SlideShare una empresa de Scribd logo

Nathan Winters TechDays UK Exchange 2010 IPC

Descargar como PPTX, PDF
Nathan Winters
Nathan Winters

This is my deck from TechDays UK 2010. My presentation covered Exchange 2010 Information Protection and Compliance.

Tecnología
1 de 37
Nathan Winters MVP Exchange Server MMMUG – www.mmmug.co.uk Exchange 2010 Protection and Compliance
Exchange 2010 IPC Introduction to Information Protection and Compliance (IPC) The arsenal of Technical Tools! Archiving Multi-Mailbox Search Legal Hold IRM Moderation Enhanced Transport Rule Capabilities MailTips Demonstration Scenarios
Why is IPC important? Large UK Retailer Leaks Payment Information via Email The Information Commissioner’s Office will be able to issue fines of up to £500,000 for serious data security breaches. Nearly 40% of workers have received confidential information that was not meant for them! Appeal Win Lets FSA Grab Evidence for SEC
Some of the legal factors Public Sector - Freedom of Information All - Data protection act Finance – Financial Services Authority, SEC, BASEL2 RIPA - Regulation of Investigatory Powers Act 2000 Human Rights - Lawful business protection Electronic Communications Act – Adding Disclaimers US – SOX, HIPAA etc
What does IPC mean to you? It’s a policy build around the relevant laws for your industry. Based on a bunch of technical tools which we try to automate Monitor email – content, recipients where is it going Know what is happening based on email attributes Retain and Provide Archiving, Retention and Discovery Control and Protection – allow or prevent Granular policies Soft to Hard control
Retain and Provide mail where required with Archiving, Retention and Discovery Protection & Control: Soft to Hard Ensure that you target the correct data with the correct policy to maximise usability
[object Object]
Retention Policy
Legal Hold
Multi-Mailbox SearchArchiving, Retention & Discovery
Exchange 2010 Archiving, Retention & DiscoveryBetter mailbox management
World Today: Email Repositories Organization Archive ,[object Object]
Allows Org Control
Optimized for SearchPSTs ,[object Object]
Highly PortableMailbox ,[object Object]
Rich Client AccessPersonal Archive ,[object Object]
Allows Org ControlEnd User Access Personal Archive (TBs) Outlook PSTs (GBs) Exchange (MBs) Org Archive (PBs) Backup Backup Replicated Backups Replicated Backups ,[object Object]
Users do manual backups
IT does unsupported backups
Replication Only Choice
Datasets Require Replication
Replication Common
Backups Less Common
Tape/Disk Backups Common
Item Level BackupsCommon,[object Object]
Hard to discover content for legal request
Hard to prevent changes to content for legal hold
Management for Backup and Recovery expensiveEnd User ,[object Object]
Corruption increases when stored on network share
No access through browser
Requires management by end user
Stability/responsiveness is an issue with large PST files,[object Object]
Regulatory retention schedules contribute to further volume/ storage issues Increasing storage and back-up costs Users forcedto manage quota Quota management often results in growing PSTs (Outlook auto-archive)
Breaking the CycleWith large mailbox architecture and archiving Large Mailbox Architecture ,[object Object]
provides option for DAS-SATA storage to reduce costs Archiving simplifies discovery, retention and legal hold Archiving enables simple migration of PSTS back to server
Large Mailbox Lower Costs, Better Performance

Recomendados

Exch2010 compliance ngm f inal
Exch2010 compliance ngm f inalExch2010 compliance ngm f inal
Exch2010 compliance ngm f inalNathan Winters
 
Rina Hunter & Craig MacDonald - #InfoGov17 - Rethinking Information Governanc...
Rina Hunter & Craig MacDonald - #InfoGov17 - Rethinking Information Governanc...Rina Hunter & Craig MacDonald - #InfoGov17 - Rethinking Information Governanc...
Rina Hunter & Craig MacDonald - #InfoGov17 - Rethinking Information Governanc...ARMA International
 
Index data protection
Index data protectionIndex data protection
Index data protectionCristina Villavicencio
 
Email archiving vs. destructive retention policies
Email archiving vs. destructive retention policiesEmail archiving vs. destructive retention policies
Email archiving vs. destructive retention policiesArcMail Technology
 
Why Organizations Need to Archive Email
Why Organizations Need to Archive EmailWhy Organizations Need to Archive Email
Why Organizations Need to Archive EmailGFI Software
 
Webinar: Keep legacy email data safe and search ready with zero hardware
Webinar: Keep legacy email data safe and search ready with zero hardwareWebinar: Keep legacy email data safe and search ready with zero hardware
Webinar: Keep legacy email data safe and search ready with zero hardwareVaultastic
 
Guía de plazos de conservación de documentos
Guía de plazos de conservación de documentos Guía de plazos de conservación de documentos
Guía de plazos de conservación de documentos Sergio Gomez Florez
 
Cryoserver local authorities
Cryoserver local authoritiesCryoserver local authorities
Cryoserver local authoritiesRobin Bingeman
 

Recomendados

Exch2010 compliance ngm f inal
Exch2010 compliance ngm f inalExch2010 compliance ngm f inal
Exch2010 compliance ngm f inalNathan Winters
 
Rina Hunter & Craig MacDonald - #InfoGov17 - Rethinking Information Governanc...
Rina Hunter & Craig MacDonald - #InfoGov17 - Rethinking Information Governanc...Rina Hunter & Craig MacDonald - #InfoGov17 - Rethinking Information Governanc...
Rina Hunter & Craig MacDonald - #InfoGov17 - Rethinking Information Governanc...ARMA International
 
Index data protection
Index data protectionIndex data protection
Index data protectionCristina Villavicencio
 
Email archiving vs. destructive retention policies
Email archiving vs. destructive retention policiesEmail archiving vs. destructive retention policies
Email archiving vs. destructive retention policiesArcMail Technology
 
Why Organizations Need to Archive Email
Why Organizations Need to Archive EmailWhy Organizations Need to Archive Email
Why Organizations Need to Archive EmailGFI Software
 
Webinar: Keep legacy email data safe and search ready with zero hardware
Webinar: Keep legacy email data safe and search ready with zero hardwareWebinar: Keep legacy email data safe and search ready with zero hardware
Webinar: Keep legacy email data safe and search ready with zero hardwareVaultastic
 
Guía de plazos de conservación de documentos
Guía de plazos de conservación de documentos Guía de plazos de conservación de documentos
Guía de plazos de conservación de documentos Sergio Gomez Florez
 
Cryoserver local authorities
Cryoserver local authoritiesCryoserver local authorities
Cryoserver local authoritiesRobin Bingeman
 
Exchange server 2010 archiving and retention
Exchange server 2010 archiving and retentionExchange server 2010 archiving and retention
Exchange server 2010 archiving and retentionOnomi
 
Exchange 2010 Archiving And Retention
Exchange 2010 Archiving And RetentionExchange 2010 Archiving And Retention
Exchange 2010 Archiving And RetentionHarold Wong
 
Exchange Server 2010 Archving And Retention
Exchange Server 2010 Archving And RetentionExchange Server 2010 Archving And Retention
Exchange Server 2010 Archving And RetentionHarold Wong
 
TechNet Webcast Exchange 2010 Archiving And Retention
TechNet Webcast Exchange 2010 Archiving And RetentionTechNet Webcast Exchange 2010 Archiving And Retention
TechNet Webcast Exchange 2010 Archiving And RetentionMicrosoft TechNet
 
Security and Compliance for Exchange Online in Office 365
Security and Compliance for Exchange Online in Office 365Security and Compliance for Exchange Online in Office 365
Security and Compliance for Exchange Online in Office 365Quentin Christensen
 
Deep Dive Into Email Archiving Products
Deep Dive Into Email Archiving ProductsDeep Dive Into Email Archiving Products
Deep Dive Into Email Archiving ProductsStephen Foskett
 
Eleven Essential Attributes For Email Archiving
Eleven Essential Attributes For Email ArchivingEleven Essential Attributes For Email Archiving
Eleven Essential Attributes For Email ArchivingStephen Foskett
 
office365- discovery and compliance
office365- discovery and complianceoffice365- discovery and compliance
office365- discovery and complianceJuntarou Doi
 
Email Archiving Solutions Whats The Difference
Email Archiving Solutions Whats The DifferenceEmail Archiving Solutions Whats The Difference
Email Archiving Solutions Whats The DifferenceStephen Foskett
 
Email archiving webinar
Email archiving webinarEmail archiving webinar
Email archiving webinarBridgeHead Software
 
Exchange 2007 Overview Son Vu
Exchange 2007 Overview Son VuExchange 2007 Overview Son Vu
Exchange 2007 Overview Son Vuvncson
 
Brian Dirking Software Selection For Records Management
Brian Dirking Software Selection For Records ManagementBrian Dirking Software Selection For Records Management
Brian Dirking Software Selection For Records Managementbdirking
 
Exchange @ The Core with CTE Solutions
Exchange @ The Core with CTE SolutionsExchange @ The Core with CTE Solutions
Exchange @ The Core with CTE SolutionsCTE Solutions Inc.
 
