security and compliance: a whole new world with sharepoint ... · advanced security management…...
TRANSCRIPT
Security and Compliance: A Whole New World with SharePoint and Office 365
Presented By: Richard Harbridge (@RHarbridge)
#ILTASPS
RICHARDHARBRIDGE
My twitter handle is @RHarbridge, blog is on http://2toLead.com, and I work at
CTO & MVP | SPEAKER & AUTHOR | SUPER FRIENDLY
Great, we know who you are, but what do you do on a daily basis?
MAXIMIZE SECURITY INVESTMENTS…
Typically the work centers around…
RICHARDHARBRIDGE
My twitter handle is @RHarbridge, blog is on http://2toLead.com, and I work at
CTO & MVP | SPEAKER & AUTHOR | SUPER FRIENDLY
What are the big trends in security, compliance and transparency?
TOP THREE CLOUD CONCERNS…
Security73% of orgs indicated security as a top challenge holding back SaaS adoption
Compliance89% of orgs required to govern content for compliance or business continuity purposes
Transparency63% of orgs state transparency challenges restrict them from growing their cloud usage
Let’s Talk About User Control…
WHAT WE WILL TALK ABOUT TODAY…
Let’s Talk About Security Services…Let’s Talk About Compliance Services…
MANAGING ACCESS & CONTROL…
While core documents are managed and controlled many other places like team or departmental collaboration suffer from permission challenges.
MANAGING ACCESS & CONTROL…
Throughout the Office 365 experience for SharePoint or OneDrive contentaccess control is readily available and easy to understand as an end user.
MANAGING ACCESS & CONTROL…
We use dynamic groups with membership defined as a rule, rather than as a static list of members. We expire groups (if need not attested).
Expiring GroupsAdmins set a duration after creation when group owners need to attest the continuing need for their group. Else it’s deleted.
One IdentityAzure Active Directory (AAD) is the master for group identity and membership across Office 365 (Exchange, SharePoint, Yammer, Teams, Planner, Power BI, etc.)
MANAGING ACCESS & CONTROL…
Make it easy to manage access and ensure the wrong kind of sharing doesn’t take place – whether internal or external.
Better site management at a service level makes this easier to target and notify owners based on site activity, classifications, sharing status or more.
MANAGING ACCESS & CONTROL…
Let’s Talk About User Control…
WHAT WE WILL TALK ABOUT TODAY…
Let’s Talk About Security Services…Let’s Talk About Compliance Services…
Let’s Talk About User Control…
WHAT WE WILL TALK ABOUT TODAY…
Let’s Talk About Security Services…Let’s Talk About Compliance Services…
You need both defense in breadth and depth to mitigates product vulnerabilities,user education mitigates human vulnerabilities and continuous monitoring shortens attack times (because at some point, you will be attacked).
BEST WAY TO PROTECT YOUR DATA?
Breadth
Depth
User Education
Systematic Security
Microsoft’s security platform is quite a bit more than just Office 365, and the modern security platform has considerably more capability today.
THE BIGGER PICTURE…
SECURE SCORE…
One place to understand your security position and what features you have enabled. Targeted guidance to increase your security level.
Broad visibility into attack trends
Billions of data points from Office, Windows, and Azure
Integrated data from external cyber threat hunters
Proactive security policy management
Intuitive dashboards with drill-down capabilities
THREAT INTELLIGENCE…
Microsoft Advanced Threat Analytics brings the behavioral analytics concept to IT and the organization’s users.
THREAT INTELLIGENCE…Abnormal resource access Account enumerationNet Session enumerationDNS enumerationDirectory Services enumeration (ATA 1.7)
Abnormal working hoursBrute force using NTLM, Kerberos or LDAPSensitive accounts exposed in plain text authenticationService accounts exposed in plain text authenticationHoney Token account suspicious activitiesUnusual protocol implementationMalicious Data Protection Private Information (DPAPI) Request
Abnormal authenticationAbnormal resource accessPass-the-TicketPass-the-HashOverpass-the-Hash
MS14-068 exploit (Forged PAC)MS11-013 exploit (Silver PAC)
Skeleton key malwareGolden ticketRemote executionMalicious replication requests
Reconnaissance
CompromisedCredential
LateralMovement
PrivilegeEscalation
DomainDominance
ADVANCED THREAT PROTECTION…
This is integrated across apps and services (across Exchange Online, SharePoint Online, OneDrive for Business, Office Apps, etc.)
