Secure your complete data lifecycle using Azure Information Protection Microsoft Inspire 2/15/2018 6:55 AM Microsoft Inspire Session CE412p Secure your complete data lifecycle using Azure Information Protection Watch session video © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Microsoft Inspire 2/15/2018 6:55 AM Session objective: Learn how Azure Information Protection provides persistent protection for your data – throughout complete data lifecycle © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Data is shared more often and more widely than ever. Legal review Remote team Corporate Personal Project Lead Online backup Project Lead Private cloud Project Manager Data is shared more often and more widely than ever. Purpose of slide: Summarize the implications of the mobile-first, cloud-first world on data protection. Key takeaways With the adoption of mobility and cloud services, data is travelling to more locations than ever before. While it has helped users to become more productive and collaborative, securing and monitoring the data has become harder. To address data protection in this mobile-first, cloud-first world, it is important to step back and think holistically about the data life cycle. You need to consider what protective measures you should take along the way: when data is created or modified when a user wants to access it when data moves to mobile and cloud apps when it gets breached Sales teams Graphic designer Vendors SaaS Ex-employees Offshore teams Public Agency teams © 2017 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
How to provide persistent data protection on-premises and in the cloud Online backup Email Out of your control Mobile devices, SaaS apps On-premises SaaS apps Cloud storage Mobile devices How to provide persistent data protection on-premises and in the cloud Purpose of slide: Transition to the scenario about providing persistent data protection on-premises and in the cloud Key takeaway Even identifying the data that needs protection can be a major challenge. So how can you discover your data and keep it protected when it’s being stored in disparate locations and shared across boundaries? On-premises
Protect data on-premises and in the cloud with Azure Information Protection Classification and labeling Classify data based on sensitivity and add labels— manually or automatically. Protection Encrypt your sensitive data and define usage rights or add visual markings when needed. Monitoring Use detailed tracking and reporting to see what’s happening with your shared data and maintain control over it. Purpose of slide: Summarize benefits of Azure Information Protection Key takeaways The best way to protect data at all times, regardless of where it is stored, with whom it is shared, or if the device is running iOS, Android or Windows, is to build classification and protection into the file itself so protection can travel with the data wherever it goes. Microsoft Azure Information Protection (AIP) is designed to provide persistent data protection both on-premises and in the cloud.
Classification and labeling Policies can be set by IT Admins for automatically applying classification and protection to data. Automatic classification HIGHLY CONFIDENTIAL CONFIDENTIAL PERSONAL GENERAL Based on the content you’re working on, you can be prompted with suggested classification. Recommended classification PUBLIC You can override a classification and optionally be required to provide a justification. Manual reclassification Purpose of slide: Summarize Azure Information Protection features for classification and labeling. Key takeaways Data classification is an important part of any data governance plan. Adopting a classification scheme that applies throughout your business can be particularly helpful in responding to what the GDPR calls data subject (i.e., your EU employee or customer) requests, because it enables enterprises to identify more readily and process personal data requests. There are different levels of classifications, from public to highly confidential, and different methods for classifying data. Azure Information Protection can be used to help you classify and label your data at the time of creation or modification. Users can choose to apply a sensitivity label to the email or file they are working on with a single click. User-specified classification
Protection Protection policies IT Admins can set policies to automatically control, protect, and watermark data. Protection policies Azure Information Protection encrypts files containing personal data according to policies. File encryption Purpose of slide: Describe Azure Information Protection protection. Key takeaways After classifying and labeling data properly, securing and controlling data is the next step. Azure Information Protection provides an identity-based security approach that can be used for this purpose. Azure Information Protection gives you flexibility in defining policies to control and protect. Once you have policies in place, you can use AIP to encrypt files containing personal data and manage access rights in accordance with the appropriate policy in line with the GDPR. This screen shot shows an administrator policy that automatically protects all data labeled as “Confidential.” Visual markings such as a footer and watermark are also applied to such data.
Protection Secure sharing Safely share data with people inside and outside of your organization. Define explicit permissions for recipients, e.g., allow people to view and edit, but not print or forward. Secure sharing Purpose of slide: Discuss Azure Information Protection’s support for secure sharing Key takeaways Azure Information Protection also helps your users share sensitive data in a secure manner. In this example, information about a sensitive acquisition was encrypted and restricted to a group of people who were granted only a limited set of permissions on the information – they could modify the content but could not copy or print it. Decryption will be conditional to the user being authorized by the access policy – thereby enforcing the intended safeguards around the personal data (i.e., unauthorized persons will not have access). With the rights-based encryption in place, sharing becomes less cumbersome. You have the means to prevent personal data from leaking to unauthorized persons, with audit logs to track each access.
Demo Classify, Label and Protect sensitive data
Monitoring Distribution visibility Analyze the flow of personal and sensitive data and detect risky behaviors. Distribution visibility Track who is accessing documents and from where. Access logging Purpose of slide: Show screenshots to demonstrate how AIP enables monitoring and control of documents. Key takeaways The first screenshot shows how Azure Information Protection tracks documents geographically. You see an actual map of the location of people who have attempted to access the document “Code Blue.” You can see that, whereas most of the people who have accessed the document are in the United States, someone in Australia attempted to access the document, and was blocked. The other screenshot shows how you can revoke access and send a message stating why. Prevent data leakage or misuse by changing or revoking document access remotely. Access revocation
Demo Securely share sensitive data and monitor its distribution
Resources Follow @ https://twitter.com/MSFTMobility 2/15/2018 6:55 AM Resources Follow @ https://twitter.com/MSFTMobility Technical Documentation @ https://docs.microsoft.com For questions email AskIPteam@Microsoft.com IT Pro Blog @ https://blogs.technet.microsoft.com/enterprisemobility/ Download @ https://www.microsoft.com/en-us/download/details.aspx?id=53018 Product page @ https://www.microsoft.com/en-us/cloud-platform/azure-information-protection © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Microsoft Inspire 2/15/2018 6:55 AM Session objective: Learn how Azure Information Protection provides persistent protection for your data – throughout complete data lifecycle © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Microsoft Inspire 2/15/2018 6:55 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.