Email Management and Email Archiving
Email Management and Email ArchivingEmail Management and Email Archiving
Email Management and Email Archivingcrussell79
 
Atelier Barracuda Bessage Archiver
Atelier Barracuda Bessage ArchiverAtelier Barracuda Bessage Archiver
Atelier Barracuda Bessage ArchiverInfoteam Informatique Technique SA
 
eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!J. David Morris
 
The Case for NSF
The Case for NSFThe Case for NSF
The Case for NSFSherpa Software
 
Brian Dirking Knowing Your Organizations Goals Before Choosing A Product
Brian Dirking Knowing Your Organizations Goals Before Choosing A ProductBrian Dirking Knowing Your Organizations Goals Before Choosing A Product
Brian Dirking Knowing Your Organizations Goals Before Choosing A Productbdirking
 
Misd chap 9 enterprise applications
Misd chap 9 enterprise applicationsMisd chap 9 enterprise applications
Misd chap 9 enterprise applicationsEdiey Smile
 
What Is Ecm?
What Is Ecm?What Is Ecm?
What Is Ecm?Wout_van_Zeeland
 
Exchange 2010 storage improvements
Exchange 2010 storage improvementsExchange 2010 storage improvements
Exchange 2010 storage improvementsNathan Winters
 
Ultan kinahan dr - minasi 2010
Ultan kinahan dr - minasi 2010Ultan kinahan dr - minasi 2010
Ultan kinahan dr - minasi 2010Nathan Winters
 

Más contenido relacionado

Similar a Nathan Winters TechDays UK Exchange 2010 IPC

Exchange server 2010 archiving and retention
Exchange server 2010 archiving and retentionExchange server 2010 archiving and retention
Exchange server 2010 archiving and retentionOnomi
 
Exchange 2010 Archiving And Retention
Exchange 2010 Archiving And RetentionExchange 2010 Archiving And Retention
Exchange 2010 Archiving And RetentionHarold Wong
 
Exchange Server 2010 Archving And Retention
Exchange Server 2010 Archving And RetentionExchange Server 2010 Archving And Retention
Exchange Server 2010 Archving And RetentionHarold Wong
 
TechNet Webcast Exchange 2010 Archiving And Retention
TechNet Webcast Exchange 2010 Archiving And RetentionTechNet Webcast Exchange 2010 Archiving And Retention
TechNet Webcast Exchange 2010 Archiving And RetentionMicrosoft TechNet
 
Security and Compliance for Exchange Online in Office 365
Security and Compliance for Exchange Online in Office 365Security and Compliance for Exchange Online in Office 365
Security and Compliance for Exchange Online in Office 365Quentin Christensen
 
Deep Dive Into Email Archiving Products
Deep Dive Into Email Archiving ProductsDeep Dive Into Email Archiving Products
Deep Dive Into Email Archiving ProductsStephen Foskett
 
Eleven Essential Attributes For Email Archiving
Eleven Essential Attributes For Email ArchivingEleven Essential Attributes For Email Archiving
Eleven Essential Attributes For Email ArchivingStephen Foskett
 
office365- discovery and compliance
office365- discovery and complianceoffice365- discovery and compliance
office365- discovery and complianceJuntarou Doi
 
Email Archiving Solutions Whats The Difference
Email Archiving Solutions Whats The DifferenceEmail Archiving Solutions Whats The Difference
Email Archiving Solutions Whats The DifferenceStephen Foskett
 
Exchange 2007 Overview Son Vu
Exchange 2007 Overview Son VuExchange 2007 Overview Son Vu
Exchange 2007 Overview Son Vuvncson
 
Brian Dirking Software Selection For Records Management
Brian Dirking Software Selection For Records ManagementBrian Dirking Software Selection For Records Management
Brian Dirking Software Selection For Records Managementbdirking
 
Exchange @ The Core with CTE Solutions
Exchange @ The Core with CTE SolutionsExchange @ The Core with CTE Solutions
Exchange @ The Core with CTE SolutionsCTE Solutions Inc.
 
Email Management and Email Archiving
Email Management and Email ArchivingEmail Management and Email Archiving
Email Management and Email Archivingcrussell79
 
eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!J. David Morris
 
Brian Dirking Knowing Your Organizations Goals Before Choosing A Product
Brian Dirking Knowing Your Organizations Goals Before Choosing A ProductBrian Dirking Knowing Your Organizations Goals Before Choosing A Product
Brian Dirking Knowing Your Organizations Goals Before Choosing A Productbdirking
 
Misd chap 9 enterprise applications
Misd chap 9 enterprise applicationsMisd chap 9 enterprise applications
Misd chap 9 enterprise applicationsEdiey Smile
 

Similar a Nathan Winters TechDays UK Exchange 2010 IPC (20)

Exchange server 2010 archiving and retention
Exchange server 2010 archiving and retentionExchange server 2010 archiving and retention
Exchange server 2010 archiving and retention
 
Exchange 2010 Archiving And Retention
Exchange 2010 Archiving And RetentionExchange 2010 Archiving And Retention
Exchange 2010 Archiving And Retention
 
Exchange Server 2010 Archving And Retention
Exchange Server 2010 Archving And RetentionExchange Server 2010 Archving And Retention
Exchange Server 2010 Archving And Retention
 
TechNet Webcast Exchange 2010 Archiving And Retention
TechNet Webcast Exchange 2010 Archiving And RetentionTechNet Webcast Exchange 2010 Archiving And Retention
TechNet Webcast Exchange 2010 Archiving And Retention
 
Security and Compliance for Exchange Online in Office 365
Security and Compliance for Exchange Online in Office 365Security and Compliance for Exchange Online in Office 365
Security and Compliance for Exchange Online in Office 365
 
Deep Dive Into Email Archiving Products
Deep Dive Into Email Archiving ProductsDeep Dive Into Email Archiving Products
Deep Dive Into Email Archiving Products
 
Eleven Essential Attributes For Email Archiving
Eleven Essential Attributes For Email ArchivingEleven Essential Attributes For Email Archiving
Eleven Essential Attributes For Email Archiving
 
office365- discovery and compliance
office365- discovery and complianceoffice365- discovery and compliance
office365- discovery and compliance
 
Email Archiving Solutions Whats The Difference
Email Archiving Solutions Whats The DifferenceEmail Archiving Solutions Whats The Difference
Email Archiving Solutions Whats The Difference
 
Email archiving webinar
Email archiving webinarEmail archiving webinar
Email archiving webinar
 
Exchange 2007 Overview Son Vu
Exchange 2007 Overview Son VuExchange 2007 Overview Son Vu
Exchange 2007 Overview Son Vu
 
Brian Dirking Software Selection For Records Management
Brian Dirking Software Selection For Records ManagementBrian Dirking Software Selection For Records Management
Brian Dirking Software Selection For Records Management
 
Exchange @ The Core with CTE Solutions
Exchange @ The Core with CTE SolutionsExchange @ The Core with CTE Solutions
Exchange @ The Core with CTE Solutions
 
Email Management and Email Archiving
Email Management and Email ArchivingEmail Management and Email Archiving
Email Management and Email Archiving
 
Atelier Barracuda Bessage Archiver
Atelier Barracuda Bessage ArchiverAtelier Barracuda Bessage Archiver
Atelier Barracuda Bessage Archiver
 
eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!eDiscovery and Records Oh...My!
eDiscovery and Records Oh...My!
 