Time-of-click protection against malicious URLsURL reputation checks along with detonation of attachments at destination URLs.
Zero-day protection against malicious attachmentsAttachments with unknown virus signatures are assessed using behavioral analysis.
Critical insights into external threatsRich reporting and tracking features provide critical insights into the targets and categories of attacks.
Intelligence sharing with devicesIntegration with Windows Advanced Threat Protection to correlate data across users and devices.
Dynamic delivery for Safe Attachments URL Detonation (not just links but even files that have links).
ADVANCED THREAT PROTECTION…
This is integrated across apps and services (across Exchange Online, SharePoint Online, OneDrive for Business, Office Apps, etc.)
SENSITIVE CONTENT ENCRYPTION…
O365 instead of RMS allows us to secure and transfer it but put responsibility on receiving party via secure portal to view, reply (or take).
Secure email that works across organizations and with anyone you wish to reach
Remove the complexity of getting started
Simplify manual or automatic protection
Ensure that all recipients can read and respond/
ENHANCED SHARING CONTROLS…
Tenant level, site collection, group, and more control levels. Continuing toimprove in terms of capabilities, controls and experiences.
Multi-geo support where you can control data residency (store in that geo) & control settings (distinct settings on sharing etc.)
WHAT CAN I DO IN THE ADMIN?
ADVANCED SECURITY MANAGEMENT…
Advanced security management is a great way to be more pro-activewith your policy enforcement and evaluating risks.
Threat detectionIdentify high-risk and abnormal usage, security incidents, and threats.
Enhanced controlShape your Office 365 environment with granular security controls and policies.
Discovery and insightsGain enhanced visibility and context into your Office 365 usage and shadow IT.
ADVANCED SECURITY MANAGEMENT…
Alerts can be extremely powerful in detecting certain patterns to acceleratepro-active and improved security posture.
PRODUCTIVITY APP DISCOVERY…
Analyze which cloud apps are being used in your organization by importing your traffic logs from firewalls/proxies.
Device access = conditional access (by IP, by manage or unmanaged) by blocking, allow read-only capabilities or even specific time out settings.
CONDITIONAL ACCESS…
POWER BI…
It’s not just about enabling the sharing of reports and dashboards.
Policy ControlsI want to…
I should use…
Control who uses Power BI Office 365 Portal to assign licenses
Prevent access off corp. network AAD Conditional Access
View/control usage PBI features Power BI Admin Portal
Control usage of mobile features Intune MAM
Audit Power BI activity Power BI auditing in Office 365 Portal
Let’s Talk About User Control…
WHAT WE WILL TALK ABOUT TODAY…
Let’s Talk About Security Services…Let’s Talk About Compliance Services…
Let’s Talk About User Control…
WHAT WE WILL TALK ABOUT TODAY…
Let’s Talk About Security Services…Let’s Talk About Compliance Services…
50%year over year growth rate in electronic data
45%of orgs state lack of governance opens them to security & compliance risks
41%of orgs state enforcing a governance policy is
their biggest issue
DATA IS GROWING…
Achieving organizational compliance is challenging.
Preserve vital data
Organization needs
Find relevant data Monitor activity
Data GovernanceImport, store, preserve and expire data
eDiscoveryQuickly identify the most relevant data
AuditingMonitor and investigate actions taken on data
Security & Compliance CenterManage compliance for all your data across Office 365
IN-PLACE COMPLIANCE…
Microsoft is evolving beyond the core preservation and monitoring.
