![Page 1: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/1.jpg)
We have to Share Data - Now What?
Jon R. WallSecurity / IA Microsoft
![Page 2: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/2.jpg)
The move from need to know to need to share Within Organizations Across Organizations Across Civilian and Military 5I’s Across Govt. and Commercial
![Page 3: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/3.jpg)
Interest – the wrong type Florida Dept. of Labor: 4,624 files Bureau of the Census: 1,138 Laptops City of Savanna, Georgia: 8,800 files USDA Data Breach: 26,000 files US Navy Data Breach: 28,00 files TJX Sued for Loss of Consumer Data U.S. Department of Veterans Affairs 25.5
million veterans and military personnel http://www.privacyrights.org/ar/ChronDa
taBreaches.htm#CP
![Page 4: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/4.jpg)
What do you think of when someone says "Information Security"?
4
Risk Management
![Page 5: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/5.jpg)
Microsoft Confidential
Secure Infrastructure
Protection against malware, unauthorized access and evolving threats
Managed identities and protected personal information from unauthorized access
Protected sensitive data from prying eyes
Protected document security throughout its lifecycle
Monitoring systems and measuring compliance
BitLocker Drive Encryption
Encrypting File System
Windows Server Rights Management Services (RMS)
Office Information Management Services (IRM)
Technology Framework for Data Governance
Identity & Access Control
Data Encryption
DocumentManagement
Auditing &Reporting
![Page 6: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/6.jpg)
Many Governmental compliance rules (HIPAA, Sarbanes Oxley, FDA 21CFR11, etc.) require that measures are put into place to safeguard digital information
Expiration of content required for many other industry and governmental regulations
Government and Industry Compliance
![Page 7: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/7.jpg)
Today’s Policy Expression
• Today, most communication policies only exist on paper• Its easy to unintentionally forward e-mails & documents• Its easy to intentionally share/sell plans w/competitors, press, Internet
![Page 8: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/8.jpg)
Boundary-Based Technologies
Encryption
Digital Signatures
Access Control Lists Firewalls
Secure Channels
(SSL)5
![Page 9: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/9.jpg)
The limitations of boundary-based techologies
6
![Page 10: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/10.jpg)
Acce
ss C
ontro
l L
ist
Yes
No
Perimeter
Today’s Information Protection
![Page 11: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/11.jpg)
Microsoft Confidential
Windows RMS provides organizations with the tools they need to safeguard confidential & sensitive data
• Data protected at rest and during collaboration
Information Protection
• Specify not only who has initial access to information but also what they can do with itPolicy
Enforcement
• Integrated with SharePoint, Office, XPS, Exchange, Windows MobileOut-of-box
scenarios
• RMS SDK• Partner
Ecosystem
Customizable Solution 9
![Page 12: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/12.jpg)
Document Author can define who do the following: View document Edit document Print document Copy/Paste
RMS Gives Authors Control
![Page 13: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/13.jpg)
1. On first use, authors receive client licensor certificate from RMS server
2. Author creates content and assigns rights
3. File is distributed to recipient(s)
4. Recipient opens file, and their RMS client contacts server for user validation and to obtain a license
5. Application opens the file and enforces the restrictions
How RMS Works
![Page 14: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/14.jpg)
Windows RMS Usage Scenarios
Control access to sensitive plansSet level of access: view, change,
print, etc.Determine length of access
Protect Sensitive Files
Keep Executive e-mail off the InternetReduce internal forwarding of
confidential informationTemplates to centrally manage policies
Do-Not-Forward Email
Safeguard financial, legal, HR content Set level of access: view, print, exportView Office 2003 rights protected info
Safeguard Intranet Content
Keep Internal Information Internal
![Page 15: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/15.jpg)
RMS Will NOT …
…provide unbreakable, hacker-proof security …protect against analog attacks
![Page 16: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/16.jpg)
Comparing S/MIME and RMS”
When Should I Use Which Technology?
Comparing implementation of S/MIME signing, S/MIME encryption, and IRM. Comparing implementation of S/MIME signing, S/MIME encryption, and IRM.
FeatureS/MIME Signing
S/MIME Encryption
IRM
Authenticates the sender Yes No No
Authenticates the recipient No Yes Yes
Uses two-factor authentication * Yes Yes No
Can encrypt content No Yes Yes
Prevents content tampering Yes Yes Yes
Offers content expiration No No Yes
Controls content viewing, forwarding, saving, modifying, or printing by recipient
No No Yes
Differentiates permissions by recipient No No Yes
![Page 17: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/17.jpg)
With IRM turned on in SharePoint Central Admin, define Policies for specific document libraries, such as ‘Project X, Confidential’, ‘Restricted, FOUO, etc.
Define when policies expire, whether users can print, how often credentials must be validated, etc.
Automates and forces the RMS encryption of the files in the specific document library
Users can still create their own policies and upload encrypted documents to other doclibs
IRM and SharePoint
![Page 18: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/18.jpg)
DoD 5015.2 certification
Certified May 24, 2007. It is now listed on the JITC product register
Applies to: Microsoft Office SharePoint Server 2007
![Page 19: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/19.jpg)
Titus Labs Suite:
Message Classification Microsoft Outlook, OWA and Windows Mobile to force the
classification of e-mails
Document Classification Microsoft Office to force the classification of Office documents
(Word, PowerPoint & Excel)
![Page 20: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/20.jpg)
RMS at MicrosoftExample of RMS Templates
Corporate RMS templates available from the Permission menu of Outlook, Word, PowerPoint, and Excel
Microsoft ConfidentialOnly Microsoft employees can access the message. Allows for View, Reply, Reply All, Save, Edit, and Forward
Microsoft Confidential Read OnlyOnly Microsoft employees can access the message. Allows for View, Reply, Reply All
Microsoft FTE Confidential Only Microsoft full-time employees can access the message. Allows for View, Reply, Reply All, Save, Edit, and Forward
Microsoft FTE Confidential Read OnlyOnly Microsoft full-time employees can access the message. Allows for View, Reply, and Reply All.
![Page 21: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/21.jpg)
Summary RMS enables organizations to keep
internal information internal Key benefits:
Safeguards sensitive internal information Augments existing perimeter security
technologies Digitally enforces organization policies Persistent file protection Easy to use
![Page 22: We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft](https://reader038.vdocuments.site/reader038/viewer/2022110303/5516ca51550346f0208b5c68/html5/thumbnails/22.jpg)
© 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.