The Case for NSF
The Case for NSFThe Case for NSF
The Case for NSF
 
Brian Dirking Knowing Your Organizations Goals Before Choosing A Product
Brian Dirking Knowing Your Organizations Goals Before Choosing A ProductBrian Dirking Knowing Your Organizations Goals Before Choosing A Product
Brian Dirking Knowing Your Organizations Goals Before Choosing A Product
 
Misd chap 9 enterprise applications
Misd chap 9 enterprise applicationsMisd chap 9 enterprise applications
Misd chap 9 enterprise applications
 
What Is Ecm?
What Is Ecm?What Is Ecm?
What Is Ecm?
 

Más de Nathan Winters

Exchange 2010 storage improvements
Exchange 2010 storage improvementsExchange 2010 storage improvements
Exchange 2010 storage improvementsNathan Winters
 
Ultan kinahan dr - minasi 2010
Ultan kinahan dr - minasi 2010Ultan kinahan dr - minasi 2010
Ultan kinahan dr - minasi 2010Nathan Winters
 
Sql server troubleshooting
Sql server troubleshootingSql server troubleshooting
Sql server troubleshootingNathan Winters
 
Aidan finn vmm 2008 r2 - minasi forum 2010
Aidan finn vmm 2008 r2 - minasi forum 2010Aidan finn vmm 2008 r2 - minasi forum 2010
Aidan finn vmm 2008 r2 - minasi forum 2010Nathan Winters
 
The new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pkiThe new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pkiNathan Winters
 
Today's malware aint what you think
Today's malware aint what you thinkToday's malware aint what you think
Today's malware aint what you thinkNathan Winters
 
Nathan Winters Exchange 2010 protection and compliance
Nathan Winters Exchange 2010 protection and complianceNathan Winters Exchange 2010 protection and compliance
Nathan Winters Exchange 2010 protection and complianceNathan Winters
 
Migrating to Exchange 2010 and ad 2080 r2
Migrating to Exchange 2010 and ad 2080 r2Migrating to Exchange 2010 and ad 2080 r2
Migrating to Exchange 2010 and ad 2080 r2Nathan Winters
 
Desktop virtualization scott calvet
Desktop virtualization scott calvetDesktop virtualization scott calvet
Desktop virtualization scott calvetNathan Winters
 
Adfs 2 & claims based identity
Adfs 2 & claims based identityAdfs 2 & claims based identity
Adfs 2 & claims based identityNathan Winters
 
OCS Introduction for Learning Gateway Conference 2009
OCS Introduction for Learning Gateway Conference 2009OCS Introduction for Learning Gateway Conference 2009
OCS Introduction for Learning Gateway Conference 2009Nathan Winters
 
Introduction to Exchange 2010
Introduction to Exchange 2010Introduction to Exchange 2010
Introduction to Exchange 2010Nathan Winters
 
Eric Rux The Big One Merging 2 Companies
Eric Rux The Big One Merging 2 CompaniesEric Rux The Big One Merging 2 Companies
Eric Rux The Big One Merging 2 CompaniesNathan Winters
 
Ultan Kinahan Business Continuity & Dr With Virtualization And Doubletake
Ultan Kinahan Business Continuity & Dr With Virtualization And DoubletakeUltan Kinahan Business Continuity & Dr With Virtualization And Doubletake
Ultan Kinahan Business Continuity & Dr With Virtualization And DoubletakeNathan Winters
 
Thomas Deimel The World Of Hackintosh
Thomas Deimel The World Of HackintoshThomas Deimel The World Of Hackintosh
Thomas Deimel The World Of HackintoshNathan Winters
 
Joe Mc Glynn Sbs 2008 For The Small Business
Joe Mc Glynn Sbs 2008 For The Small BusinessJoe Mc Glynn Sbs 2008 For The Small Business
Joe Mc Glynn Sbs 2008 For The Small BusinessNathan Winters
 
Rhonda Layfield Sniffing Your Network With Netmon 3.3
Rhonda Layfield Sniffing Your Network With Netmon 3.3Rhonda Layfield Sniffing Your Network With Netmon 3.3
Rhonda Layfield Sniffing Your Network With Netmon 3.3Nathan Winters
 
Roger Grimes How I Fixed The Internets
Roger Grimes How I Fixed The InternetsRoger Grimes How I Fixed The Internets
Roger Grimes How I Fixed The InternetsNathan Winters
 
Nathan Winters What’s New And Cool In Ocs 2007 R2
Nathan Winters What’s New And Cool In Ocs 2007 R2Nathan Winters What’s New And Cool In Ocs 2007 R2
Nathan Winters What’s New And Cool In Ocs 2007 R2Nathan Winters
 
Nathan Winters The Future Of Email Exchange And Online Services
Nathan Winters The Future Of Email Exchange And Online ServicesNathan Winters The Future Of Email Exchange And Online Services
Nathan Winters The Future Of Email Exchange And Online ServicesNathan Winters
 

Más de Nathan Winters (20)

Exchange 2010 storage improvements
Exchange 2010 storage improvementsExchange 2010 storage improvements
Exchange 2010 storage improvements
 
Ultan kinahan dr - minasi 2010
Ultan kinahan dr - minasi 2010Ultan kinahan dr - minasi 2010
Ultan kinahan dr - minasi 2010
 
Sql server troubleshooting
Sql server troubleshootingSql server troubleshooting
Sql server troubleshooting
 
Aidan finn vmm 2008 r2 - minasi forum 2010
Aidan finn vmm 2008 r2 - minasi forum 2010Aidan finn vmm 2008 r2 - minasi forum 2010
Aidan finn vmm 2008 r2 - minasi forum 2010
 
The new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pkiThe new rocket science stuff in microsoft pki
The new rocket science stuff in microsoft pki
 
Today's malware aint what you think
Today's malware aint what you thinkToday's malware aint what you think
Today's malware aint what you think
 
Nathan Winters Exchange 2010 protection and compliance
Nathan Winters Exchange 2010 protection and complianceNathan Winters Exchange 2010 protection and compliance
Nathan Winters Exchange 2010 protection and compliance
 
Migrating to Exchange 2010 and ad 2080 r2
Migrating to Exchange 2010 and ad 2080 r2Migrating to Exchange 2010 and ad 2080 r2
Migrating to Exchange 2010 and ad 2080 r2
 
Desktop virtualization scott calvet
Desktop virtualization scott calvetDesktop virtualization scott calvet
Desktop virtualization scott calvet
 
Adfs 2 & claims based identity
Adfs 2 & claims based identityAdfs 2 & claims based identity
Adfs 2 & claims based identity
 
OCS Introduction for Learning Gateway Conference 2009
OCS Introduction for Learning Gateway Conference 2009OCS Introduction for Learning Gateway Conference 2009
OCS Introduction for Learning Gateway Conference 2009
 
Introduction to Exchange 2010
Introduction to Exchange 2010Introduction to Exchange 2010
Introduction to Exchange 2010
 
Eric Rux The Big One Merging 2 Companies
Eric Rux The Big One Merging 2 CompaniesEric Rux The Big One Merging 2 Companies
Eric Rux The Big One Merging 2 Companies
 
Ultan Kinahan Business Continuity & Dr With Virtualization And Doubletake
Ultan Kinahan Business Continuity & Dr With Virtualization And DoubletakeUltan Kinahan Business Continuity & Dr With Virtualization And Doubletake
Ultan Kinahan Business Continuity & Dr With Virtualization And Doubletake
 