In-Place Office 365 Data Governance Benefits of In-Place Office over Journaling
Location, query or policy based Apply preservation to mailbox or SharePoint site, apply a query to hold less content, or use preservation policies
Higher fidelity and lower costsContent stays in Exchange and SharePoint, which results in lower storage costs, and higher fidelity data
No impact to usersSeamlessly create, edit, and delete without knowing data is being preserved
Reduce riskData is not duplicated to another provider or compliance boundary. Record all actions taken on the data
InsightsInsights to enable you to keep what’s important, delete what’s not, and to share according to policy
IN-PLACE DATA LIFE-CYCLE…
Microsoft is prioritizing in-place models and offers many capabilities that fitwith this model. Going beyond legal hold into preservation policy etc.
41
COMPLIANCE LIFE-CYCLE…
You can bring in data today into Office 365 for preservation and to applycompliance. Once it’s in all the in-place capabilities are applicable.
42
DATA LOSS PREVENTION…
Protect sensitive information taking into account content, users and the dynamic operating environment. Detailed story for how this can be used.
Sophisticated, built-in content protection across Office 365
Insights and automatic safeguards
End user empowerment to maintain productivity and enforcement
Unified policy definition Unified reporting
DATA LOSS PREVENTION…
DLP can be applied to more targeted and a wider variety of sources. The reporting is also improved and unified.
Leverage intelligence to automate data retention
Classify data based on age, type, user, or sensitivity
Policy recommendations based on machine learning
Apply actions to preserve high value data
Purge redundant, obsolete, and trivial data
ADVANCED DATA GOVERNANCE…
Helping customers understand how to better improve their data governance and giving the tools you need to do it.
ADVANCED DATA GOVERNANCE…
Quickly get insights on the dashboard into your data.
ADVANCED DATA GOVERNANCE…
When importing get intelligence that helps you improve your datagovernance.
ADVANCED DATA GOVERNANCE…
When importing get intelligence that helps you improve your data governance. Filter and see the impact of your filtering.
ADVANCED DATA GOVERNANCE…
When importing get intelligence that helps you improve your data governance. Filter and see the impact of your filtering.
ADVANCED DATA GOVERNANCE…
Preserving and retaining content can be user driven, match a query, or bebased on advanced rules.
AUDIT LOG…
It’s not just that everything is audited. It’s that we can have alerts, thatwe can extend this with the API, and that this can be helpful.
AUDIT LOG…
Be sure to use the API to store this data if you want to use it at a later time.
Exchange OnlineAdmin activity, end-user (mailbox) activity
Security and Compliance CenterAdmin activity
Azure Active DirectoryOffice 365 logins, directory activity
Power BIAdmin activity
SharePoint Online and OneDrive for BusinessFile activity, sharing activity
EDISCOVERY…
Enabling in-place, intelligent eDiscovery, to quickly identify relevant data while decreasing cost and risk. You can use to find sensitive data too!
Identify relevant documentsPredictive coding enables you to train the system to automatically distinguish between likely relevant and non-relevant documents.
Identify data relationshipsUse clustering technology to look at documents in context and identify relationships between them.
Organize and reduce the data prior to reviewUse near duplicate detection to organize the data and reconstruct email threads from unstructured data to reduce what’s sent to review.
EDISCOVERY…
Still an area that is continuing to improve.
Last year Feature Pack 1 was released. It improved experiences and hybrid capabilities. It also includes a hybrid auditing capability that is unified w/ O365. Feature pack 2 coming later this fall is all about a better development pattern across on-premises and O365.
WHAT ABOUT SHAREPOINT 2016?
CUSTOMER LOCKBOX…
Can help customers meet compliance obligations by demonstrating that they have procedures in place for explicit data access authorization.
Extended access Control Use Customer Lockbox to control access to customer content for service operations
Visibility into actions Actions taken by Microsoft engineers in response to Customer Lockbox requests are logged and accessible via the Management Activity API and the Security and Compliance Center
Microsoft Engineer Microsoft Manager
MicrosoftApproved
CustomerMicrosoft EngineerLockbox systemCustomer
Submits request
100101011010100011
CustomerApproved
“Only time we touch data is when you call with a support incident. Not something everyone needs. Example in a recent month there was ~9 requests (5 were MSFT IT, 4 were customers out of millions and millions of customers).”
