Make it real: Help your customers comply with the GDPR

Slides:



Advertisements
Similar presentations
Ankur Kothari Microsoft Corporation. In-Place Archive with secondary quota Access documents with SkyDrive Pro Site Mailboxes enable better collaboration.
Advertisements

Module 7 Planning and Deploying Messaging Compliance.
Information explosion 1.4X 44X Protect communications.
Microsoft Virtual Academy Chris Oakman | Managing Partner Infrastructure Team | Eastridge Technology Curtis Sawin | Technical Solutions Professional |
Microsoft Virtual Academy Jamie McAllister | SharePoint MVP & Solution Architect Rob Latino | Program Manager in Office 365 Support.
Protect communications Conditions Actions Exceptions Conditions Actions Exceptions.
Planning Engagement Kickoff
ActiveSync & DLP management in Exchange Online
Secure your complete data lifecycle using Azure Information Protection
Deployment Planning Services
Azure Information Protection
Data Loss Prevention in Office 365
The effort-saving, cost-cutting, low-overhead, cloud capture platform.
Understand Office 365 Advanced eDiscovery in the Real-world
9/12/2018 6:21 PM BRK2203 Protect and control your sensitive s with new Office 365 Message Encryption capabilities Praveen Vijayaraghavan Principal.
Accelerate Azure Information Protection Deployment and Adoption
Office 365 FastTrack Planning Engagement Kickoff
“Introduction to Azure Security Center”
Microsoft Virtual Academy
Understanding EU GDPR from an Office 365 perspective
Azure Information Protection Strategy and Roadmap
Microsoft 365 Get help with regulatory compliance
Deployment Planning Services
Office 365 Groups Governance and Compliance
Microsoft /1/2018 5:38 PM Send secure to anyone with the power of Office 365 and  Azure Information Protection Gagan Gulati Ian Hameroff.
Optimizing Microsoft OneDrive for the enterprise
Understanding Multi-Geo Capabilities in Office 365
Protect sensitive information with Office 365 DLP
7/23/2018 6:01 PM BRK2282 Protecting complete data lifecycle using Microsoft’s information protection capabilities Gagan Gulati Alex Li Principal.
7/29/2018 4:45 PM Manage SharePoint and OneDrive in Office 365: A field guide for administrators Chris Bortlik Modern Workplace Technical Architect Microsoft.
9/4/2018 6:45 PM Secure your Office 365 environment with best practices recommended for political campaigns Ethan Chumley Campaign Technology Advisor Civic.
Information Protection
Extending classification ,labeling , and protection to 3rd party applications Kartik Microsoft Tony Digital Guardian Amit Cohen.
Secure your complete data lifecycle using Azure Information Protection
The utility belt for managing security and compliance in Office 365
Rights Management Services (RMS)
9/14/2018 2:22 AM THR2026 Set up secure and efficient collaboration for your organization with Office 365 Joe Davies Senior Content Developer Brenda Carter.
Using AAD B2C for WordPress & Secure Deployment Scenario
Understanding best practices in classifying sensitive data
Microsoft Corporation
Ochrana (nejen) poštovních zpráv pomocí AIP (Azure Information Protection) Miroslav Knotek MVP: Cloud and Datacenter Management, MCSE: Productivity IT.
Protect your OneDrive and SharePoint files on mobile devices
11/16/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Microsoft Ignite NZ October 2016 SKYCITY, Auckland
Customize and Tune Microsoft Office 365 Data Loss Prevention
Seamless Office Migrations with Add-ins and Macros
Top 10 Tips for GDPR Compliance in Office 365
SharePoint Hub Sites and how should they be implemented
Encryption in Office 365 Shobhit Sahay Technical Product Manager
Managing Content: You Need To Think About More Than Office 365
TechEd /6/2018 8:16 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Simplifying Security & Compliance in O365
Data Loss Prevention in Office 365
 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:
2/27/2019 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
IN THE PAST, THE FIREWALL WAS THE SECURITY PERIMETER devicesdata users apps On-premises.
4/9/ :42 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Introducing the Windows Store
5/1/2019 3:34 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or.
Microsoft Data Insights Summit
<offer name> with Microsoft 365 Business Secure Deployment
Successfully build your GDPR offer – and how Microsoft can help
Cloud Economics Assessment
Strengthening the GDPR business opportunity with Microsoft 365
Microsoft Data Insights Summit
Security in SharePoint and Teams with DLP, IRM, and AIP
GDPR is here – are you ready?
AI Builder for Power Platform
Cloud Economics Assessment
Infrastructure Optimization Assessment
Presentation transcript:

Make it real: Help your customers comply with the GDPR Microsoft Data Insights Summit 8/7/2019 2:38 AM Session code here Make it real: Help your customers comply with the GDPR David Bjurman-Birr | Security Architect François van Hemert | Security Architect © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Before we get technical… 8/7/2019 2:38 AM Before we get technical… © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

GDPR Detailed Assessment GDPR Data Discovery Toolkit Overall process Awareness What is the GDPR? How does it affect me? What is it I need to do? What do I have in place? Discover Identify which personal data you have and where it resides Do I have a problem? How big is my problem? Manage Govern how personal data is used and accessed How do I manage my data? How do I stay in control How to I respond to specific requests (DSR)? Protect Establish security controls to prevent, detect, and respond to vulnerabilities and data breaches Report Keep required documentation and manage data requests and breach notifications New v3 GDPR Detailed Assessment GDPR Data Discovery Toolkit GDPR 101 Foundational

