profit of our

customers and well-

being of the citizens

BusinessWe help developing and

implementing Digital

Transformation scenarios

that increase profits and

bring new income

generating models

GovernmentIn every country we operate,

we seek to contribute in

building e-government, a

vital competitive edge in the

world scene for any nation

SocietyWe make Digital

Technologies widely

available, this facilitates

sustainable development of

the society and improves

accessibility of education,

healthcare and public

services

EmployeesTo every employee we offer

professional fulfillment,

prestigious and well-paid

job, immersion in the latest

digital technologies

We are a global IT

services provider that

helps businesses and

governments to carry

out digital

transformation

Softline Mission: We Help Businesses and Public Sector

Operate Efficiently in Digital Economy

Softline Facts and Figures

25 years

in the IT market

3000+ completed projects

Local offices in

50+countries

95+cities

+30%growth in FY2017in the group of companies

1.19 Billion $FY2017 Sales Volume

4800+team members

1000+engineers and developers

1500+account managers

Softline is a leading global Information Technology solutions and services provider focused on emerging

markets including Eastern Europe, Central Asia, Americas, South-East Asia, India

1000+sales and technical presale

professionals

Global Presence as the Strategy Component

2018FY:

operations in

50+ countries,

95+ cities

Coming Soon:Africa

Middle East

Indonesia

South Korea

Russia

Central Asia

Azerbaijan

Armenia

Belarus

Georgia

Kazakhstan

Kyrgyzstan

Moldova

Tajikistan

Turkmenistan

Turkey

Uzbekistan

Asia

Bangladesh

Cambodia

Laos

Malaysia

Mongolia

Myanmar

Philippines

Thailand

Vietnam

India

Latin America

Argentina

Bolivia

Brazil

Chile

Colombia

Costa Rica

Dominican Republic

Guatemala

Equador

Honduras

Mexico

Nicaragua

Panama

Paraguay

Peru

Salvador

Uruguay

Venezuela

USA

Eastern Europe

Bulgaria

Croatia

Hungary

Romania

Serbia

Slovenia

Top Positions in Rankings

#1 Top 3 Top 5 Listed in

Largest Russian IT

Companies in

Cybersecurity,

2017

Largest Russian

SaaS Providers

2017

Largest IT

Providers for

Retail, 2017

• Largest Russian IaaS

Providers 2017

• Largest IT Providers

for Governmental

Cutomers, 2017

• Largest IT Providers

for Banking, 2017

• Russian Largest

SaaS Providers,

2016

Largest IT Providers

for Telecom

Operators, 2017

RAEX 600 Largest

Russian Companies

2017

200 Russian Largest

Companies, 2017

Best Datacenter in CIS

countries in 2016

Softline has been awarded for

building Republican Datacenter

in Minsk, Belarus

• Largest IT

Providers for

Manufacturing,

2017

• Largest BI

solution

providers, 2017

Commnews SaaS

Services Ranking

2017

Top 10

RAEX 600

mayores

empresas rusas

de TIC 2017Russia’s Largest IT

Companies 2017

Challenges with the complex environment

Employees

Business partners

Customers

Apps

Devices

Data

Users

Data leaks

Lost device

Compromised identity

Stolen credentials

The problem is ubiquitous

Intellectual Property theft has

increased

56% rise data theft

Accidental or malicious breaches due to lack of internal controls

88% of organizations are Losing control of data

80% of employees admit to use non-approved SaaS app 91% of breaches could have been

avoided

Organizations no longer confident in their ability to detect and prevent threats

Saving files to non-approved cloud storage apps is common

IntelligentInnovativeHolistic Identity-driven

Addresses security challenges across users (identities),

devices, data, apps, and platforms―on-premises and in the

cloud

Offers one protected common identity for secure access to all

corporate resources, on-premises and in the cloud, with risk-based conditional

access

Protects your data from new and

changing cybersecurity attacks

Enhances threat and anomaly detection with the Microsoft Intelligent Security Graph driven by a

vast amount of datasets and machine learning in the cloud.

Identity anchors our approach to security

IDENTITY – DRIVEN SECURITY

Three steps to identity-driven security

IDENTITY – DRIVEN SECURITY

1. Protect at the front doorSafeguard your resources at the front door with innovative and advanced risk-based conditional accesses

2. Protect your data against user mistakesGain deep visibility into user, device, and data activity on-premises and in the cloud.

