Presentation is loading. Please wait.

Presentation is loading. Please wait.

Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.

Published byJuliet McCormick Modified over 8 years ago

Similar presentations

Presentation on theme: "Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206."— Presentation transcript:

1 Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206

2 Expanding Importance of Identity Advanced Persistent ThreatCloud Computing Government Interests Consumerization of IT

3 Information Privacy is the most important security concern in the enterprise, outranking malware for the first time

4 Percentage cause of data breach Cost of Data Breach report Ponemon Institute 2010 Estimated sources of data breach Global State of Information Security Survey PriceWaterhouseCoopers 2010 Likely Source200820092010 Current Employee34%33%32% Former Employee16%29%23% Hacker28%26%31% Customer8%10%12% Partner/Supplier7%8%11% Unknown42%39%34%

5 Information Protection Discover, protect and manage confidential data throughout your business with a comprehensive solution integrated into the platform and applications Protect critical data wherever it goes Protect data wherever it resides Secure endpoints to reduce risk Protect everywhere, access anywhere Simplify deployment and ongoing management Enable compliance with information security policy Simplify security, manage compliance Extend confidential communication to partners Built into the Windows platform and Microsoft applications Integrate and extend security

6 Active Directory Rights Management Services

7 Persistent Protection + Encryption Policy: Access Permissions Use Right Permissions

8 Information Author AD RMS Recipient 1 2 3 4 5

9 Automatic Content-Based Privacy: Transport Rule action to apply AD RMS template to e-mail message Transport Rules support regex scanning of attachments in Exchange 2010 Do Not Forward policy available out of box Automatic Content-Based Privacy: Transport Rule action to apply AD RMS template to e-mail message Transport Rules support regex scanning of attachments in Exchange 2010 Do Not Forward policy available out of box @ @

10 SharePoint Server AD RMS

11

12 Demo AD Rights Management Services

13 Access Control Auditing Classification RMS Protection What data do I have? Who should have accessed it? Who has accessed it, and how? How do I protect my sensitive data?

14 Modify / Create file Determine classification Save classification In-box content classifier 3 rd party classification plugin LocationManualContextualApplication

15 USER CLAIMS User.Department = Finance User.Clearance = High USER CLAIMS User.Department = Finance User.Clearance = High ACCESS POLICY For access to finance information that has high business impact, a user must be a finance department employee with a high security clearance, and be using a managed device registered with the finance department. ACCESS POLICY For access to finance information that has high business impact, a user must be a finance department employee with a high security clearance, and be using a managed device registered with the finance department. DEVICE CLAIMS Device.Department = Finance Device.Managed = True DEVICE CLAIMS Device.Department = Finance Device.Managed = True FILE PROPERTIES File.Department = Finance File.Impact = High FILE PROPERTIES File.Department = Finance File.Impact = High Components

16 Workflow Access denied remediation provides a user access to a file when it has been initially denied: 1.The user attempts to read a file. 2.The server returns an “access denied” error message because the user has not been assigned the appropriate claims. 3.On a computer running Windows® 8, Windows retrieves the access information from the File Server Resource Manager on the file server and presents a message with the access remediation options, which may include a link for requesting access. 4.When the user has satisfied the access requirements (e.g. signs an NDA or provides other authentication) the user’s claims are updated and the user can access the file. 1 2 3 4

17 Today Audit is all or nothing Not contextual information Windows Server 2012 Expression based auditing Audit resource attribute changes Enhanced audit entries to include context required for compliance and operational reporting USER CLAIMS User.Department = Finance User.Clearance = High USER CLAIMS User.Department = Finance User.Clearance = High AUDIT POLICY Audit Success/Fail if (File.Department==Finance) OR (File.Impact=High) AUDIT POLICY Audit Success/Fail if (File.Department==Finance) OR (File.Impact=High) DEVICE CLAIMS Device.Department = Finance Device.Managed = True DEVICE CLAIMS Device.Department = Finance Device.Managed = True FILE PROPERTIES File.Department = Finance File.Impact = High FILE PROPERTIES File.Department = Finance File.Impact = High

18 Dynamic Access Control allows sensitive information to be automatically protected using AD Rights Management Services 1.A rule is created to automatically apply RMS protection to any file that contains the word “confidential”. 2.A user creates a file with the word “confidential” in the text and saves it. 3.The RMS Dynamic Access Control classification engine, following rules set in the Central Access Policy, discovers the doc with the word “confidential” and initiates RMS protection accordingly. 4.The RMS template and encryption are applied to the document on the file server and it is classified and encrypted. 1 2 3 4