Thomas Deimel The World Of Hackintosh
Thomas Deimel The World Of HackintoshThomas Deimel The World Of Hackintosh
Thomas Deimel The World Of Hackintosh
 
Joe Mc Glynn Sbs 2008 For The Small Business
Joe Mc Glynn Sbs 2008 For The Small BusinessJoe Mc Glynn Sbs 2008 For The Small Business
Joe Mc Glynn Sbs 2008 For The Small Business
 
Rhonda Layfield Sniffing Your Network With Netmon 3.3
Rhonda Layfield Sniffing Your Network With Netmon 3.3Rhonda Layfield Sniffing Your Network With Netmon 3.3
Rhonda Layfield Sniffing Your Network With Netmon 3.3
 
Roger Grimes How I Fixed The Internets
Roger Grimes How I Fixed The InternetsRoger Grimes How I Fixed The Internets
Roger Grimes How I Fixed The Internets
 
Nathan Winters What’s New And Cool In Ocs 2007 R2
Nathan Winters What’s New And Cool In Ocs 2007 R2Nathan Winters What’s New And Cool In Ocs 2007 R2
Nathan Winters What’s New And Cool In Ocs 2007 R2
 
Nathan Winters The Future Of Email Exchange And Online Services
Nathan Winters The Future Of Email Exchange And Online ServicesNathan Winters The Future Of Email Exchange And Online Services
Nathan Winters The Future Of Email Exchange And Online Services
 

Último

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Último (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Nathan Winters TechDays UK Exchange 2010 IPC

  • 1.
  • 2. Nathan Winters MVP Exchange Server MMMUG – www.mmmug.co.uk Exchange 2010 Protection and Compliance
  • 3. Exchange 2010 IPC Introduction to Information Protection and Compliance (IPC) The arsenal of Technical Tools! Archiving Multi-Mailbox Search Legal Hold IRM Moderation Enhanced Transport Rule Capabilities MailTips Demonstration Scenarios
  • 4. Why is IPC important? Large UK Retailer Leaks Payment Information via Email The Information Commissioner’s Office will be able to issue fines of up to £500,000 for serious data security breaches. Nearly 40% of workers have received confidential information that was not meant for them! Appeal Win Lets FSA Grab Evidence for SEC
  • 5. Some of the legal factors Public Sector - Freedom of Information All - Data protection act Finance – Financial Services Authority, SEC, BASEL2 RIPA - Regulation of Investigatory Powers Act 2000 Human Rights - Lawful business protection Electronic Communications Act – Adding Disclaimers US – SOX, HIPAA etc
  • 6. What does IPC mean to you? It’s a policy build around the relevant laws for your industry. Based on a bunch of technical tools which we try to automate Monitor email – content, recipients where is it going Know what is happening based on email attributes Retain and Provide Archiving, Retention and Discovery Control and Protection – allow or prevent Granular policies Soft to Hard control
  • 7. Retain and Provide mail where required with Archiving, Retention and Discovery Protection & Control: Soft to Hard Ensure that you target the correct data with the correct policy to maximise usability
  • 8.
  • 12. Exchange 2010 Archiving, Retention & DiscoveryBetter mailbox management
  • 13.
  • 14. Allows Org Control
  • 15.
  • 16.
  • 17.
  • 18.
  • 19. Users do manual backups
  • 26.
  • 27. Hard to discover content for legal request
  • 28. Hard to prevent changes to content for legal hold
  • 29.
  • 30. Corruption increases when stored on network share
  • 33.
  • 34. Regulatory retention schedules contribute to further volume/ storage issues Increasing storage and back-up costs Users forcedto manage quota Quota management often results in growing PSTs (Outlook auto-archive)
  • 35.
  • 36. provides option for DAS-SATA storage to reduce costs Archiving simplifies discovery, retention and legal hold Archiving enables simple migration of PSTS back to server
  • 37. Large Mailbox Lower Costs, Better Performance
  • 38. Personal Archive Oveview – What is it and where does it live? User goals and assumptions Simple to use – OWA & Outlook IT Pro goals and assumptions Get rid of PSTs! Easy to enable.
  • 39. Message RetentionOverview Move Policy: automatically moves messages to the archive Options: 6 months, 1 year, 2 years (default), 5 years, Never User Impact: Helps keep mailbox under quota Works like Outlook Auto-Archive – without PSTs! Delete Policy: automatically deletes messages User Impact: removes unwanted items Helps keep mailbox under quota Delete policies are Global (they travel to the Archive) Per-item policies take priority over per-item policies
  • 40. Legal HoldOverview Hold Policy captures all edits/deletes irrespective of user or admin access. User workflow is unchanged, items captured in hidden folders in Dumpster 2.0. Multi-mailbox search can retrieve items indexed in Dumpster 2.0. ISSUE – Consider that the whole mailbox is put on hold, not just the granular info that you need on hold!
  • 41.
  • 45. Archive Management Add-Remove-View Archive Adding the archive requires a simple checkbox in the new-mailbox wizard Archive can be disabled together or separate from the mailbox Archive auto-discover requires no Outlook restart to activate archive 19
  • 46. Archive Management Set Quota Select archive quota to change default settings The default quota warning for the Archive is 10 GB
  • 47. Personal ArchiveUser experience User can view, read, navigate, flag and reply to archived mail same as live mail Folder hierarchy from primary mailbox maintained Reply to message in archive puts message in live mail sent items (same as PSTs) User gets conversation view scoped to Archive (same as PSTs)
  • 48. Personal Archive Search Option to search archive only or both live and archived mail Advanced search options work across live and archived mail 22
  • 49. Retention PolicesAt the folder or item level Policies can be applied directly within an email Policies can be applied to all email within a folder Delete policies Archive policies Expiration date stamped directly on e-mail
  • 50. Preserve: Message RetentionArchive and Delete policies Policies can be applied directly within an email Policies can be applied to an entire folder Delete policies Archive policies Expiration date stamped directly on e-mail
  • 51. Set Explicit Move Policy on a Folder Outlook OWA User selects 5 Years from set of Policies User selects 5 Years from set of Policies
  • 52. Set Move Policy on an ItemNo delete policy Outlook OWA User selects 5 Years from set of Policies User selects 5 Years from set of Policies
  • 53. Set Move Policy on a FolderWith delete policy User selects 10 Years from set of Delete Policies User selects 5 Years from set of Policies Outlook OWA User selects 5 Years from set of Policies User selects 5 Years from set of Move Policies
  • 54. Set Move Policy on an ItemWith delete policy Outlook OWA User selects 5 Years from set of Policies User selects 5 Years from set of Move Policies User selects 5 Years from set of Move Policies User selects 10 Years from set of Move Policies
  • 55. Multi-Mailbox Search Simple, role based GUI Delegate access to search to HR, compliance, legal manager Search all mail items (email, IM, contacts, calendar) across primary mailbox, archives Filtering includes: sender, receiver, expiry policy, message size, sent/receive date, cc/bcc, regular expressions, IRM protected items
  • 56. Multi-MailboxSearch Additional e-discovery features Search specific mailboxes or DLS Export search results to a mailbox or SMTP address Search results organized per original hierarchy Request email alert when search is complete API enables 3rd tool integration with query results for processing
  • 57.
  • 58.
  • 59. Preserve: Hold PolicyIT Pro Experience Comment and URL tell the IW how to comply Comment and URL tell the IW how to comply Specify how long items are kept
