Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding best practices in classifying sensitive data

Published byDarren Tate Modified over 6 years ago

Similar presentations

Presentation on theme: "Understanding best practices in classifying sensitive data"— Presentation transcript:

1 Understanding best practices in classifying sensitive data
9/14/2018 6:51 PM BRK3385 Understanding best practices in classifying sensitive data Wesley Holley Program Manager © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 41 % 50 % 58 % 85 % 88 % Protecting information in a mobile world
9/14/2018 6:51 PM Protecting information in a mobile world Employees say mobile business apps change how they work 41 % 50 % Growth in data volume year over year 58 % Have accidentally sent sensitive information to the wrong person 85 % Enterprise organizations keep sensitive information in the cloud 88 % Organizations unable to prevent loss of sensitive data without automatic protection © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 How do I protect my data? 9/14/2018 6:51 PM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Areas of Focus Intelligence powered insights
Identity & access management Areas of Focus Threat protection Intelligence powered insights Reduce total cost of ownership Protection beyond Office 365 Platform Information protection Security management Compliance solutions

5 Microsoft’s approach to information protection
9/14/2018 6:51 PM Microsoft’s approach to information protection Comprehensive protection of sensitive data throughout the lifecycle – across devices, apps, cloud services and on-premises Detect Classify Protect Monitor Devices cloud On premises © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 MICROSOFT’S INFORMATION PROTECTION TECHNOLOGIES
Microsoft’s information protection solutions AZURE INFORMATION PROTECTION Classify, label & protect files – beyond Office 365, including on-prem & hybrid MICROSOFT CLOUD APP SECURITY Visibility into 15k+ cloud apps, data access & usage, potential abuse DETECT OFFICE 365 DLP Prevent data loss across Exchange Online, SharePoint Online, OneDrive for Business OFFICE 365 ADVANCED SECURITY MANAGEMENT Visibility into Office 365 app usage and potential data abuse ISV APPLICATIONS Enable ISV partners to consume labels, apply protection MICROSOFT’S INFORMATION PROTECTION TECHNOLOGIES MONITOR MONITOR CLASSIFY WINDOWS INFORMATION PROTECTION Separate personal vs. work data on Windows 10 devices and prevent work data from traveling to non-work locations OFFICE APPS Protect sensitive information while working in Excel, Word, PowerPoint, Outlook MESSAGE ENCRYPTION Send encrypted s in Office 365 to anyone – inside or outside of the company PROTECT PROTECT OFFICE 365 ADVANCED DATA GOVERNANCE Apply retention and deletion policies to sensitive and important data in Office 365 CONDITIONAL ACCESS Control access to files based on policy, such as identity, machine configuration, geo location SHAREPOINT & GROUPS Protect files in libraries and lists

7 Classifying Data Content Extraction …
“For business expenses during fiscal year 2017, the following card holders have been issued corporate cards: Madeline Sawyer /19 Miguel Boisvert /19 For inquiries about expenses, contact Sara Davis in Merchant Services ( x012) and …”

8 Classifying Data Assessing content as a whole or identifying elements within it 9 “For business expenses during fiscal year 2017, the following card holders have been issued corporate cards: Madeline Sawyer /19 Miguel Boisvert /19 For inquiries about expenses, contact Sara Davis in Merchant Services ( x012) and …” X X SUM = 91 x 9 = 819 MOD 10 = 9

9 Classifying Data Assessing content as a whole or identifying elements within it “For business expenses during fiscal year 2017, the following card holders have been issued corporate cards: Madeline Sawyer /19 Miguel Boisvert /19 For inquiries about expenses, contact Sara Davis in Merchant Services ( x012) and …” Keywords: “card holders”, “cards” Other patterns: Expiration date “4/19” Result: Credit Card Number (95% confidence)

10 Classifying Data Assessing content as a whole or identifying elements within it 8 “For business expenses during fiscal year 2017, the following card holders have been issued corporate cards: Madeline Sawyer /19 Miguel Boisvert /19 For inquiries about expenses, contact Sara Davis in Merchant Services ( x012) and …” X X SUM = 47 x 9 = 423 MOD 10 = 3

11 Data Protection Process
Policy Enforcement Content Extraction Data Classification

12 Detection Configuration
Microsoft 2016 9/14/2018 6:51 PM Detection Configuration Count & Confidence Settings Grouping & Operators Control & Granularity © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Demo: Configuring classification in policies
Microsoft 2016 9/14/2018 6:51 PM Demo: Configuring classification in policies © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Detection Configuration
Microsoft 2016 9/14/2018 6:51 PM Detection Configuration Count & Confidence Settings Grouping & Operators Control & Granularity Modify Built-in Sensitive Types Creating Custom Sensitive Types © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Classifying Data IdMatch – the pattern you are looking for
Proximity window – the area in which we’ll look for supportive evidence Match – any additional evidence to corroborate the match Proximity window “... Date: 9/13/2014 Record Number Patient’s last name: Valenti …” Record Number Patient’s <Match> <IdMatch>

