Paul Andrew. Identity-centric environment Targeted attacks Cloud computing Regulatory/compliance issues Consumerization of IT Key trends affecting security.

Slides:



Advertisements
Similar presentations
Common Question Who can benefit from Cloud? Every enterprise today can benefit from Cloud.
Advertisements

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
“ “ Accidental with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “
Optimize for Software + Services Archiving Archiving Protect CommunicationsProtect Communications Advanced SecurityAdvanced Security Manage.
Respond to customer feedback through agile development Deliver new features and valueTrust and compliance Cloud value Continuous innovation with confidence.
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.
Security challenges Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of s a day Using Thousands of.
Security Best-in-class security with over a decade of experience building Enterprise software & Online services Physical and data security with.
Why Compliance Legal and Regulatory requirements Organizational governance requests Internal and external threats Today’s Challenges Duplicate solutions.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Office 365 Trust Center Answer key questions of Security Compliance Officers Dynamic engaging content that is refreshed every two weeks
PreserveDiscover In-Place Archive with secondary quota Available on-prem, online, or EOA Lync Archives into Exchange Search across Primary & Archive –
OSP214. SECURITY PRIVACY RELIABILITY & SERVICE CONTINUITY COMPLIANCE.
What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.
Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.
Welcome to the Exchange 2013 Webcast Archiving, eDiscovery, & Data Loss Prevention.
EXL302-R. Storage Management Balance mailbox size demands with available storage resources Reduce the proliferation of.PST files stored outside of IT.
Introduction to Exchange Server 2010 Omar El-Sherif Solutions Specialist – Unified Communications Microsoft Egypt.
Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.
Version 2.0 for Office 365 Wave 15. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureAdministering.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
Beyond just & storage and simple document editing.
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
IT Roundtable Archiving Presented by: RKL eSolutions 1/18/2012.
OUC207. Identity-centric environment Targeted attacks Cloud computing Regulatory/compliance issues Consumerisation of IT Key trends affecting security.
Virtual techdays INDIA │ 9-11 February 2011 Security Discussion: Ask the Experts M.S.Anand │ MTC Technology Specialist │ Microsoft Corporation Anirudh.
Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.
Module 14: Configuring Server Security Compliance
Module 9 Configuring Messaging Policy and Compliance.
Security Best-in-class security with over a decade of experience building Enterprise software & Online services Physical and data security with access.
Sessions about to start – Get your RIG on! Microsoft Office 365 Security, Privacy, and Compliance Overview Aaron Dinnage Ben Fletcher OSS203.
Module 9 Configuring Messaging Policy and Compliance.
Ankur Kothari Microsoft Corporation. In-Place Archive with secondary quota Access documents with SkyDrive Pro Site Mailboxes enable better collaboration.
 Searching PST folders for legal discovery is costly  Multiple regulations require complicated archiving processes.
Introducing Microsoft Azure Government Steve Read Barbara Brucker.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Module 7 Planning and Deploying Messaging Compliance.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
“SaaS secure web and gateways frequently provide efficiency and cost advantages, and a growing number of offerings are delivering an improved.
The New Exchange - Archiving and Compliance Steve Chew Senior Technical Product Manager Microsoft Corporation EXL333.
Security Version 6.1 | August Need for Complete Security Stop threats at the perimeter High volume spam, phishing, viruses and.
“ “ Accidental with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “
FND2851. Mobile First | Cloud First Sixty-one percent of workers mix personal and work tasks on their devices* >Seventy-five percent of network intrusions.
Employees use multiple devices Employees use both corporate and personal applications Data is stored in various locations Cybersecurity is a top concern.
Implementing Microsoft Exchange Online with Microsoft Office 365
James Lewis and Simon Waight Office 365 security: everywhere you need it to be PRD33 1.
Be Microsoft’s first and best customer Enabling world-class and predictable customer, client, and partner experience Protecting Microsoft’s physical and.
Why Trust Office 365? Office 365 Security, Privacy and Compliance.
Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.
Securing Tomorrow’s World Microsoft Security Roadmap Ed Gibson & Steve Lamb Microsoft Ltd.
Microsoft Exchange Server 2013 Security Mick Tomlinson– Technical Instructor New Horizons.
Your Office 365 Journey Prepare, Migrate, and Operate with Barracuda
Scott Schnoll Senior Content Developer Microsoft Corporation Securing Your Exchange Deployment.
Information explosion 1.4X 44X Protect communications.
Trusting Office 365 Privacy Transparency Compliance Security.
Best-in-class enterprise backup for the mobile enterprise Prepared for [Insert customer name] [Date}
Protect communications Conditions Actions Exceptions Conditions Actions Exceptions.
Intro to the Office 365 Security & Compliance Center
Your Office 365 Journey Prepare, Migrate, and Operate with Barracuda
Do you know who your employees are sharing their credentials with
9/4/2018 6:45 PM Secure your Office 365 environment with best practices recommended for political campaigns Ethan Chumley Campaign Technology Advisor Civic.
Rights Management Services (RMS)
11/16/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Encryption in Office 365 Shobhit Sahay Technical Product Manager
Designing IIS Security (IIS – Internet Information Service)
Microsoft Data Insights Summit
Partner Facing Demo.
Presentation transcript:

Paul Andrew

Identity-centric environment Targeted attacks Cloud computing Regulatory/compliance issues Consumerization of IT Key trends affecting security 2

st Microsoft Data Center Microsoft Security Response Center (MSRC) Windows Update Active Update Xbox Live Global Foundation Services (GFS) Trustworthy Computing Initiative (TwC) BillG Memo Microsoft Security Engineering Center/ Security Development Lifecycle Malware Protection Center SAS-70 Certification ISO Certification FISMA Certification

Microsoft security best practices 24-hour monitored physical hardware Isolated customer data Secure network Encrypted data Automated operations Office 365 built-in security Office 365 customer controls Office 365 independent verification & compliance

Microsoft security best practices 24-hour monitored physical hardware Isolated customer data Secure network Encrypted data Automated operations

Seismic bracing 24x7 onsite security staff Days of backup power Tens of thousands of servers

Logically isolated customer data within Office 365 Physically separated consumer and commercial services

Network Separated Data Encrypted Networks within the Office 365 data centers are segmented. Physical separation of critical, back-end servers & storage devices from public-facing interfaces. Edge router security allows ability to detect intrusions and signs of vulnerability.

Office 365 provides data encryption BitLocker 256bit AES Encryption of messaging content in Exchange Online Information Rights Management for encryption of documents in SharePoint Online Transport Layer Security (TLS)/ Secure Sockets Layer (SSL) Third-party technology such as PGP

O365 Admin requests access Grants temporary privilege

24-hour monitored physical hardware Isolated customer data Secure network Encrypted data Automated operations Microsoft security best practices

ResponseReleaseVerificationImplementationDesignRequirementsTraining Incident response plan Final security review Release archive Execute incident response plan Use approved tools Deprecate unsafe functions Static analysis Dynamic analysis Fuzz testing Attack surface review Est. Security requirements Create quality gates / bug bars Security & privacy risk assess. Establish design requirements Analyze attack surface Threat modeling Core security training Education Administer and track security training Process Guide product teams to meet SDL requirements Accountability

Throttling to prevent DoS attacks Exchange Online baselines normal traffic & usage Ability to recognize DoS traffic patterns Automatic traffic shaping kicks in when spikes exceed normal Mitigates: Non-malicious excessive use Buggy clients (BYOD) Admin actions DoS attacks

Prevent breach

Mitigate breach

Microsoft security best practices 24-hour monitored physical hardware Isolated customer data Secure network Encrypted data Automated operations Office 365 built-in security Office 365 customer controls Office 365 independent verification & compliance

Information can be protected with RMS at rest or in motion Data protection in motion

Functionality RMS in Office 365 S/MIME ACLs (Access Control Lists) BitLocker Data is encrypted in the cloud Encryption persists with content Protection tied to user identity Protection tied to policy (edit, print, do not forward, expire after 30 days) Secure collaboration with teams and individuals Native integration with my services (Content indexing, eDiscovery, BI, virus/malware scanning) Lost or stolen hard disk

Not supported by Microsoft May encounter: Loss of functionality Compatibility issues Increased TCO New security challenges Supportability issues

Integrated with Active Directory, Azure Active Directory, and Active Directory Federation Services Enables additional authentication mechanisms: Two-factor authentication – including phone-based 2FA Client-based access control based on devices/locations Role-based access control

Empower users to manage their compliance Contextual policy education Doesn’t disrupt user workflow Works even when disconnected Configurable and customizable Admin customizable text and actions Built-in templates based on common regulations Import DLP policy templates from security partners or build your own Prevents sensitive data from leaving organization Provides an alert when data such as social security & credit card number is ed. Alerts can be customized by Admin to catch intellectual property from being ed out.

In-Place ArchiveGovernanceHoldeDiscovery Secondary mailbox with separate quota Managed through EAC or PowerShell Available on-premises, online, or through EOA Automated and time-based criteria Set policies at item or folder level Expiration date shown in message Capture deleted and edited messages Time-based in-place hold Granular query-based in-place hold Optional notification Web-based eDiscovery Center and multi-mailbox search Search primary, in-place archive, and recoverable items Delegate through roles- based administration De-duplication after discovery Auditing to ensure controls are met SearchPreserve

Comprehensive protection Multi-engine antimalware protects against 100% of known viruses Continuously updated anti-spam protection captures 98%+ of all inbound spam Advanced fingerprinting technologies that identify and stop new spam and phishing vectors in real time Easy to use Preconfigured for ease of use Integrated administration console Granular control Mark all bulk messages as spam Block unwanted based on language or geographic origin

Independent verification & compliance Microsoft security best practices 24-hour monitored physical hardware Isolated customer data Secure network Encrypted data Automated operations Office 365 built-in security Office 365 customer controls Office 365 independent verification & compliance

“I need to know Microsoft is doing the right things” Microsoft provides transparency

ISO SOC HIPAA FERPA HMG IL2 EUMC CertMarketRegion SSAE/SOCFinanceGlobal ISO27001Global EUMCEurope FERPAEducationU.S. FISMAGovernmentU.S. HIPAAHealthcareU.S. HITECHHealthcareU.S. ITARDefenseU.S. HMG IL2GovernmentUK CJISLaw EnforcementU.S. Certification status Queued or In Progress

Data Centers for North America customers

35 Security and information protection is critical to Office 365 There are three areas of Security for Office 365: 1. Built in security 2. Customer controls 3. 3 rd party verification and certification

36 Office 365 Trust Center ( Office 365 privacy whitepaper Office 365 security whitepaper and service description Office 365 standard responses to request for information Office 365 information security management framework

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.