  • 60.
  • 65. Information LeakageCan be costly on multiple fronts Legal, Regulatory and Financial impacts Non-compliance with regulations or loss of data can lead to significant legal fees, fines, and more Damage to public image and credibility with customers Financial impact on company Loss of Competitive Advantage Disclosure of strategic plans Loss of research, analytical data, and other intellectual capital
  • 66. Message Confidentiality? Enforcement tools are required—content protection should be automated.
  • 67.
  • 68. Transport Rules support Regex scanning of attachments in Exchange 2010 (including content)
  • 69. Internet Confidential and Do Not Forward Policies available out of box38
  • 70. What is Rights Management Services? Windows Platform Information Protection Technology Better safeguard sensitive information Protect against unauthorized viewing, editing, copying, printing, or forwarding of information Limit file access to only authorized users Audit trail tracks usage of protected files Persistent protection Protects your sensitive information no matter where it goes Uses technology to enforce organizational policies Authors define how recipients can use their information
  • 71. Protection via Transport Rules New Transport rule action to “RMS protect” Transport Rules support regular expression scanning of attachments in Exchange Server 2010 “Do Not Forward” policy available out of the box Office 2003, Office 2007, Office 2010, and XPS documents are supported for attachment protection
  • 72. Outlook Protection Rules Allows an Exchange administrator to define client-side rules that will protect sensitive content in Outlook automatically Rules can be mandatory or optional depending on requirements Rules look at the following predicates: Sender’s department (HR, R&D, etc.) Recipient’s identity (specific user or distribution list) Recipient’s scope (all within the organization, outside, etc.) Rules are automatically retrieved from Exchange using Autodiscover and Exchange Web Services
  • 73. Transport Pipeline Decryption Enables Hub Transport agents to scan/modify RMS protected messages Required for Antivirus scanning, Transport Rules or 3rd party agents Decryption Agent Decrypts message and attachments, using RMS super-user privileges Only decrypts once per forest, on the first Hub, to improve performance Option to non-deliver (NDR) messages that can’t be decrypted Encryption Agent Re-encrypts messages, message forks and NDRs with original Publishing License
  • 74. How does it work?Transport Decryption AD RMS Active Directory 2. On first use, Exchange does an SCP lookup for the RMS server. 3. Exchange requests a RAC and CLC for the “shared identity” account. These are saved and re-used. The RAC is a super-user RAC. 1. Mail marked for protection or an already protected mail item. Hub Transport 6. Process message is sent to next hop or delivered to the recipient. 4. Incoming IRM mail is decrypted so all agents have access to the decrypted content. 5. At the end of the agent pipeline the message is re-encrypted, including any changes made by agents. Decryption Encryption Transport Rules Journaling Forefront Security for Exchange 3rd Party Agents
  • 75. How does it work? Outlook Protection Rules AD RMS 1. Administrator defines a set of Outlook Protection Rules. These are exposed via a web service to clients. 3. The first time a rule triggers the user is asked to get a RAC and CLC from RMS. Client Access (OWA) 2. When the user connects to Exchange via CAS, the rules are automatically downloaded. They are then frequently updated on the client based on administrator changes. 4. The message is protected before the user sends. User can override (if rule allows).
  • 76. Streamlined End-User ExperiencePrevent RMS Protection from getting in user’s way Pre-licensing enables offline and mobile access to RMS protected messages IRM Feature Parity between Outlook and Outlook Web App Conduct full-text search on RMS protected messages in Outlook Web Access Built-in ability to create/consume RMS protected messages with Windows Mobile 6.x
  • 77.
  • 81. Protected Content in Outlook RMS Protection is applied both to the message itself and to the attachments. Saved attachments retain the relevant protection (e.g. rights to view, print or copy content).
  • 83. Outlook Protection Rules Allows an Exchange administrator to define client-side rules that will protect sensitive content in Outlook automatically Rules can be mandatory or optional depending on requirements Rules look at the following predicates: Sender’s department (HR, R&D, etc.) Recipient’s identity (specific user or distribution list) Recipient’s scope (all within the organization, outside, etc.) Rules are automatically retrieved from Exchange using Autodiscover and Exchange Web Services
  • 84. Outlook Protection Rules Step 1: User creates a new message in Outlook 2010. Step 2: User adds a distribution list to the To line. Step 3: Outlook detects a sensitive distribution list (DL) and automatically protects as MS Confidential. Company Confidential - This content is confidential and proprietary information intended for company employees only and provides the following user rights: View, Reply, Reply All, Save, Edit, Print and Forward. Permission granted by: nwinters@gaots.co.uk
  • 85. Rights Management Services Integration in Outlook Web Access
  • 86. Manage Inbox Overload Help Reduce Unnecessary and Undeliverable E-Mail Through New Sender MailTips Remove Extra Steps and E-Mail Limit Accidental E-Mail Reduce Non-Delivery Reports 52
  • 89. Rights Management Services Integration in Unified Messaging Unified Messaging administrators can allow incoming voice mail messages to be marked as “private” Private voice mail can be protected using “Do Not Forward”, preventing forwarding or copying content Private voice mail is supported in Outlook 2010 and Outlook Web Application (OWA)
  • 90. Rights Management Services Integration in Unified Messaging
  • 91. Business to Business RMSSecurely Communicate with Partners Today customers can communicate using RMS between organizations by deploying ADFS and setting up trusts ADFS requires a separate trust between each partner ADFS isn’t supported by Exchange In Exchange Server 2010, customers can federate with the Microsoft Federation Gateway instead of each partner A single federation point replaces individual trusts Allows Exchange to act on-behalf-of users for decryption Senders can control how their data is accessed by 3rd parties By using federation, RMS can allow organizations and applications to access data on-behalf-of individuals Specifically they can specify whether recipient organizations can archive e-mails in the clear RMS administrator can control which 3rd parties can access data using federated authentication (allow/block list)
  • 92.
  • 95. Features SummaryExchange 2010 Protection and Compliance
  • 96. Key takeaways Personal Archive gives seamless user experience and removes need for PSTs Deep support for IRM Automation enables ease of use and administration Wide range of granular controls from Soft to Hard
  • 97. Text Microsoftto 60300 Or Tweet #uktechdays Questions?
  • 98. For resources, decks and video: www.microsoft.com/uk/techdays or my blog http://nathanwinters.co.uk
  • 99. Related Content Web link - http://www.microsoft.com/exchange/2010/en/us/information-protection-and-control.aspx Web link - http://www.microsoft.com/exchange/2010/en/us/Archiving-and-retention.aspx Breakout sessions
  • 100. © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Notas del editor

