Compliance in Office 365 Edge Pereira Sandy Millar From Avanade Australia OSS304

Source: Gartner Report: IT Governance, Risk, and Compliance Management Solutions,

Levels and activities are driven by many factors For example Public or private sector Industry vertical Business activities Geography Laws or regulation

Built-in Office 365 capabilities (global compliance) Customer controls for compliance for internal policies Access Control Auditing and Logging Continuity Planning Incident Response Risk Assessment Communications Protection Identification and Authorisation Information Integrity Awareness and Training Data Loss Prevention Archiving eDiscovery Encryption S/MIME Legal Hold Rights Management

It is all about customer controls! Remembering “A control is a process, function, in fact anything that supports maintaining compliance”

IdentifyMonitorProtectEducate

“Data loss/leak prevention solution is a system that is designed to detect potential data breach / data ex-filtration transmissions and prevent them by monitoring, detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage).“ [1] [1] “Quotation...” Good definition

CountryPIIFinancialHealth USA US State Security Breach Laws, US State Social Security Laws, COPPA GLBA & PCI-DSS (Credit, Debit Card, Checking and Savings, ABA, Swift Code) Limited Investment: US HIPPA, UK Health Service, Canada Health Insurance card Rely on Partners and ISVs Germany EU data protection, Drivers License, Passport National Id EU Credit, Debit Card, IBAN, VAT, BIC, Swift Code UK Data Protection Act, UK National Insurance, Tax Id, UK Driver License, Passport EU Credit, Debit Card, IBAN, BIC, VAT, Swift Code Canada PIPED Act, Social Insurance, Drivers License Credit Card, Swift Code France EU data protection, Data Protection Act, National Id (INSEE), Drivers License, Passport EU Credit, Debit Card, IBAN, BIC, VAT, Swift Code Japan PIPA, Resident Registration, Social Insurance, Passport, Driving License Credit Card, Bank Account, Swift Code

Australian sensitive information types provided by Microsoft Bank Account Number Driver's License Number Medicare Account Number Passport Number Tax File Number

Protect communications Basic level of built-in anti-malware and enhanced spam filtering to help protect your environment from threats Enforce policy Data loss prevention (DLP) controls that can detect sensitive data in before it is sent and automatically block, hold or notify the sender Simplify management Unified administration of anti-spam, anti-malware and data loss prevention within Exchange

[2] Wikipedia (

Find relevant content (documents, s, Lync conversions) DISCOVERY PRESERVATION Place content on legal hold to prevent content modification and/or removal Collect and send relevant content for processing Prepare files for review PRODUCTION REVIEW Lawyers determine which content will be supplied to opposition Provide relevant content to opposition COLLECTION PROCESSING

Provide a high level of immutability by: Preserving data in source Protecting from deletion Protecting from tampering Provides easy management via: Rich query, location and time based content target Across Exchange, Lync and SharePoint Using Exchange Admin or eDiscovery Centres

Comprehensive view of DLP policy performance Downloadable Excel workbook Drill into specific departures from policy to gain business insights

Protect communications

Additional Slides

DLP extensibility points

Content analysis process Joseph F. Foster Visa: Expires: 2/2012 Get Content  a 16 digit number is detected RegEx Analysis  matches checksum  does NOT match Function Analysis 1.Keyword Visa is near the number 2.A regular expression for date (2/2012) is near the number Additional Evidence 1.There is a regular expression that matches a check sum 2.Additional evidence increases confidence Verdict