3. Detect attacks before they cause

damageUncover suspicious activity and pinpoint threats with deep visibility and ongoing behavioral analytics.

Protect at the front door

Conditions

Allow access

Or

Block access

Actions

Enforce MFA

per user/per

app

Location

Device state

User/Application

MFA

Risk

User

IDENTITY – DRIVEN SECURITY

Protect your data against user mistakes

IDENTITY – DRIVEN SECURITY

Azure Information Protection

Classify & Label

Protect

How do I control data on-premises and in the cloud

Monitor and Respond

Microsoft Intune

How do I prevent data leakage from my mobile apps?

LOB app protection

DLP for O365 mobile apps

Optional device management

Cloud App Security

Risk scoring

Shadow IT Discovery

Policies for data control

How do I gain visibility and control of my cloud apps?

Detect attacks before they cause damage

IDENTITY – DRIVEN SECURITY

Microsoft Advanced Threat Analytics (ATA)

Behavioral Analytics

Detection of known malicious attacks

Detection of known security issues

On-premises detection

Cloud App Security

Behavioral analytics

Detection in the cloud

Anomaly detection

Azure Active Directory Premium

Security reporting and monitoring (access & usage)

WHY AZURE INFORMATION PROTECTION?

Persistent protection

Safe sharing

Intuitive experience

Greater

control

Classify Data – Begin the Journey

SECRET

CONFIDENTIAL

INTERNAL

NOT RESTRICTED

IT admin sets policies, templates, and rules

PERSONAL

Classify data based on sensitivity

Start with the data that is most sensitive

IT can set automatic rules; users can complement it

Associate actions such as visual markings and protection

Scoped Policies

Policies for specific

groups/departments

Can be viewed and applied only by

the members of that group

Customization options for labels,

sub-labels, and settings like

mandatory labeling, default label,

and justifications

Automatic classification - example

Constoso Page|1 CONFIDENTIAL

DueDiligenceDocumentationDueDiligenceCategory DocumentationTask Owner Status

BusinessPlan,CorporateStructure,Financing

Businessplan Currentfive-yearbusinessplan

Priorbusinessplan

Corporateorganization

Articlesofincorporation

Bylaws

Recentchangesincorporatestructure

Parent,subsidiaries,andaffiliates

Shareholders’agreements

Minutesfromboardmeetings

Shareholders Numberofoutstandingshares

Stockoptionplan

Samplesofcommonandpreferredstockcertificates,debentures,andotheroutstandingsecurities

Warrants,options,andotherrightstoacquireequitysecurities

Currentshareholders,includingnumberofsharesowned,datesthatshareswereacquired,considerationsreceived,andcontact

information

Relevantprivateplacementmemorandaandotherofferingcirculars

Lenders Convertible,senior,orotherdebtfinancing

Banklinesofcredit,loanagreements,orguarantees

Loandefaultsorexpecteddefaults

Recentcorporatetransactions

Descriptionandrationaleforeachtransaction

Purchaseandsaleagreements

Regulations Businesslicenses

Environmentalpermits

Workers’healthandsafetypermits

Marketing,Products,Sales,Service

Marketanalysis Competitionbyproductline(includecontactdetails,marketsize,marketshare,andcompetitiveadvantagesanddisadvantages)

Industryandmarketresearch

Tradepublicationsandcontactinformation

Recommended classification - example

Reclassification and justification - example

User-driven classification - example

How Classification Works

Reclassification

You can override a classification and optionally be required to provide a justification

Automatic

Policies can be set by IT Admins for automatically applying classification and protection to data

Recommended

Based on the content you’re working on, you can be prompted with suggested classification

User set

Users can choose to apply a sensitivity label to the email or file they are working on with a single click

Manual (right-click) labeling and protection for non-Office files

Label and protect any file through the

windows shell-explorer

Select either one file, multiple files or a

folder and apply a label

Bulk classification for data at rest using PowerShell

Query for file labels and protection

attributes

Set a label and/or protection for

documents stored locally or on file

shares

Automatically discover, classify, label & protect on premises data

Azure Information Protection scanner

Configure policies to discover, classify,

label and protect on premises data

Periodically scan on premises repositories

to label and protect data

Run in discovery or enforce modes

Critical for migration scenarios and

compliance with regulations such as GDPR

Protect sensitive data in cloud apps with AIP and CAS

Role: Finance

Group: Finance

Office: London, UK

INTERNAL

Azure information

protection

Identifies document tagged

INTERNAL being shared publicly

Move to

quarantine

Restricted

to owner

USER

Uploaded to

public share

Admin notified

about problem.

