emma aubert | information protection
TRANSCRIPT
Emma Aubert
Information Protection CxP Team
http://aka.ms/MSFTSecDay2017
What do we mean by “Information Protection”?
MICROSOFT’S INFORMATION PROTECTION SOLUTIONS
help you protect sensitive data throughout its lifecycle – inside and outside the organization
IN THE PAST, THE FIREWALL WAS THE SECURITY PERIMETER
devices datausers apps
On-premises
On-premises
What we hear …
“Our organization is moving to Office 365; We have to
identify & protect data before it leaves to the cloud”
“We need to prepare for EU-GDPR (or other) compliance,
and need to identify, monitor and protect PII”
“We have to educate our information workers to understand and adhere to the business information protection policy”
“We share information with external parties.
We have to control the way shared data is used”
I n f o r m a t i o n p r o t e c t i o n
Ensure documents and emails are seen only by authorized
people
Azure Information Protection
Office 365 Data Loss Prevention
Windows Information Protection
Microsoft Cloud App Security
Office 365 Advanced Security Mgmt.
Microsoft Intune
DOCUMENT
TRACKING
DOCUMENT
REVOCATION
Monitor &
respond
LABELINGCLASSIFICATION
Classification
& labeling
ENCRYPTION
Protect
ACCESS
CONTROLPOLICY
ENFORCEMENT
CLASSIFY DATA – BEGIN THE JOURNEY
SECRET
CONFIDENTIAL
INTERNAL
NOT RESTRICTED
IT admin sets policies, templates, and rules
PERSONAL
Classify data based on sensitivity
Start with the data that is most sensitive
IT can set automatic rules; users can complement it
Associate actions such as visual markings and protection
Reclassification
You can override a classification and optionally be required to provide a justification
Automatic
Policies can be set by IT Admins for automatically applying classification and protection to data
Recommended
Based on the content you’re working on, you can be prompted with suggested classification
User set
Users can choose to apply a sensitivity label to the email or file they are working on with a single click
Labels are metadata written to documents
Labels are in both clear text so that other
systems such as a DLP engine can read it
and a hash of policies, rules and user
information
Labels are persistent and travel with the
document
User awareness through visual labels
LABEL DATA BASED ON CLASSIFICATION
%##&$^#*!~@&
FINANCE
CONFIDENTIAL
%$^#*@&
VIEW
Protect data needing protection by
Encrypting data
Including authentication requirement and a definition of use
rights (permissions) to the data
Protection is persistent and travels with the data
PROTECT DATA AGAINST UNAUTHORIZED USE
EDIT COPY PASTE
Email attachment
FILE
ROAD TO SHARING DATA SAFELY WITH ANYONE
Share internally, with business partners, and customers
Bob
Jane
Internal user
*******
External user
*******
Any device/ any platform
Roadmap
Sue
File share
SharePoint
LoB
MONITOR AND RESPOND
Monitor use, control and block abuse
Sue
Joe blocked in North America
Jane accessed from India
Bob accessed from South America
MAP VIEW
Jane blocked in Africa
JaneCompetitors
Jane access is revoked
Sue
Bob
Jane
MICROSOFT’S INFORMATION PROTECTION SOLUTIONS
Comprehensive protection of sensitive data across devices, cloud services and on-premises
environments
UNIFIEDNATIVE ANYWHERE
•
BETTER USER EXPERIENCE & INTEGRATION INTO OFFICE NATIVE CLIENTS
Now:
Delightful labeling experience – for everyone!
- Simplified interface for information labeling
- More robust content matching engine
Medium & Long term:
Integration into native Office clients:
- Starting with Word, Excel and PowerPoint for Mac
- Full Office for Mac
- Office web apps
- Office for iOS & Android
- Office for Windows
NATIVE
UNIFIED WITH OFFICE INFORMATION PROTECTION & AZURE AD POLICIES
Now:
Unified information types for Office DLP & AIP (80+ types)
Short term:
SharePoint sync client support for encrypted files
Enforcing Conditional Access for protected data
Medium & Long term:
Unified Information Protection policy for Office DLP & AIP
- Unify label management
- Unified labeling experience in Office clients & SPO/OD4B
- Unified classification policy
UNIFIED
CLASSIFY, LABEL AND PROTECT FILES ANYWHERE
Short term:
Classify, label and protect data at rest
Label and protect data across cloud applications
Medium & Long term:
Multi platform SDK for labeling and protection – anywhere
Central logs, analytics and reports
ANYWHERE
•
AZURE INFORMATION PROTECTION CLIENT
• Now• Office support (Word, Excel, PowerPoint, Outlook)
• AzIP for mobile app – enable protected files and mail consumption for non enlightened formats/apps
• Justification on reclassification
• Cloud based service
• Key management – MS managed, BYOK, HYOK (preview)
• Classification automation by content
• Secure Email
• Scanner
• Native labeling experience in Word,
PowerPoint & Excel on Mac, iOS, Android
and web apps
• Native labeling in Outlook on Mac, iOS,
Android and web apps
• DLP triggers based on labels
• Office 365 message encryption (GA)
• Azure Information Protection convergence to
80+ sensitive information types used in Office
365
• Azure Information Protection scanner for on-
premises file shares (preview)
• Microsoft Cloud App Security label and protect
Office files in cloud apps (preview)
H1 CY18H2 CY17
LOOKING AHEAD
GET STARTED TODAY!
Maximum
Results
Faster Deployment
HigherAdoption
Two great resources to help you get started:Customer Experience Team (CXP) aka.ms/aipyammerFastTrack fasttrack.microsoft.com
Also …
Fantastic Docs
Quick Start Guides
EMS Trials
5 STEPS PROGRAM
Best Practice - Start small, do it now, and move quickly
1. Classify Take simple steps, it generates high-impact quickly (ie.‘Do Not Forward’ for HR and Legal)
2. Label Test, phase the roll out, and learn – IT can’t know it all
3. Protect Control sensitive internal email flow across all PCs/Devices
4. Monitor ‘Share Protected’ files with business partners (B2B)
5. Respond Teach and enable users to revoke access
Use case definition
User Coms, help desk prep & refine use cased
User Coms, help desk prep & refine use cased
User Coms, help desk prep & refine use cased
3 Months
AIP CLASSIFICATION PROJECT HIGH LEVEL
Yammer @ https://www.yammer.com/AskIPteam
User voice @ https://msip.uservoice.com
Technical Documentation @ https://docs.microsoft.com
For questions email [email protected]
IT Pro Blog @ https://aka.ms/AIPblogs
Download @ https://aka.ms/AIPclient
Product page @ https://www.microsoft.com/en-us/cloud-platform/azure-information-protection
Q&A
© 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.