  1. Data losseshttp://news.bbc.co.uk/1/hi/technology/8455123.stmThe new rule is expected to come into force in the UK on 6 April 2010. It has been approved by Jack Straw MP, Secretary of State for Justice. The size of the fine will be determined after an investigation to assess the gravity of the breach. Other factors will include the size and finances of the organisation at fault. Large UK Retailer Leaks Payment Information via EmailPlain text credit card data embedded in order confirmation messageshttp://news.softpedia.com/news/Large-UK-Retailer-Leaks-Payment-Information-via-Email-136724.shtmlSurf Control Surveyhttp://news.bbc.co.uk/1/hi/technology/3809025.stmNearly 40% of workers have received confidential information that was not meant for them according to a poll conducted by e-mail filtering firm SurfControl. Another 15% admit sending confidential information by mistake and 17% of those are unable to retrieve the data. Appeal Win Lets FSA Grab Evidence for SEC http://www.complianceweek.com/blog/glimpses/2010/03/05/appeal-win-lets-fsa-grab-evidence-for-sec/Britain’s Financial Services Authority says it is committed to helping the Securities and Exchange Commission with overseas investigations, after winning an appellate court battle that aimed to block its efforts to obtain confidential evidence for its U.S. friends.
  2. Data ProtectionThree stage test1. Check relevant business purpose and laws (HR, Finance) for legal retention period2. Business purposes not covered by law – how long do you need it for operations3. Secondary purposes – to defend legal rights in court – only keeping on a risk basis – must assess risk on a per issue basis – keep this type of dataHR pensionable + 10 yearsFinance - 6 years + 1 to get rid of dataHuman Rights - Lawful business protection Must have policy about monitoring, get sign off – only look at email that’s relevantHealth Insurance Portability and Acountability Act
  3. Slide Objective: Instructor Notes: Today users use Outlook personal folder files (PSTs) because mailboxes aren’t large enough, they want offline access, and they want to be able to move that data with them. And then you have the mailbox repository that provides online access and a central repository for data.Data also exists potentially in user archives, business archives, and backups, and client devices (mobile devices, cached mode, etc.).So essentially your messaging data is distributed piecemeal across your entire environment.From a usability standpoint: You have the user which uses his mailbox, PSTs, and user archive You have compliance officers which access the user and business archives You have the Exchange administrator that looks at everythingThe environment is divided into these distinct systems is because of dueling requirements: Have to provide long-term access to the data, in both Exchange and third-party Also need to make the data discoverable, provide policy management, audit changes to the data, and provide legal hold
  4. A secondary mailbox that is configured by the administrator Appears alongside a user’s primary mailbox in Outlook or Outlook Web Access. PSTs can be dragged and dropped to the Personal ArchiveMail in primary mailbox can be moved automatically using Retention Policies Archive quota can be set separately from primary mailboxPreserve or improve PST experience for the userPreserve or improve workflow for the user irrespective of regulatory or storage constraintsUsers will only have one Archive in E2010Archive is online onlyMail folders automatically moved to archive by defaultDelete policies are global (they travel with messages as they move to Archive)Explicitly-set policies evaluated on most-specific wins basisPreserve mailbox management experience across primary and archive for the IT ProArchive is associated with a primary mailboxArchive and primary share the same user accountIT-Pro can provision only one archive per user Outlook and OWA should work against the archive exactly the same as the primary
  5. Slide Objective: Instructor Notes: We need an automated way to move data from primary to archive and make auto archive better.Let’s talk about records management first. In Exchange Server 2007, we essentially had two policies—the move policy and delete policy. Move Policy simply defines where items will live after a set amount of time. The delete policy defines how long your message will live wherever it is. Exchange Server 2010 will ship with a default set of move policies that define when data will be moved from primary to online archive: 6 months, 1 year, 2 years, or 5 years. Additionally in Exchange Server 2010, you can choose to apply this policy either at the folder level or at an individual message level.
  6. Slide Objective: Instructor Notes: We need an automated way to move data from primary to archive and make auto archive better.Let’s talk about records management first. In Exchange Server 2007, we essentially had two policies—the move policy and delete policy. Move Policy simply defines where items will live after a set amount of time. The delete policy defines how long your message will live wherever it is. Exchange Server 2010 will ship with a default set of move policies that define when data will be moved from primary to online archive: 6 months, 1 year, 2 years, or 5 years. Additionally in Exchange Server 2010, you can choose to apply this policy either at the folder level or at an individual message level.So let’s say that the IT admin sets the default policy to move items to the archive after 2 years. Filers will set policies on folders and move items to those folders to tag set a policy on them.
  7. Slide Objective: Instructor Notes: When reasonable expectation of litigation exists, organizations are required to preserve e-mail relevant to the case as part of discovery. This expectation can occur well before one knows the specifics of the case and preservation is often broad. Frequently, organizations will preserve all e-mail relating to a specific topic (or all e-mail, period) for certain individuals. In some cases, end users are instructed to carry out the preservation themselves by not deleting certain e-mail. This can lead to insufficient preservation. In other instances, e-mail is copied or moved to an archive. This can increase costs by requiring manual effort to copy items and/or third party products to collect and store e-mail.Exchange Server 2007 scenario: Retention Hold executed through Powershell, placing workload on IT rather than legal team. It stops automatic deletion but does not stop the user from moving or deleting items. Also, users must be informed of Hold manually, through email. This places the burden on the end user to remember what to do and can lead to insufficient preservation if the user forgets. The search capabilities are limited and the process is slow because export-mailbox copies the entire mailbox (regular mail and dumpster) to the destination and then searches it. There’s no way to search the dumpster directly.Exchange Server 2010 scenario: Retention Hold can now be carried out on a per mailbox basis though Exchange Control Panel (ECP) and delegated to non-IT staff using Role-Based Access Control (RBAC). For Exchange Server 2010, as in Exchange Server 2007, Powershell is the mechanism for handling these operations in bulk. This feature makes a copy of both deleted and edited items. It also enables setting of Outlook litigation hold comment for each mailbox to inform the user of the hold. The user continues to read e-mail and soft-delete it when it is no longer needed. Each time an item is soft-deleted or modified (certain message properties only, detail below), a copy is placed in the dumpster. Since the user hardly ever goes to the dumpster, he does not realize that items are no longer purged from it or that he can no longer manually empty it. When the two litigating organizations have agreed on what must be produced, the legal team performs a discovery search that includes the dumpster. If the mailbox is moved, items that are on hold are moved with it (today, dumpster data is lost during move mailbox). So if you have content in the primary mailbox and you have legal retention hold enabled, that content will go into the recoverable items folder. In Exchange Server 2010, we have a recoverable items folder that replaces the dumpster and is available in both locations (architecturally, before dumpster was this query that showed a view of deleted data, but it had a lot of problems in that it wasn’t index-able, it wasn’t portable (move mailbox). And so you can imagine a scenario where you don’t have archive and turn on legal hold – so content will go into your recoverable items folder. If you do have an archive and enable legal hold, then content will go into recoverable items folder of the archive. And so essentially that makes your archive the repository.
  8. Most Data leaks are not maliciousMailTipsReply to AllSend to the wrong person same name (int and ext)There are both horizontal examples (executive or sensitive e-mails, board communications, financial data, proprietary operations information, sales data such as price lists, and HRand legal information in addition to corporate governance that goes across many organizations, such as Sarbanes Oxley in the U.S.) as well as examples across multiple verticals….Information ProtectionFinancial Services: In the case of Mergers & Acquisitions, banks have to ensure that the internal M&A deal teams have to keep their workpapers and related information separate & distinct from each other. These ethical boundaries are required because the deal teams are selected with people who have no conflicts of interest in the deal that they are working on to ensure fair treatment of the deal. However, there is no easy way to enforce these walls from a technology perspective. If the information is leaked at the wrong time, there is tremendous financial impact to how the deals get priced. For e.g., typically the markets lower the price of the acquirer but run up the price of the acquire. This can cause a loss of leverage in the deal.Clinical Trials: The drug business is a very complicated process. Pharmaceutical firms spend 100s of millions and decades developing a drug. This is their lifeblood. They cannot have their drug formulae and testing information leak and result in loss of their competitive advantage as well as take a financial beating in the markets. And additional challenge in the healthcare business is privacy. Regulations like HIPAA mandate that information shared between the pharma and the doctors during clinical trials be protected to ensure privacy of the patients in the trials. Penalty for violation include both financial and legal penalties. Thus, these firms need to manage risk but also collaborate freely. There is a need for secure collaboration in this industryManufacturing/High Tech: Collaborative product designGovernment: RFP Process – governments put a lot of their work out to bid via RFPs. The process is sensitive and requires that bids received be protected carefully