CLOUD APP

SECURITY PORTAL

Apply labels based on classification

FINANCE

CONFIDENTIAL

Persistent labels that travel with the document

Labels are metadata written to documents

Labels are in clear text so that other

systems such as a DLP engine can read it

VIEW EDIT COPY PASTE

Email attachment

FILE

Protect data needing protection by:

Encrypting data

Including authentication requirement and a

definition of use rights (permissions) to the data

Providing protection that is persistent and travels

with the data

Protect data against unauthorized use

Personal apps

Corporate apps

aEZQAR]ibr{qU@M]BXNoHp9nMDAtnBfrfC;jx+Tg@XL2,Jzu()&(*7812(*:

Use rights +

Secret cola formula

WaterSugar

Brown #16

PROTECT

Usage rights and symmetric key stored in file as “license”

Each file is protected by a unique AES symmetric

License protected by customer-owned RSA

key

WaterSugar

Brown #16

UNPROTECT

How Protection Works

Use rights+

Azure RMS never sees the file content, only the license

How Protection Works

Apps protected with RMS enforce

rights

SDK

Apps use the SDKto communicate

with the RMS service/servers

File content is neversent to the RMS server/service

aEZQAR]ibr{qU@M]BXNoHp9nMDAtnBfrfC;jx+Tg@XL2,Jzu()&(*7812(*:

Use rights+

LOCAL PROCESSING ON PCS/DEVICES

Authentication & collaboration BYO Key

RMS connector

Authorization requests go to a federation service

Topology

Data protection for

organizations at different stages

of cloud adoption

Ensures security because

sensitive data is never

sent to the RMS server

Integration with on-premises

assets with minimal effort

AAD Connect

ADFS

Authentication & collaboration BYO Key

RMS connector

Authorization requests go to a federation service

Regulated EnvironmentsTopology

Data protection for

organizations at different stages

of cloud adoption

Ensures security because

sensitive data is never

sent to the RMS server

Integration with on-premises

assets with minimal effort

Hold your key on premises

(roadmap)

AAD Connect

ADFS

HYO Key

Sharing data safely with anyone

Share internally, with business partners, and customers

Bob

Jane

Internal user

*******

External user

*******

Any device/ any platform

Sue

File share

SharePoint

Email

LoB

Monitor and Respond

Monitor use, control and block abuse

Sue

Joe blocked in North America

Jane accessed from India

Bob accessed from S. America

MAP VIEW

Jane blocked in Africa

Jane Competitors

Jane access is revoked

Sue

Bob

Jane

Visibility and control in cloud environments with CAS

Cloud App Security can read labels set

by AIP giving admins visibility into

sharing of sensitive files

Cloud App Security admins can set

policies for controlling sharing of

sensitive files and also get alerted if the

policies are violated

USER

POLICIES

Status

Viewed

Viewed

Viewed

Viewed

Viewed

United States

Name

Mark Adams

Klass Pluck

Katrina Redding

David James

Nandita Sampath

Summary List Timeline Map Settings

Personal

Public

Internal

Confidential

Highly Confidential

LABEL

Monitor, analyze and assess compliancethrough rich logs and reporting

Admins create policies

for data classification,

labeling, and protecting

Based on sensitivity of data, labels

are applied by users or automatically

Control sharing outside

your organization

Gain visibility and

control over sensitive

data even as it moves

to cloud

Protect sensitive data with

encryption or visual markings

Enterprise Mobility +Security

MicrosoftIntune

Azure Information Protection

Protect your users, devices, and apps

Detect threats early with

visibility and threat analytics

Protect your data, everywhere

Extend enterprise-grade security to your cloud and SaaS apps

Manage identity with hybrid integration to protect

application access from identity attacks

MicrosoftAdvanced Threat Analytics

Microsoft Cloud App Security

Azure Active Directory Premium

A HOLISTIC SOLUTION

GO GLOBAL GO CLOUD GO INNOVATIVE