19 Dynamic Access Control

20  File inherits classification tags from parent folder  Manual tagging by owner  Automatic tagging  Tagging by applications  File inherits classification tags from parent folder  Manual tagging by owner  Automatic tagging  Tagging by applications  Central access policies based on classification  Expression-based access conditions for user claims, device claims, and file tags  Access denied remediation  Central access policies based on classification  Expression-based access conditions for user claims, device claims, and file tags  Access denied remediation  Central audit policies can be applied across multiple file servers  Expression-based audits for user claims, device claims, and file tags  Staging audits to simulate policy changes in a real environment  Central audit policies can be applied across multiple file servers  Expression-based audits for user claims, device claims, and file tags  Staging audits to simulate policy changes in a real environment  Automatic Rights Management Services (RMS) protection for Microsoft Office documents  Near real-time protection when a file is tagged  Extensibility for non- Office RMS protectors  Automatic Rights Management Services (RMS) protection for Microsoft Office documents  Near real-time protection when a file is tagged  Extensibility for non- Office RMS protectors Classification Access ControlAuditingRMS Protection

21 DOWNLOAD Windows Server 2012 Release Candidate microsoft.com/windowsserver #TESIA206 DOWNLOAD Microsoft System Center 2012 Evaluation microsoft.com/systemcenter Hands-On Labs Talk to our Experts at the TLC

22 Connect. Share. Discuss. http://europe.msteched.com Learning Microsoft Certification & Training Resources www.microsoft.com/learning TechNet Resources for IT Professionals http://microsoft.com/technet Resources for Developers http://microsoft.com/msdn

23 Evaluations http://europe.msteched.com/sessions Submit your evals online

24

25

Download ppt "Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206."

Similar presentations

Unified Communications Bill Palmer ADNET Technologies, Inc.

Unified Communications Bill Palmer ADNET Technologies, Inc.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Identity & Security. Today's IT Security challenges Rising Internal Attacks 75% of companies report insiders responsible for breaches Growing headcount.

Identity & Security. Today's IT Security challenges Rising Internal Attacks 75% of companies report insiders responsible for breaches Growing headcount.
? ? AreaPropertiesValues Information Privacy Personally Identifiable InformationHigh; Moderate; Low; Public; Not PII Protected Health InformationHigh;

? ? AreaPropertiesValues Information Privacy Personally Identifiable InformationHigh; Moderate; Low; Public; Not PII Protected Health InformationHigh;
? ? 63K confirmed security incidents for 2013 w/ 1,367 confirmed data breaches. Over 40% targeted at server assets. 73% of enterprise IT hardware decision.

? ? 63K confirmed security incidents for 2013 w/ 1,367 confirmed data breaches. Over 40% targeted at server assets. 73% of enterprise IT hardware decision.
Microsoft Confidential Solution Overview: Foxit Software Corporation’s PDF Security Suite.

Microsoft Confidential Solution Overview: Foxit Software Corporation’s PDF Security Suite.
Agenda Customer pain points and how data classification can help Ecosystem Windows Server 2008 R2 for file Classification Infrastructure Demos Customer.

Agenda Customer pain points and how data classification can help Ecosystem Windows Server 2008 R2 for file Classification Infrastructure Demos Customer.
Making Entitlements in AD Understandable to the Business Rob de Jong Program Manager Microsoft Corporation SIA314.

Making Entitlements in AD Understandable to the Business Rob de Jong Program Manager Microsoft Corporation SIA314.
Mohan Atreya Sr. Product Manager RSA Corporation SIA311 Marcio Mello Sr. Program Manager Lead Microsoft Corporation.

Mohan Atreya Sr. Product Manager RSA Corporation SIA311 Marcio Mello Sr. Program Manager Lead Microsoft Corporation.
What is the problem we are trying to solve? Users want to work anywhere on any device IT needs to retain control and manage risk.

What is the problem we are trying to solve? Users want to work anywhere on any device IT needs to retain control and manage risk.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
? ? 63K confirmed security incidents for 2013 w/ 1,367 confirmed data breaches. Over 40% targeted at server assets. 73% of enterprise IT hardware.

? ? 63K confirmed security incidents for 2013 w/ 1,367 confirmed data breaches. Over 40% targeted at server assets. 73% of enterprise IT hardware.
Deep Dive on Active Directory PowerShell Mudassir Ali Software Development Engineer Microsoft Corporation SIA404.

Deep Dive on Active Directory PowerShell Mudassir Ali Software Development Engineer Microsoft Corporation SIA404.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Upgrading the Platform - How to Get There!

Upgrading the Platform - How to Get There!
Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.

Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Virtual techdays INDIA │ 18-20 august 2010 Secure Collaboration: All You Need to Know about Extending Active Directory Rights Management Services (AD RMS)

Virtual techdays INDIA │ august 2010 Secure Collaboration: All You Need to Know about Extending Active Directory Rights Management Services (AD RMS)
Clinton Ho Program Manager Microsoft Corporation SESSION CODE: SIA311.

Clinton Ho Program Manager Microsoft Corporation SESSION CODE: SIA311.

Similar presentations

Ads by Google