The document discusses various topics related to governance, risk management, and compliance (GRC) tools in Microsoft Office 365. It begins with an agenda that includes data loss prevention, eDiscovery, auditing, document fingerprinting, and encrypted emails. It then provides background on why organizations invest in GRC and the types of records commonly exposed in data breaches. The document goes on to explain key GRC capabilities in Office 365 like data loss prevention, eDiscovery tools, auditing features in SharePoint, and options for encrypting emails. It emphasizes the importance of controls and policies for customers to maintain compliance. Overall, the document provides an overview of GRC solutions in Office 365 and how customers can leverage built-in tools and

1. Edge Pereira
edge@superedge.net

2. Our Agenda for Today (plan)
• Data Loss Prevention
• eDiscovery
• Auditing
• Document Fingerprinting
• Encrypted Emails

3. Source: Gartner Report: IT Governance, Risk, and Compliance Management Solutions, http://www.gartner.com/resId=1884814
“Faced with never-ending and expanding regulatory and industry
mandates, organizations invest tremendous amounts of energy on
audit, compliance, controls, and (in some cases) risk management.
At the same time, they seek to free staff resources from mundane
tasks such as evidence gathering and simple reporting.”

4. “By far, the most common record type exposed in 2014 were passwords, followed by usernames, email addresses, and PII (name,
address, SSN, DOB, phone number, etc.)…”
1 Billion
Criminals are starting to favor PII
over financial information, because
it's easier to sell and leverage
Source: http://www.cio.com/article/2848593/data-breach/nearly-a-billion-records-were-compromised-in-2014.html
Records Compromised in 2014

5. Why are we here?

6. Compliance – What is it?

7. Why do we need to take compliance seriously?

8. So what is Microsoft doing?
eDiscovery
Auditing
Encryption
Information
Management
Policies
Records Management

9. Two faces of compliance in Office 365
Built-in Office 365 capabilities
(global compliance)
Customer controls for
compliance/internal policies
• Access Control
• Auditing and Logging
• Continuity Planning
• Incident Response
• Risk Assessment
• Communications Protection
• Identification and Authorisation
• Information Integrity
• Awareness and Training
• Data Loss Prevention
• Archiving
• eDiscovery
• Encryption
• S/MIME
• Legal Hold
• Rights Management

10. In practise, it looks like this

11. What does your organisation get?
•
•
•
•
•
•

12. So what does all that boil down to for ITPro’s?
It is all about customer controls!
Remembering
“A control is a process, function, in fact anything that supports
maintaining compliance”

13. Lets look at Office 365 customer controls
Identify Monitor Protect Educate

14. Data Loss
Prevention

15. 50%
Of the IT organizations will use security services firms that
specialize in data protection, security risk management and
security infrastructure management to enhance their security
postures
Source: http://www.gartner.com/newsroom/id/2828722
By 2018, Data Leakage Protection

16. What is meant by Data Loss Prevention?
in-use (endpoint actions) in-motion
(network traffic) at-rest (data storage)
[1] http://en.wikipedia.org/wiki/Data_loss_prevention_software
“Quotation...”
Good definition
http://csrc.nist.gov/groups/SNS/rbac/documents/data-loss.pdf

17. In-use controls (end-point)
• Operating System and Apps fully patched and up to date
• End-point security tools installed and correctly configured
• Firewall enabled and correctly configured
• Access to required applications only
• Access to “need to know” data
• Compliance Adherence Monitoring

18. At-rest controls

19. Country PII Financial Health
USA
US State Security Breach Laws,
US State Social Security Laws, COPPA
GLBA & PCI-DSS
(Credit, Debit Card, Checking
and
Savings, ABA, Swift Code)
Limited Investment:
US HIPPA,
UK Health Service,
Canada Health Insurance
card
Rely on Partners and ISVs
Germany
EU data protection,
Drivers License, Passport National Id
EU Credit, Debit Card,
IBAN, VAT, BIC, Swift Code
UK
Data Protection Act,
UK National Insurance, Tax Id, UK
Driver License, Passport
EU Credit, Debit Card,
IBAN, BIC, VAT, Swift Code
Canada
PIPED Act,
Social Insurance, Drivers License
Credit Card,
Swift Code
France
EU data protection,
Data Protection Act,
National Id (INSEE),
Drivers License, Passport
EU Credit, Debit Card,
IBAN, BIC, VAT,
Swift Code
Japan
PIPA,
Resident Registration, Social
Insurance, Passport, Driving License
Credit Card,
Bank Account,
Swift Code