16 Demo: Creating Custom Sensitive Types
Microsoft 2016 9/14/2018 6:51 PM Demo: Creating Custom Sensitive Types © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Detection Methods Summary
9/14/2018 6:51 PM Detection Methods Summary Regular expressions Internal functions (e.g., checksums, dates, etc.) Other evidence in proximity Large keyword dictionaries M of N keyword matches Uniqueness Grouping & logical operators Negative evidence Document fingerprints Exact Data Match (EDM) Advanced fingerprinting ML-assisted classification Future © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 9/14/2018 6:51 PM Exact Data Match (EDM) Detects exact values stored in a database or file Match only on data you specify Match on individual values or combinations of them Stores fingerprints — no actual PII stored Name: Sara Davis SSN: SSN First Name Last Name Sara Davis John Doe Name: John Doe SSN: © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Sensitive Type Authoring UX
9/14/2018 6:51 PM Sensitive Type Authoring UX Custom sensitive types seeing immense adoption, rapidly growing Building authoring on top of XML Create & test before deploying © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 MICROSOFT’S INFORMATION PROTECTION TECHNOLOGIES
AZURE INFORMATION PROTECTION Classify, label & protect files – beyond Office 365, including on-prem & hybrid MICROSOFT CLOUD APP SECURITY Visibility into 15k+ cloud apps, data access & usage, potential abuse DETECT OFFICE 365 DLP Prevent data loss across Exchange Online, SharePoint Online, OneDrive for Business OFFICE 365 ADVANCED SECURITY MANAGEMENT Visibility into Office 365 app usage and potential data abuse 3rd PARTY DLP Enable DLP providers to consume labels, apply protection MICROSOFT’S INFORMATION PROTECTION TECHNOLOGIES MONITOR CLASSIFY WINDOWS INFORMATION PROTECTION Separate personal vs. work data on Windows 10 devices and prevent work data from traveling to non-work locations OFFICE APPS Protect sensitive information while working in Excel, Word, PowerPoint, Outlook MESSAGE ENCRYPTION Send encrypted s in Office 365 to anyone – inside or outside of the company PROTECT OFFICE 365 ADVANCED DATA GOVERNANCE Apply retention and deletion policies to sensitive and important data in Office 365 CONDITIONAL ACCESS Control access to files based on policy, such as identity, machine configuration, geo location SHAREPOINT & GROUPS Protect files in libraries and lists

21 Please evaluate this session
Tech Ready 15 9/14/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22

Download ppt "Understanding best practices in classifying sensitive data"

Similar presentations

Information explosion 1.4X 44X Protect communications.

Information explosion 1.4X 44X Protect communications.
Protect communications Conditions Actions Exceptions Conditions Actions Exceptions.

Protect communications Conditions Actions Exceptions Conditions Actions Exceptions.
Success through People with LinkedIn and O365

Success through People with LinkedIn and O365
ActiveSync & DLP management in Exchange Online

ActiveSync & DLP management in Exchange Online
9/12/2018 6:21 PM BRK2203 Protect and control your sensitive emails with new Office 365 Message Encryption capabilities Praveen Vijayaraghavan Principal.

9/12/2018 6:21 PM BRK2203 Protect and control your sensitive s with new Office 365 Message Encryption capabilities Praveen Vijayaraghavan Principal.
6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee Welly.Lee@microsoft.com.

6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee
Azure Information Protection Strategy and Roadmap

Azure Information Protection Strategy and Roadmap
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
6/17/2018 10:27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.

6/17/ :27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Office 365 Groups Governance and Compliance

Office 365 Groups Governance and Compliance
6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,

6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,
Do more with Microsoft Word and Office 365

Do more with Microsoft Word and Office 365
Optimizing Microsoft OneDrive for the enterprise

Optimizing Microsoft OneDrive for the enterprise
Understanding Multi-Geo Capabilities in Office 365

Understanding Multi-Geo Capabilities in Office 365
Protect sensitive information with Office 365 DLP

Protect sensitive information with Office 365 DLP
Location – the next frontier in analytics

Location – the next frontier in analytics
7/23/2018 6:01 PM BRK2282 Protecting complete data lifecycle using Microsoft’s information protection capabilities Gagan Gulati Alex Li Principal.

7/23/2018 6:01 PM BRK2282 Protecting complete data lifecycle using Microsoft’s information protection capabilities Gagan Gulati Alex Li Principal.
7/29/2018 4:45 PM Manage SharePoint and OneDrive in Office 365: A field guide for administrators Chris Bortlik Modern Workplace Technical Architect Microsoft.

7/29/2018 4:45 PM Manage SharePoint and OneDrive in Office 365: A field guide for administrators Chris Bortlik Modern Workplace Technical Architect Microsoft.
Microsoft Ignite /31/ :08 AM

Microsoft Ignite /31/ :08 AM

Similar presentations

Ads by Google