Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Exch2010 compliance ngm f inal

1.299 visualizaciones

Publicado el

A deck covering Exchange 2010 Information Protection and Compliance that runs to about 25 -30 minutes

Publicado en: Tecnología
  • Inicia sesión para ver los comentarios

  • Sé el primero en recomendar esto

Exch2010 compliance ngm f inal

  1. 1. Exchange 2010 Protection and Compliance<br />Nathan Winters – Exchange MVP<br />
  2. 2. Exchange 2010 IPC<br />Introduction to Information Protection and Compliance (IPC)<br />The arsenal of Technical Tools!<br />Archiving<br />Multi-Mailbox Search<br />Legal Hold<br />IRM<br />Moderation<br />Enhanced Transport Rule Capabilities<br />MailTips<br />
  3. 3. Why is IPC important?<br />Large UK Retailer Leaks Payment Information via Email<br />The Information Commissioner’s Office will be able to issue fines of up to £500,000 for serious data security breaches.<br />Nearly 40% of workers have received confidential information that was not meant for them!<br />Appeal Win Lets FSA Grab Evidence for SEC <br />
  4. 4. Some of the legal factors<br />Public Sector - Freedom of Information<br />All - Data protection act<br />Finance – Financial Services Authority, SEC, BASEL2<br />RIPA - Regulation of Investigatory Powers Act 2000<br />Human Rights - Lawful business protection <br />Electronic Communications Act – Adding Disclaimers<br />US – SOX, HIPAA etc<br />
  5. 5. What does IPC mean to you?<br />It’s a policy build around the relevant laws for your industry.<br />Based on a bunch of technical tools which we try to automate<br />Monitor email – content, recipients where is it going<br />Know what is happening based on email attributes<br />Retain and Provide<br />Archiving, Retention and Discovery<br />Control and Protection – allow or prevent<br />Granular policies<br />Soft to Hard control<br />
  6. 6. Protection & Control: Soft to Hard<br />Ensure that you target the correct data with the correct policy to maximise usability<br />Retain and Provide mail where required with Archiving, Retention and Discovery<br />
  7. 7. Exchange 2010 Archiving, Retention & DiscoveryBetter mailbox management<br />
  8. 8. Why Archive? A Vicious Cycle of Volume vs. Control<br /><ul><li>PSTs difficult to discovery centrally
  9. 9. Regulatory retention schedules contribute to further volume/ storage issues </li></ul>Increasing storage and back-up costs <br />Users forcedto manage quota<br />Quota management often results in growing PSTs (Outlook auto-archive) <br />
  10. 10. Breaking the CycleWith large mailbox architecture and archiving<br />Large Mailbox Architecture<br /><ul><li> maintains performance
  11. 11. provides option for DAS-SATA storage to reduce costs </li></ul>Archiving<br />simplifies discovery, retention and legal hold <br />Archiving<br />enables simple migration of PSTS back to server <br />
  12. 12. Personal Archive<br />Overview – What is it and where does it live?<br />User goals and assumptions<br />Simple to use – OWA & Outlook<br />IT Pro goals and assumptions<br />Get rid of PSTs!<br />Easy to enable.<br />
  13. 13. Personal ArchiveUser experience<br />User can view, read, navigate, flag and reply to archived mail same as live mail <br />Folder hierarchy from primary mailbox maintained <br />Reply to message in archive puts message in live mail sent items (same as PSTs) <br />User gets conversation view scoped to Archive (same as PSTs)<br />
  14. 14. Personal Archive Search<br />Option to search archive only or both live and archived mail <br />Advanced search options work across live and archived mail<br />12<br />
  15. 15. Message Retention<br />Move Policy: automatically moves messages to the archive<br />Options: 6 months, 1 year, 2 years (default), <br /> 5 years, Never<br />User Impact: Helps keep mailbox under quota<br />Works like Outlook Auto-Archive – without PSTs!<br />Delete Policy: automatically deletes messages<br />User Impact: removes unwanted items<br />Helps keep mailbox under quota<br />Delete policies are Global (they travel to the Archive)<br />Per-item policies take priority over per-item policies <br />
  16. 16. Retention PolicesAt the folder or item level<br />Policies can be applied directly within an email <br />Policies can be applied to all email within a folder<br />Delete <br />policies <br />Archive policies <br />Expiration date stamped directly <br />on e-mail <br />
  17. 17. Legal Hold<br />Hold Policy captures all edits/deletes irrespective of user or admin access.<br />User workflow is unchanged, items captured in hidden folders in Dumpster 2.0. <br />Multi-mailbox search can retrieve items indexed in Dumpster 2.0. <br />ISSUE – Consider that the whole mailbox is put on hold, not just the granular info that you need on hold!<br />
  18. 18. Hold Policy<br />IW is told how to comply (no action needed for e-mail)<br />URL links to additional info<br />
  19. 19. Multi-Mailbox Search Simple, role based GUI<br />Delegate access to search to HR, compliance, legal manager <br />Search all mail items (email, IM, contacts, calendar) across primary mailbox, archives<br />Filtering includes: sender, receiver, expiry policy, message size, sent/receive date, cc/bcc, regular expressions, IRM protected items <br />