20. Establishing DLP
•
•
•
Australian sensitive
information types
provided by Microsoft
• Bank Account Number
• Driver's License Number
• Medicare Account
Number
• Passport Number
• Tax File Number

21. DEMO: Data Loss
Prevention

22. eDiscovery

23. What do we means by eDiscovery?
[2] Wikipedia (http://en.wikipedia.org/wiki/Electronic_discovery)

24. eDiscovery Process
Find relevant content (documents, emails, Lync conversions)DISCOVERY
PRESERVATION
Place content on legal hold to prevent content modification
and/or removal
Collect and send relevant content for processing
Prepare files for review
PRODUCTION
REVIEW
Lawyers determine which content will be
supplied to opposition
Provide relevant content to opposition
COLLECTION
PROCESSING

25. Office 365 eDiscovery Centre

26. In-place Hold

27. Find what you need
•
•

28. Export for action

29. eDiscovery Considerations
• Recoverable Items quotas separate from mailbox quotas and
need to be monitored
• In-Place Hold vs. Single Item Recovery vs. Retention Hold
• Hybrid data sources

30. eDiscovery Reports

31. Important Benefits
• Centrally managed proactive enforcement
• Reduced collection touch points
• Consistent and repeatable
• Transparent to users
• Minimises the need for offline copies, until they are needed
• Instantly searchable/exportable

32. DEMO:
eDiscovery

33. Auditing

34. Reporting and Auditing

35. SharePoint – Auditing Features

36. SharePoint Audit Reports

37. DEMO: Document
Fingerprinting

38. DEMO: Encrypted
Email

39. Q & A

40. Wrap Up
• Data Loss Prevention
• eDiscovery
• Auditing
• Document Fingerprinting
• Encrypted Emails

41. Edge Pereira
edge@superedge.net
www.facebook.com/edgepmo
www.twitter.com/superedge
www.superedge.net

42. Learn More
TechEd 2014 Office 365 Security and
Compliance
https://channel9.msdn.com/Events/TechEd/Australia/2014/OSS
304
Office 365 Trust Centre
http://office.microsoft.com/en-au/business/office-365-trust-
center-cloud-computing-security-FX103030390.aspx
Office Blogs
http://blogs.office.com/2013/10/23/cloud-services-you-can-
trust-security-compliance-and-privacy-in-office-365/
Governance, risk management, and
compliance
http://en.wikipedia.org/wiki/Governance,_risk_management,
_and_compliance
Office 365 Service Descriptions
http://technet.microsoft.com/en-
us/library/jj819284%28v=technet.10%29
Useful Links

44. DLP extensibility points

45. Content Analysis Process
Content analysis process
Joseph F. Foster
Visa: 4485 3647 3952 7352
Expires: 2/2012
Get
Content
4485 3647 3952 7352  a 16 digit number
is detected
RegEx
Analysis
1. 4485 3647 3952 7352  matches checksum
2. 1234 1234 1234 1234  does NOT match
Function
Analysis
1. Keyword Visa is near the number
2. A regular expression for date (2/2012)
is near the number
Additional
Evidence
1. There is a regular expression that matches
a check sum
2. Additional evidence increases confidence
Verdict

46. Office 365 Message Encryption – Encrypt messages to any SMTP address
Information Rights Management – Encrypt content and restrict usage; usually
within own organization or trusted partners
S/MIME – Sign and encrypt messages to users using certificates
Encryption Solutions in Office 365

47. Registry Key Outlook Client