Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding best practices in classifying sensitive data

Similar presentations


Presentation on theme: "Understanding best practices in classifying sensitive data"— Presentation transcript:

1 Understanding best practices in classifying sensitive data
9/14/2018 6:51 PM BRK3385 Understanding best practices in classifying sensitive data Wesley Holley Program Manager © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 41 % 50 % 58 % 85 % 88 % Protecting information in a mobile world
9/14/2018 6:51 PM Protecting information in a mobile world Employees say mobile business apps change how they work 41 % 50 % Growth in data volume year over year 58 % Have accidentally sent sensitive information to the wrong person 85 % Enterprise organizations keep sensitive information in the cloud 88 % Organizations unable to prevent loss of sensitive data without automatic protection © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 How do I protect my data? 9/14/2018 6:51 PM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Areas of Focus Intelligence powered insights
Identity & access management Areas of Focus Threat protection Intelligence powered insights Reduce total cost of ownership Protection beyond Office 365 Platform Information protection Security management Compliance solutions

5 Microsoft’s approach to information protection
9/14/2018 6:51 PM Microsoft’s approach to information protection Comprehensive protection of sensitive data throughout the lifecycle – across devices, apps, cloud services and on-premises Detect Classify Protect Monitor Devices cloud On premises © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 MICROSOFT’S INFORMATION PROTECTION TECHNOLOGIES
Microsoft’s information protection solutions AZURE INFORMATION PROTECTION Classify, label & protect files – beyond Office 365, including on-prem & hybrid MICROSOFT CLOUD APP SECURITY Visibility into 15k+ cloud apps, data access & usage, potential abuse DETECT OFFICE 365 DLP Prevent data loss across Exchange Online, SharePoint Online, OneDrive for Business OFFICE 365 ADVANCED SECURITY MANAGEMENT Visibility into Office 365 app usage and potential data abuse ISV APPLICATIONS Enable ISV partners to consume labels, apply protection MICROSOFT’S INFORMATION PROTECTION TECHNOLOGIES MONITOR MONITOR CLASSIFY WINDOWS INFORMATION PROTECTION Separate personal vs. work data on Windows 10 devices and prevent work data from traveling to non-work locations OFFICE APPS Protect sensitive information while working in Excel, Word, PowerPoint, Outlook MESSAGE ENCRYPTION Send encrypted s in Office 365 to anyone – inside or outside of the company PROTECT PROTECT OFFICE 365 ADVANCED DATA GOVERNANCE Apply retention and deletion policies to sensitive and important data in Office 365 CONDITIONAL ACCESS Control access to files based on policy, such as identity, machine configuration, geo location SHAREPOINT & GROUPS Protect files in libraries and lists

7 Classifying Data Content Extraction …
“For business expenses during fiscal year 2017, the following card holders have been issued corporate cards: Madeline Sawyer /19 Miguel Boisvert /19 For inquiries about expenses, contact Sara Davis in Merchant Services ( x012) and …”

8 Classifying Data Assessing content as a whole or identifying elements within it 9 “For business expenses during fiscal year 2017, the following card holders have been issued corporate cards: Madeline Sawyer /19 Miguel Boisvert /19 For inquiries about expenses, contact Sara Davis in Merchant Services ( x012) and …” X X SUM = 91 x 9 = 819 MOD 10 = 9

9 Classifying Data Assessing content as a whole or identifying elements within it “For business expenses during fiscal year 2017, the following card holders have been issued corporate cards: Madeline Sawyer /19 Miguel Boisvert /19 For inquiries about expenses, contact Sara Davis in Merchant Services ( x012) and …” Keywords: “card holders”, “cards” Other patterns: Expiration date “4/19” Result: Credit Card Number (95% confidence)

10 Classifying Data Assessing content as a whole or identifying elements within it 8 “For business expenses during fiscal year 2017, the following card holders have been issued corporate cards: Madeline Sawyer /19 Miguel Boisvert /19 For inquiries about expenses, contact Sara Davis in Merchant Services ( x012) and …” X X SUM = 47 x 9 = 423 MOD 10 = 3

11 Data Protection Process
Policy Enforcement Content Extraction Data Classification

12 Detection Configuration
Microsoft 2016 9/14/2018 6:51 PM Detection Configuration Count & Confidence Settings Grouping & Operators Control & Granularity © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Demo: Configuring classification in policies
Microsoft 2016 9/14/2018 6:51 PM Demo: Configuring classification in policies © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Detection Configuration
Microsoft 2016 9/14/2018 6:51 PM Detection Configuration Count & Confidence Settings Grouping & Operators Control & Granularity Modify Built-in Sensitive Types Creating Custom Sensitive Types © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Classifying Data IdMatch – the pattern you are looking for
Proximity window – the area in which we’ll look for supportive evidence Match – any additional evidence to corroborate the match Proximity window “... Date: 9/13/2014 Record Number Patient’s last name: Valenti …” Record Number Patient’s <Match> <IdMatch>

16 Demo: Creating Custom Sensitive Types
Microsoft 2016 9/14/2018 6:51 PM Demo: Creating Custom Sensitive Types © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Detection Methods Summary
9/14/2018 6:51 PM Detection Methods Summary Regular expressions Internal functions (e.g., checksums, dates, etc.) Other evidence in proximity Large keyword dictionaries M of N keyword matches Uniqueness Grouping & logical operators Negative evidence Document fingerprints Exact Data Match (EDM) Advanced fingerprinting ML-assisted classification Future © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 9/14/2018 6:51 PM Exact Data Match (EDM) Detects exact values stored in a database or file Match only on data you specify Match on individual values or combinations of them Stores fingerprints — no actual PII stored Name: Sara Davis SSN: SSN First Name Last Name Sara Davis John Doe Name: John Doe SSN: © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Sensitive Type Authoring UX
9/14/2018 6:51 PM Sensitive Type Authoring UX Custom sensitive types seeing immense adoption, rapidly growing Building authoring on top of XML Create & test before deploying © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 MICROSOFT’S INFORMATION PROTECTION TECHNOLOGIES
AZURE INFORMATION PROTECTION Classify, label & protect files – beyond Office 365, including on-prem & hybrid MICROSOFT CLOUD APP SECURITY Visibility into 15k+ cloud apps, data access & usage, potential abuse DETECT OFFICE 365 DLP Prevent data loss across Exchange Online, SharePoint Online, OneDrive for Business OFFICE 365 ADVANCED SECURITY MANAGEMENT Visibility into Office 365 app usage and potential data abuse 3rd PARTY DLP Enable DLP providers to consume labels, apply protection MICROSOFT’S INFORMATION PROTECTION TECHNOLOGIES MONITOR CLASSIFY WINDOWS INFORMATION PROTECTION Separate personal vs. work data on Windows 10 devices and prevent work data from traveling to non-work locations OFFICE APPS Protect sensitive information while working in Excel, Word, PowerPoint, Outlook MESSAGE ENCRYPTION Send encrypted s in Office 365 to anyone – inside or outside of the company PROTECT OFFICE 365 ADVANCED DATA GOVERNANCE Apply retention and deletion policies to sensitive and important data in Office 365 CONDITIONAL ACCESS Control access to files based on policy, such as identity, machine configuration, geo location SHAREPOINT & GROUPS Protect files in libraries and lists

21 Please evaluate this session
Tech Ready 15 9/14/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22


Download ppt "Understanding best practices in classifying sensitive data"

Similar presentations


Ads by Google