  20. 20. Multi-MailboxSearch<br />Additional e-discovery features<br />Search specific mailboxes or DLS<br />Export search results to a mailbox or SMTP address<br />Search results organized per original hierarchy <br />Request email alert when search is complete <br />API enables 3rd tool integration with query results for processing <br />
  21. 21. Exchange 2010 Protection and Control<br />
  22. 22. Information LeakageCan be costly on multiple fronts<br />Legal, Regulatory and Financial impacts<br />Non-compliance with regulations or loss of data can lead to significant legal fees, fines, and more<br />Damage to public image and credibility with customers<br />Financial impact on company<br />Loss of Competitive Advantage<br />Disclosure of strategic plans<br />Loss of research, analytical data, and other intellectual capital<br />
  23. 23. Message Confidentiality?<br />Enforcement tools are required—content protection should be automated.<br />
  24. 24. Automatic Content-Based Privacy<br />Exchange Server 2010 provides a single point in the organization to control the protection of e-mail messages.<br />Automatic Content-based Privacy:<br /><ul><li>Transport Rule action to apply RMS template to e-mail message
  25. 25. Transport Rules support Regex scanning of attachments in Exchange 2010 (including content)
  26. 26. Internet Confidential and Do Not Forward Policies available out of box</li></ul>22<br />
  27. 27. What is Rights Management Services?<br />Windows Platform Information Protection Technology<br />Better safeguard sensitive information <br />Protect against unauthorized viewing, editing, copying, printing, or forwarding of information<br />Limit file access to only authorized users<br />Audit trail tracks usage of protected files <br />Persistent protection <br />Protects your sensitive information no matter where it goes<br />Uses technology to enforce organizational policies <br />Authors define how recipients can use their information<br />
  28. 28. Protection via Transport Rules<br />New Transport rule action to “RMS protect”<br />Transport Rules support regular expression scanning of attachments in Exchange Server 2010<br />“Do Not Forward” policy available out of the box <br />Office 2003, Office 2007, Office 2010, and XPS documents are supported for attachment protection<br />Ability to route email for Moderation<br />
  29. 29. Protection via Transport Rules<br />
  30. 30. Rights Management Services Integration in Outlook Web Access<br />
  31. 31. Protected Content in Outlook<br />RMS Protection is applied both to the message itself and to the attachments.<br />Saved attachments retain the relevant protection (e.g. rights to view, print or copy content).<br />
  32. 32. Rights Management Services Integration in Unified Messaging<br />Unified Messaging administrators can allow incoming voice mail messages to be marked as “private”<br />Private voice mail can be protected using “Do Not Forward”, preventing forwarding or copying content<br />Private voice mail is supported in Outlook 2010 and Outlook Web Application (OWA)<br />
  33. 33. Rights Management Services Integration in Unified Messaging<br />
  34. 34. Business to Business RMSSecurely Communicate with Partners<br />Today customers can communicate using RMS between organizations by deploying ADFS and setting up trusts<br />ADFS requires a separate trust between each partner<br />ADFS isn’t supported by Exchange<br />In Exchange Server 2010, customers can federate with the Microsoft Federation Gateway instead of each partner<br />A single federation point replaces individual trusts<br />Allows Exchange to act on-behalf-of users for decryption<br />Senders can control how their data is accessed by 3rd parties<br />By using federation, RMS can allow organizations and applications to access data on-behalf-of individuals<br />Specifically they can specify whether recipient organizations can archive e-mails in the clear<br />RMS administrator can control which 3rd parties can access data using federated authentication (allow/block list)<br />
  35. 35. Outlook Protection Rules<br />Allows an Exchange administrator to define client-side rules that will protect sensitive content in Outlook automatically<br />Rules can be mandatory or optional depending on requirements<br />Rules look at the following predicates:<br />Sender’s department (HR, R&D, etc.)<br />Recipient’s identity (specific user or distribution list)<br />Recipient’s scope (all within the organization, outside, etc.)<br />Rules are automatically retrieved from Exchange using Autodiscover and Exchange Web Services<br />
  36. 36. Outlook Protection Rules<br />Step 1: User creates a new message in Outlook 2010.<br />Step 2: User adds a distribution list to the To line.<br />Step 3: Outlook detects a sensitive distribution list (DL) and automatically protects as MS Confidential.<br />Company Confidential - This content is confidential and proprietary information intended for company employees only and provides the following user rights: View, Reply, Reply All, Save, Edit, Print and Forward. Permission granted by:<br />
  37. 37. Manage Inbox Overload<br />Help Reduce Unnecessary and Undeliverable E-Mail Through New Sender MailTips<br />Remove Extra Steps and E-Mail<br />Limit Accidental E-Mail<br />Reduce Non-Delivery Reports<br />33<br />
  38. 38. Key takeaways<br />Personal Archive gives seamless user experience and removes need for PSTs<br />Deep support for IRM<br />Automation enables ease of use and administration<br />Wide range of granular controls from Soft to Hard<br />