data loss prevention in office...
TRANSCRIPT
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Data loss prevention in Office 365
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Jethro Seghers
Program Director
SkySync
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
• What is sensitive data?
• DLP how does it work?
• DLP management
• DLP auditing
• QA
Agenda
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
“
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
What is SENSITIVE DATA
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
What is SENSITIVE DATA
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
What is SENSITIVE DATA
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
HOW DO PEOPLE EXPOSE SENSITIVE DATA
DLP
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Demo
How does it work?
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
How does it work?
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Policy
distribution
Contextual policy
education
DLP policy configuration
Backend policy
evaluation
Audit & incident
data generation
Admin
Information workers
DLP system walkthrough
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Integrated into Exchange Transport Rule (ETR) engine• Runs in categorizer during
OnResolvedMessage
• Integrated as a new ETR predicate
• Performs text extraction for body & attachments followed by classification
• Can be combined with any existing predicates & actions
Text extraction
Transport rule agent
Classification
DLP content detection flow in Exchange
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
DLP content detection flow in SharePoint
ClassificationOperator
Document summary
PropertyMapping
DocumentParser
Custom Entity
Extraction
Wordbreaking
Ifilter sandbox
LanguageDetectio
n
Deleteitem
Delete Links
Insert newor updateditem
Runs in Content Processing Pipeline as an operatorInvoked for search crawler as new content discovered and changedClassification results and counts stored in the content index
Excel Format Handler
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
• Built-in templates based on common regulations
• Import DLP policy templates from partners
• Build your own
DLP policy templates
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Demo
DLP policy management
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
• Predefined rules targeted at sensitive data types
• Advanced content detection
• Combination of regular expressions, dictionaries, and internal functions (e.g. validate checksum on credit card numbers)
• Extensibility for customer and ISV defined data types
Sensitive content detection
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Built-in DLP Content Areas
Country PII Financial Health
USUS State Security Breach Laws,US State Social Security Laws, COPPA
GLBA & PCI-DSS (Credit, Debit Card, Checking andSavings, ABA, Swift Code)
Limited Investment: US HIPPA, UK Health Service,Canada Health Insurance card
Rely on Partners and ISVs
GermanyEU data protection,Drivers License, Passport National Id
EU Credit, Debit Card,IBAN, VAT, BIC,Swift Code
UKData Protection Act,UK National Insurance, Tax Id, UK Driver License, Passport
EU Credit, Debit Card,IBAN, BIC, VAT,Swift Code
CanadaPIPED Act,Social Insurance, Drivers License
Credit Card,Swift Code
France
EU data protection, Data Protection Act,National Id (INSEE),Drivers License, Passport
EU Credit, Debit Card,IBAN, BIC, VAT,Swift Code
JapanPIPA, Resident Registration, Social Insurance, Passport, Driving License
Credit Card,Bank Account,Swift Code
Australia Drivers License, Passport, Social Insurance Credit Card, Bank Account, Swift Code
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Examples:Joseph F. FosterVisa: 4485 3647 3952 7352Expires: 2/2015
Get
Content
4485 3647 3952 7352 a 16 digit number is detected
RegEx
Analysis
1. 4485 3647 3952 7352 matches checksum2. 1234 1234 1234 1234 does NOT match
Function
Analysis
1. Keyword Visa is near the number2. A regular expression for date (2/2015)
is near the number
Additional
Evidence
1. There is a regular expression that matches a check sum
2. Additional evidence increases confidenceVerdict
Content analysis process
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Demo
Document Fingerprinting
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
• Advanced deep content analysis enabling new scenarios!
• A tax firm needs to detect and encrypt standard tax forms, like the 1040 EZ, W2, etc.
• Company Confidential documents like Patents detected based on their template
• A Law firm can fingerprint legal forms, and
have them detected automatically for
policy application
• Integrates with the existing DLP
Infrastructure as a custom sensitive
information type
• Surfaced in Exchange, Outlook and OWA
DLP Document Fingerprinting
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Fabrikam Patent Form Tracking Number Author Date Invention Title Names of all authors...
Get
Template
Content
1. Condensed representation of the template content
2. Document is not stored3. Stored as a sensitive information type
Create
Fingerprint
Fabrikam Patent Form Tracking Number 12345Author Alex Date 1/28/2014 Invention Title Fabrikam Green Energy...
Get Email
Content
1. Temporary in memory representation2. Used for comparson with source
fingerprint created at config time
Create
Fingerprint
1. Compare the two fingerprints2. Evaluate a ’containtment coefficient’
to declare template contained in email content
Verdict
CO
NFIG
UR
ATIO
NR
UN
TIM
E
Document Fingerprinting
CLASSIFICATION RULE with
FINGERPRINT
FINGERPRINT
GENERATION
Evaluation
+ verdict
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Demo
DLP in SharePoint Online
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
• Search for sensitive
data
• Built-in classifications
• Identification and
export
• Extends to data in
OneDrive
DLP in SharePoint Online
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
• Empower users to manage their
compliance
• Contextual policy education
• Doesn’t disrupt user workflow
• Can work even when
disconnected
• Admin customizable text and
actions
User educationOutlook
OWA
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Policy Tips in OWA for devices
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
• Comprehensive view of
DLP policy application
• Drill into specific departures
from policy to gain business
insights
• Export to excel workbook
& email incident reports
DLP reporting and auditing
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Reporting and Auditing
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Real Time Notifications
Audit dataClassificationRule detailsMatch details
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
• Custom DLP contentSupplemental DLP policy rules
Supplemental DLP classification rules
• Incident reports integration
with custom workflows
• Custom reporting solutions
• Remote PowerShell management
DLP extensibility points
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Q&A