Understand the scope 8/7/2019 2:38 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Major data classifications related to GDPR 8/7/2019 2:38 AM Major data classifications related to GDPR Structured data Data in fixed fields within a record or file Found in eg databases Data model describes the types of data Unstructured data Not organized by using a data model For example PDF and word processing documents, Power Point presentations, photos, images and videos. Semi Structured Data Mix of structured and unstructured data. No strict data model Typically one or more tags or properties (meta data). For example author, title, subject, contributors. sender, recipient(s), subject, time & date © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8/7/2019 2:38 AM Discover © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

A typical discovery engagement Identify the data repositories, do we know where our data is, can we access it, who owns it, ….? Identify & Assess 1 Plan for Classification 2 Before we start to implement.. On-premises or online, how does the roadmap look like? Are we migrating to the cloud, staying on-premises or … Select the right solution 3 Implement 4 Build and configure; test, validate and adjust Discover & Classify 5 Analyze the data, build the inventory; label and classify

Defining Policies and Labels – how to start? 8/7/2019 2:38 AM Defining Policies and Labels – how to start? From the GDPR to automated data discovery and classification Legal How does the GDPR apply to my organization? Translate the regulation into customer specific requirements Business Provides insight in business processes and needs Does it fit, is it workable? Test & validate IT Required technology Technical capabilities and limitations Legal Requirements Business Requirements IT Requirements Taxonomy Policies Labels Conditions Sensitive Data Types © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Recommendations and tips 8/7/2019 2:38 AM Recommendations and tips Use existing classification schema (if any) Improves adoption because it looks familiar Start with default policies and labels Why spend more time and make it more complicated? Start small and keep it simple Too many choices often means no choice at all. Use scenario’s and use cases Validate your ideas using real life use cases. Question every request for a new label Do we really need another label? Use sub-labels for key departments Only for very specific use cases. Consider scoped policies Should sales people see HR labels? Use meaningful label names If your label says GDPR, everybody needs to know what GDPR is. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Introduction to Contoso 8/7/2019 2:38 AM Introduction to Contoso European Union CONTOSO © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Contoso’s Discovery engagement Terabytes of data stored on premises today Sensitivity and ownership not well understood Identify & Assess 1 Confidential / Personal Data Confidential / Finance Data Plan for Classification 2 Scan & classify the data on premises first Prioritize migration of confidential personal data to O365 Finance data will remain in place for now Select the right solution 3 AIP for classification & labels Office 365 for confidential personal data Implement 4 Discover & Classify 5 AIP Scanner to discover & classify data

Contoso Requirements for GDPR 8/7/2019 2:38 AM Contoso Requirements for GDPR Confidential / Financial Data Files contain credit card number(s) Remain on premises to support legacy application Block external sharing Confidential / Personal Data Files contain Contoso Customer Number(s) Migrate to protect in the cloud Support subject access rights with content search Block external sharing © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Anatomy of a Contoso Customer Number 8/7/2019 2:38 AM Anatomy of a Contoso Customer Number 15 080 P 9562 Alpha (Line ID = P) 4 Digits (Serial = 9562) Three Digits (Agency ID = 080) Two Digits (Year = 2015) © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Contoso Schema & Taxonomy 8/7/2019 2:38 AM Contoso Schema & Taxonomy Label Taxonomy Method Confidential / Customer Data Any file with a CCN: Two digit year, > 02 Three digit agency ID, 000-999 Alpha Agency ID, a-Z Serial number. 0000-9999 Search Pattern (Regex) [0-1][0-9][0-9]{3}[A-Za-z][0-9]{4} Confidential / Financial Data Credit Card Numbers Built in Sensitive Item Type © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

AIP Scanner - high level 8/7/2019 2:38 AM AIP Scanner - high level Azure Information Protection Sensitive Data Types Labels Policies AIP Client AIP Client AIP Scanner Data repositories on-premises Office User Inventory © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8/7/2019 2:38 AM Demo Discover © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8/7/2019 2:38 AM Manage © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Data Classification Approach 8/7/2019 2:38 AM Data Classification Approach Labels Understand what it is you want to classify Protection 1 2a Clear purpose Retention / Deletion 2 2b Scoping a search Visual Markings 3 2c © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Contoso Schema & Taxonomy 8/7/2019 2:38 AM Contoso Schema & Taxonomy Label Taxonomy Method Confidential / Customer Data Any file with a CCN: Two digit year, > 02 Three digit agency ID, 000-999 Alpha Agency ID, a-Z Serial number. 0000-9999 Search Pattern (Regex) [0-1][0-9][0-9]{3}[A-Za-z][0-9]{4} Confidential / Financial Data Credit Card Numbers Built in Sensitive Item Type © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8/7/2019 2:38 AM Demo Manage © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8/7/2019 2:38 AM Protect © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Contoso Protection Options for GDPR 8/7/2019 2:38 AM Contoso Protection Options for GDPR Two options today: Parallel classification & protection for cloud and on-premises, Custom sensitive item types in Office 365 Duplicate labels for cloud and on-premises Manually configured protection that consumes AIP label DLP file custom property MSIP_Label_<GUID>_Enabled=True © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Contoso Protection Example Exchange DLP Protection Sensitive Data Types Policies Labels? Labelled File User Data repositories On-premises © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Exchange Data Loss Prevention 8/7/2019 2:38 AM Exchange Data Loss Prevention Data loss prevention policy Apply this protection . . . Protection can include: Policy tips for users Email report for admins Prevent sharing externally, internally, or both <define protection> . . . to documents with this type of content . . . <labels or sensitive information types> Use sensitive information types and/or labels © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8/7/2019 2:38 AM Demo Protect © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download all the details 8/7/2019 2:38 AM Download all the details GDPR Data Discovery Toolkit http://aka.ms/gdprpartners O365 Information Protection for GDPR http://aka.ms/o365gdpr GDPR Detailed Assessment http://aka.ms/gdprpartners © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Data Insights Summit 8/7/2019 2:38 AM Thank you! © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.