and not shared with other participants either overtly or by accident. They require solutions to support these ethical boundaries.Regulatory ComplianceGLB: The Gramm-Leach-Bliley Act Safeguards Rule requires companies to prevent unauthorized access of personal information. The California Security Breach Information Act (SB 1386) states that companies must alert customers whenever “unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.” NASD 2711: Best practices and regulations such as NASD 2711 stipulate that investment banking be run separately from research and trading to ensure trust in the public markets. New technologies that improve communications, such as email, can serve as a conduit of improper communication. This is often referred to as the “Chinese or Ethical Wall” scenarioHIPAA: requires companies to prevent unauthorized access of personal health information (PHI). For example, it is important that information shared between pharmaceutical companies and contract research organizations remain secure. Employers need to ensure that all PHI data exchanged between plan members and plan providers remains secure and confidential.Sarbanes Oxley: The Sarbanes-Oxley Act makes corporate executives explicitly responsible for establishing, evaluating and monitoring the effectiveness of internal controls over financial reporting. Spreadsheets are the most broadly used financial application, however password protection and file-level access controls do not satisfy these requirements. The act requires user authorization, protection of sensitive information from unauthorized access or modification during transmission or storage, and monitoring of user actions.
  9. Slide Objective: You need tools to enforce Confidentiality where it is required.Instructor Notes:Many of you may receive e-mails similar to this one in which the author is essentially begging and pleading with the recipient to “do the right thing” with the information—and prior to RMS we saw a lot of these inside Microsoft as well. In this case, while the organization may have a “policy” for what should and should not be done with the information, there are no mechanisms in place to digitally enforce that policy. You cannot rely on the fact that all end-user will apply confidentiality measures where required, even with training.
  10. Today an employee may accidentally include sensitive information that belongs to a consumer in an e-mail which is sent in cleartext over the internet. If that data is accidentally emailed the organization may face considerable reputation damage, legal exposure and reduction in company’s market value. To address this the Exchange Server can be configured to encrypt messages that contain personal information or critical business information.Sensitive e-mail can be detected using Transport Rules, by filtering the content of a message (including content of supported attachments). Regular expressions are supported.Internet Confidential and Do Not Forward policies are available out of the box. An RMS infrastructure is required.For example:Ed is a nurse at Northwind Traders, a large hospital. Ed is sending Chris the results of his recent blood test.When Ed’s email reaches the Exchange Server, the server is able to examine the message and determine that personal information is included in the mail.Because personal information is included in the message, the Exchange Server encrypts the message before it leaves the organization.The message that gets to Chris is an encrypted copy of the message.Protect message in transit via Transport Rules actionProtect messages by default at Outlook ClientPrivate Voice message automatically protected by Unified Messaging (UM)
  11. Exchange Server 2010 Supported on Windows Server® 2008 Planned support for Windows Server 2008 R2RMS integration features require:RMS on Windows Server 2008 SP2or Windows Server 2008 R2Information rights Management addresses the following essential elements:• Trusted entities: individuals, groups of users, computers, and applications that are trusted participants in an Active Directory RMS system. Helps protect information by enabling access only to properly trusted participants. • Usage rights and conditions: Assign usage rights and conditions define how specific trusted entity can use content. Examples of usage rights are permission to read, copy, print, save, forward, and edit. Usage rights can be accompanied by conditions, such as when those rights expire.• Encryption: Active Directory RMS encrypts information. Only trusted entities that were granted usage rights can unlock or decrypt the information in an Active Directory RMS-enabled application or browser. Some Benefits of RMS:No need to manage a Public Key Infrastructure (PKI):RMS is easier to manage and deployNo requirements for X.509 CertificatesProtection travels with content, even outside of the mailbox Offers persistent protection even outside of the mailbox Users cannot change policy by mistake.Policies are defined centrally by an administrator.
  12. Slide Objective: Introduce Transport Rule protection.Instructor Notes: Through Transport Rules we can scan messages in transit and classify as confidential. RMS protection is just another action within Transport rules. It can be combined with any other Transport Rules predicates and actions. It lets you choose which RMS template to use. RMS template can be either an official Rights Policy template created using the Active Directory Rights Management Administrative Console. Or, it can be the built-in policy available out of the box, Do Not Forward. Do Not Forward provides recipients with REPLY, REPLYALL, VIEWRIGHTSDATA, DOCEDIT, VIEW and EDIT rights. RMS protection is applied to supported attachments along with the message (a single Publishing License is created for all). We adopted SharePoint’s RMS protector implementation for Office 2003, Office 2007, Office 14 and XPS documents. There is currently no support for 3rd party protectors (for other file formats such as PDF or EML) If the message cannot be protected due to errors, we non-delivery report (NDR) the message back to the sender.
  13. Slide Objective: Introduce Outlook Protection rules.Instructor Notes:We’ve seen how a message can automatically be protected at the Transport Rule level. Alternatively, it is possible to have RMS encryption be automatically applied from the Outlook client. The Administrator can define a client-side rule that will be imported by the Outlook client via Autodiscover (i.e., every 24 hours).Filtering can be done on Sender’s department, Recipient’s identity or scope. Rules are defined using PowerShell.Using this method, you can ensure that RMS protection is already applied when the message is reaching the Exchange infrastructure. This supports scenarios where an organization does not necessarily “trust” the Exchange organization, for example when the Exchange infrastructure is hosted/managed by a 3rd party.Outlook 14 is required for this feature.The predicates listed in the slide are the only ones available.
  14. Slide Objective: Introduce Transport Pipeline Decryption. This is a key feature.Instructor Notes:Transport Decryption enables existing Transport Agents such as Forefront Security for Exchange, Transport rules and 3rd party agents scan/modify RMS protected messages. Transport Decryption will decrypt both the message and supported attachments. Please note that Transport rules support regular expressions on attachments in Exchange 2010. Transport decryption decrypts RMS protected messages as they enter the Transport pipeline on EndOfData or OnSubmit. The message is re-encrypted before leaving the pipeline, at the end of OnRouted. Any agent in between the Pipeline Decryption and Encryption agents can access the clear-text message content. There are three settings for Transport Decryption, “Always”, “Never”, “Best Effort”. Never means feature is OFF. Always means we NDR any message that cannot be decrypted (Encryption firewall implementation) Best Effort means we try to perform Transport Decryption but pass the message through upon errors. This setting would be chosen by organizations that value mail flow over Transport Decryption Transport Decryption re-encrypts the message with the same Publishing License, same set of rights as the original message. For this purpose we store the PL and UL as mailitem properties. Since we don’t do republishing, if any Transport Agent adds new recipients to a message, the new recipients will not be able to view the message unless they have originally been granted rights in the Publishing License We always conduct decryption on messages submitted to a Hub by the client with RMS protection. We do not conduct decryption on messages in a hub if they are protected by the Encryption Agent within that Hub. We conduct Transport Decryption on a message only once and at the 1st E14 Hub within a forest. This improves performance. When we decrypt a message, we stamp a P2 forest header on the message called X-MS-Exchange-Forest-ControlPointDecryption-Action. The presence of this header signifies that message has been decrypted within this forest and does not need to be decrypted again for ControlPoint Decryption. This header will be stripped as the message travels from one forest to another. We have a message property, called ControlPointDecrypted, that specifies whether the clear-text message has been decrypted by ControlPoint Decryption. It’s set upon decryption and reset when message is re-encrypted. The existence of this property can be used by E14 Transport Agents to determine how they should handle a message. We ensure that forked messages and NDRs will get re-encrypted by default, i.e. without any changes to the message. If an agent removes the message headers, we have no way of telling that the message was decrypted by Pipeline decryption and hence we will not re-encrypt the message. We are not trying to mitigate this scenario.
  15. Slide Objective: Introduce the Streamlined End User Experience topic.Instructor Notes: RMS protection should not hinder the user. This is being address at several levels, including: The pre-licensing feature, which was introduced with Exchange Server 2007, allows the Exchange server to fetch RMS licenses on the behalf of the users. The availability of the license enables offline scenarios and mobile access to RMS protected messages: the client does not need to establish a connection to the RMS infrastructure anymore. Feature parity between Outlook and Outlook Web Access is a key element, for grant OWA users with the same features than Outlook users. Outlook Web Access users can perform full-text search queries, as RMS protected content is indexed on the server.
  16. Slide Objective: Example of RMS protection in Outlook.Instructor Notes:We see how an RMS protected message looks like to the end-user using Outlook 2007, as already supported using Exchange Server 2007.In this example, the user has received an confidential e-mail that cannot be forward to other recipients. The user may nevertheless reply to the sender.Notice the “Do Not Forward” banner in the message, that informs the user about the rights he has been granted on the content.The message, as well as RMS compatible attachments, will be protected.
