vortag 1

Office 365
Sicherheit mit RMS und DLP
Wie die Cloud Sie in Fragen der Sicherheit unterstützen kann
Michael Kirst-Neshva
[email protected] | www.ankbs.de
MVP Office 365 | Cloud Ambassador | Microsoft P-TSP
Cloud
Sicherheitsoptionen
DLP –
Data Loss
Prevention
RMS Azure Active
Directory Rights
Management
Mit Sicherheit –
Ein Ausblick
Office 365 und
Microsoft AZURE –
Das doppelte
Lotchen
Office 365 und Microsoft Azure
Zusagen belegt durch Zertifizierungen und Audits
Office 365
Zertifizierungen
Certified for ISO 27001.
EU Model Clauses.
Data Processing Agreement.
HIPAA Business Associate Agreement (HIPAA BAA).
Federal Information Security Management Act (FISMA).
…
Office 365
Zertifizierungen
No Comment
http://blog.ugoffice365.ms/go/ISO27018
Office 365 und Microsoft Azure
Das doppelte Lotchen
Office 365 und AZURE
Microsoft Konto
Microsoft Account
Ex: [email protected]
User
Windows Azure Active Directory
(Organisationskonto)
Organizational Account
Ex: [email protected]
User
Devices
Apps
Data
Desktop
Virtualization
Access &
information
protection
Enable
your users
Hybrid
identity
Mobile device &
application
management
Protect
your data
Und das ist die heutige Realität…
Identitäten steuern…
Simple
connection
Windows Server
Active Directory
Other
Directories
Self-service
Single
sign on
Username
•••••••••••
SaaS
Azure
Public
cloud
On-premises
Microsoft Azure Active Directory
Office 365
Cloud
Azure Active Directory Rights Management
Kosten für
Azure
AD RMS
Für nur ca. 1,50 EURO im Monat pro
Benutzer (zzgl. MwSt.) könnten die
Auflagen des BDSG eventuell schon
stark abgeschwächt sein.
Verschlüsselte Daten sind nicht mehr
einsehbar!
(Bitte mit Ihrem Rechtsberater Ihren persönlichen Bedarf diskutieren und evaluieren)
Windows Azure AD/Office
35 tenant
Active Directory Federation
Services (AD FS)
Active Directory
Windows Azure AD
Directory Synchronization Tool
Exchange Server
SharePoint Server
File Server
Microsoft RMS
connector
Activated by tenant
administrator
Microsoft Rights Management
service
Files Services
Server
Rights Management
Server
SAP
Integration
mit Partner
z.B.
Secude.com
Data Loss Prevention
Sarbanes-Oxley Act of 2002 (SOX)
Security Exchange Commission Rule 17a-4 (SEC Rule 17 A-4)
National Association of Securities Dealers 3010 & 3110 (NASD 3010 & 3110)
Gramm-Leach-Bliley Act (Financial Modernization Act)
Financial Institution Privacy Protection Act of 2001
Financial Institution Privacy Protection Act of 2003
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Uniting and Strengthening America by Providing Appropriate Tools Required to
Intercept and Obstruct Terrorism Act of 2001 (Patriot Act)
• European Union Data Protection Directive (EUDPD)
• Japan’s Personal Information Protection Act
• …..?
•
•
•
•
•
•
•
•
Built-in DLP Content Areas
Country
US
Germany
UK
Canada
France
Japan
Australia
PII
Financial
US State Security Breach Laws,
US State Social Security Laws, COPPA
GLBA & PCI-DSS
(Credit, Debit Card, Checking and
Savings, ABA, Swift Code)
EU data protection,
Drivers License,
Passport National ID
EU Credit, Debit Card,
IBAN, VAT, BIC,
Swift Code
Data Protection Act,
UK National Insurance, Tax Id, UK Driver License,
Passport
EU Credit, Debit Card,
IBAN, BIC, VAT,
Swift Code
PIPED Act,
Social Insurance, Drivers License
Credit Card,
Swift Code
EU data protection,
Data Protection Act,
National Id (INSEE),
Drivers License, Passport
EU Credit, Debit Card,
IBAN, BIC, VAT,
Swift Code
PIPA,
Resident Registration, Social Insurance, Passport,
Driving License
Credit Card,
Bank Account,
Swift Code
Drivers License, Passport, Social Insurance
Credit Card, Bank Account, Swift Code
Health
Limited Investment:
US HIPPA,
UK Health Service,
Canada Health
Insurance card
Rely on Partners
and ISVs
DLP system walkthrough
Backend policy
evaluation
DLP policy configuration
Admin
Audit & incident
data generation
Policy
Contextual policy
education
distribution
Information workers
Mit Sicherheit…..
Ein Ausblick…..
Enterprise Mobility Suite
Microsoft Azure Active Directory Premium
security reports, and
audit reports, multifactor authentication
Self-service password
reset and group
management
Connection between
Active Directory and
Azure Active Directory
Windows Intune
Mobile device settings
management
Mobile application
management
Selective wipe
Microsoft Azure Rights Management service
Information protection
Connection to onpremises assets
Bring your own key
Vielen Dank