ENCRYPTION KEYS…
BYOK is for service exit! Remember: Contractual terms have clear obligations with fraud, negligence and breach of contract liabilities.
ENCRYPTION KEYS…
BYOK is for service exit! Remember: Contractual terms have clear obligations with fraud, negligence and breach of contract liabilities.
The Trust Center is still a great resource, but now in your security and compliance center you have all the reports, trust documents, controls and more available for inspection (you can even share access).
SERVICE TRUST & TRUST CENTER…
Rich information on how Microsoft implements security, privacy and compliance controlsincluding details of testing by independent third-party auditors
Third-party audit reports including: SOC 1 / SSAE 16, SOC 2 / AT 101, ISO 27001, ISO 27018 and many more
Deep insights into how we implement encryption, incident management, tenant isolation and data resiliency
Information on how you can leverage Microsoft cloud security controls and configurations to protect your data
Let’s Talk About User Control…
WHAT WE WILL TALK ABOUT TODAY…
Let’s Talk About Security Services…Let’s Talk About Compliance Services…
There are a few high level recommendations that I wanted to leave you with.
• Configure Secure Score:• Weekly performance of activities to increase secure score is highly recommended.• Multi-factor authentication for global/non-global admins is a must!• Recommended weekly report checks also a must.• Increase the target score slider to include a few more defense in breadth activities.
• DKIM/DMARC/SPF• Ensure that all three are enabled for the default domain not the onMicrosoft.com domain.• Also, check Spoof mail report weekly (requires E5 or Advanced Threat Protection SKU)
• Exchange Online• Weekly checks on all mailboxes with last login date (PowerShell script).• Enable common attachments type filter & notifications for protection > malware• Verify list of allowed/blocked Ips under protection > connection filter.• Verify block/allow list in spam filter policy.
• Threat Management (Requires E5)• Check the dashboard and individual reports weekly.
• Data Loss Prevention• At minimum, set up a DLP policy for mitigating access to documents that have Personally Identifiable Information (PII).
• SharePoint Online• Always use Groups and where possible use dynamic memberships!• If on premises – consider SharePointURLBrute or SharePoint UserDispEnum
DEFAULT CONFIGURATION IS NOT ENOUGH…
Information protection
Identity-driven security
Managed mobile productivity
Identity and access management
Azure Information Protection Premium P2
Intelligent classification and protection for files and emails shared inside and outside your organization(includes all capabilities in P1)
Azure Information Protection Premium P1
Manual classification and protection for files and emails shared inside and outside your organization
Cloud-based file tracking
Microsoft Cloud App Security
Enterprise-grade visibility, control, and protection for your cloud applications
Microsoft Advanced Threat Analytics
Protection from advanced targeted attacks leveraging user and entity behavioral analytics
Microsoft Intune
Mobile device and app management to protect corporate apps and data on any device
Azure Active Directory Premium P2
Identity and access management with advanced protection for users and privileged identities (includes all capabilities in P1)
Azure Active Directory Premium P1
Secure single sign-on to cloud and on-premises apps
MFA, conditional access, and advanced security reporting
EMS E3
EMS E5
UNLOCK MORE CAPABILITIES…
Understand your current investments and what you already own today!
Thank You!BMO’s amazing team for making this possible.
100+ Awesome Presentations At.. Slideshare.Net/RHarbridge300+ Pages Of Whitepapers At.. 2toLead.com/Whitepapers
WhenToUseWhat.com Office365Intranets.comOffice365Metrics.com Office365Campaigns.comOffice365Extranets.com Office365Resources.com
Message Me On LinkedIn or Email [email protected]
CTO & MVP | SPEAKER & AUTHOR | SUPER FRIEN
Twitter: @RHarbridge. More to come on our blog at http://2toLead.com.