  17. Protection a message with RMS is done through a Transport Rule action, working just like any other Transport Rule action. Multiple actions can be selected.Transport Rules Agent stamps an X-Org (X-MS-Exchange-Organization-RightsProtectMessage) header to the message. The header value is set to the RMS template globally unique identifier (GUID). Message does not get encrypted until it’s processed by the Encryption Agent later on onRouted.New Transport rule action to “RMS protect”Transport Rules support regular expression scanning of attachments in Exchange Server 2010 (Beta)“Internet Confidential” and “Do Not Forward” policies are available out of the box Office 2003, Office 2007, Office 14, and XPS documents are supported for attachment protection
  18. Slide Objective: Introduce Outlook Protection rulesInstructor Notes:We’ve seen how a message can automatically be protected at the Transport Rule level. Alternatively, it is possible to have RMS encryption be automatically applied from the Outlook client. The Administrator can define a client-side rule that will be imported by the Outlook client via Autodiscover (i.e. every 24 hours).Filtering can be done on Sender’s department, Recipient’s identity or scope. Rules are defined using PowerShell.Using this method, you can ensure that RMS protection is already applied when the message is reaching the Exchange infrastructure. This supports scenarios where an organization does not necessarily “trust” the Exchange organization, for example when the Exchange infrastructure is hosted/managed by a 3rd party.Outlook 14 is required for this feature.
  19. Slide Objective: Example of Outlook Protection RulesInstructor Notes:Here is an example, where a user sends an e-mail that will trigger a Outlook Protection rule.Step 1: theStep 2: the user adds a distribution list to the To line.- Nothing happens at this stage user creates a new messStep 3: the user clicks outside of the “To:” line, and Outlook will then evaluate the client-side rules.As it turns out in this example, there is an Outlook Protection Rule that has been configured to apply a “Microsoft Confidential” RMS template to this message. A banner is therefore displayed in the Outlook client, warning the user that RMS protection is going to be automatically applied.age in Outlook 14.
  20. In this example, we see an example of a user applying RMS protection when composing a new e-mail.Notice the “Permissions” button (the envelope with a red sign) in the Outlook Web Access interface.Create/Consume RMS protected messages natively, just like OutlookNo client download or installation requiredSupports:Firefox, Safari, Macintosh and WindowsConversation View, Preview paneFull-text search on RMS protected messages
  21. Situation:People send embarrassing e-mails (or worse) to the wrong recipients (think MS email of reporters dossier to that reporter, RNC lobbying efforts though White House accounts, or pharmaceutical email sent out with all recipients names visible); MailTips is designed to make sure your communications are right the first time and to avoid such embarrassing mistakes.Talking Points:Know someone is OOF before you send a message (look at the oof and send to the right person from the start)Be alerted to important issues like external recipients or large lists of people this will be sent toKnow things like booking a room too small for the number of people you’re invitingKnow internal rules that will block your message from being sent before you send it (too many attachments, too big of an attachment, recipient can’t receive the message, and other custom rules defined by the system administrator)Slide Objective:The audience should walk away from this slide seeing that Exchange helps users send more effective messages the first time. It helps them schedule the right size rooms, not send messages to which they will get an OOF response and avoid sending mail to external recipients or large lists of people that might create an embarrassing mistake.
  22. Slide Objective: Example of a journaled RMS message.Instructor Notes:In this example, we see a journaled RMS message.Notice that the message body contains Sender, Subject, Message-Id and To header information, and that two attachments are available: The original message, including the RMS protection, is available in its full integrity The unencrypted message, without RMS protectionThe first message attachment (32K) is RMS encrypted message. The second message attachment is RMS decrypted message.
  23. Slide Objective: Introduce RMS protection with the Exchange Server 2010 Unified Messaging role.Instructor Notes:Using Exchange Server 2010 Unified Messaging, users can mark Voice Mail as “Private” when leaving a message. This option is available through a prompt over the phone.Unified Messaging policies can be created to automatically RMS protection to: All Voice mail, Private Voice Mail only, None.The RMS template that will be applied is “Do Not Forward”. This is not configurable.Using this feature, you can give the assurance to people leaving Voice Mail that the audio content cannot be forwarded to third parties, and will only be accessible to the intended recipient.
  24. In this example, you can see a Voice Mail that has been received by an individual, which has been automatically protected by the Unified Messaging server.The message cannot be forwarded by the recipient.Unified Messaging administrators can allow incoming voice mail messages to be marked as “private”Private voice mail can be protected using “Do Not Forward”, preventing forwarding or copying contentPrivate voice mail is supported in Outlook 14 and Outlook Web Access (OWA)
  25. Slide Objective: Introduce Business-to-Business RMS.Instructor Notes:Today, setting up RMS between two organizations is an involved process. To enable secure messaging using RMS between two separate organizations, both must deploy Active Directory Federation Services (ADFS) and create special trusts between the two organizations. This is an individual process for each partnership and it isn’t supported by Exchange for any of the features discussed today.In Exchange Server 2010, customers can create a single federation using the Microsoft Federation Gateway. This gateway is used by other services, such as the Microsoft Services Connector, as a trust broker between organizations. Exchange includes a built-in wizard to enable federation with the Federation Gateway. Once this wizard is run, Exchange can begin requesting delegation tokens for users within their organization. These tokens, which are SAML based, allow Exchange to give them to partners to authenticate on-behalf-of the users within the enterprise. The next slides show how Exchange uses these to license content on-behalf-of users for OWA.Slide Objective: Provide additional information of supported features for Business to Business scenarios.Instructor Notes:Now that we’ve seen how federation can allow Exchange to access content on-behalf-of a user, it is important to understand what controls we provide to ensure that remote organizations aren’t misusing your sensitive content. For example, as the content owner, Northwind Traders may not want Fabrikam archiving the protected mail in the clear using journal decryption. To mitigate this concern, Northwind Traders can specify on a per-template basis whether 3rd parties can archive that mail content in the clear. This means you can specify that all “Northwind Traders Confidential” data must always be stored in a protected format and cannot be decrypted and stored in a separate archive.Additionally, the web services in RMS that support SAML authentication can be disabled and/or block specific partners from using them. This limits the exposure an organization can have to 3rd parties that want to use federation for authentication purposes.Lastly, all of the RMS features we’ve talked about today work with SAML authentication, meaning they will work if the messages are protected against your internal RMS server or a 3rd party RMS server.
  26. Key takeawaysThe integrated e-mail archiving, retention, and discovery capabilities being delivered in Exchange 2010 offer a seamless user experience, leverage existing Exchange infrastructure investments and administrative skills, and helps reduced the need to implement potentially complex and expensive third-party archiving products The personal archive can help centralize PSTs for more efficient discovery while offering a fully integrated user experience directly from a user’s primary mailboxNew retention policies enable users to apply pre-defined policies to both items and folders and work across both the primary mailbox and personal archive Multi-mailbox search and legal hold functions can be delegated to non-IT staff such as compliance officers New actions such as moderation, dynamic signatures and MailTips and automated IRM protection provide a wider range of data control, enabling administrators to better match the right level of control to a scenarioUsing the enhanced transport rule functionality in Exchange 2010, administrators can now effectively identify sensitive content both within an e-mail and any Office file attachments Exchange 2010 features deeper support for Information Rights Management, including the ability to: apply IRM with transport rules, decrypt IRM-protected messages for journaling, filtering, search and transport rule application, read and reply to IRM-protected mail in OWA
  27. Key takeawaysThe integrated e-mail archiving, retention, and discovery capabilities being delivered in Exchange 2010 offer a seamless user experience, leverage existing Exchange infrastructure investments and administrative skills, and helps reduced the need to implement potentially complex and expensive third-party archiving products The personal archive can help centralize PSTs for more efficient discovery while offering a fully integrated user experience directly from a user’s primary mailboxNew retention policies enable users to apply pre-defined policies to both items and folders and work across both the primary mailbox and personal archive Multi-mailbox search and legal hold functions can be delegated to non-IT staff such as compliance officers New actions such as moderation, dynamic signatures and MailTips and automated IRM protection provide a wider range of data control, enabling administrators to better match the right level of control to a scenarioUsing the enhanced transport rule functionality in Exchange 2010, administrators can now effectively identify sensitive content both within an e-mail and any Office file attachments Exchange 2010 features deeper support for Information Rights Management, including the ability to: apply IRM with transport rules, decrypt IRM-protected messages for journaling, filtering, search and transport rule application, read and reply to IRM-protected mail in OWA