Download presentation
Presentation is loading. Please wait.
Published byCecilia Lester Modified over 5 years ago
1
Make it real: Help your customers comply with the GDPR
Microsoft Data Insights Summit 8/7/2019 2:38 AM Session code here Make it real: Help your customers comply with the GDPR David Bjurman-Birr | Security Architect François van Hemert | Security Architect © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
2
Before we get technical…
8/7/2019 2:38 AM Before we get technical… © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
3
GDPR Detailed Assessment GDPR Data Discovery Toolkit
Overall process Awareness What is the GDPR? How does it affect me? What is it I need to do? What do I have in place? Discover Identify which personal data you have and where it resides Do I have a problem? How big is my problem? Manage Govern how personal data is used and accessed How do I manage my data? How do I stay in control How to I respond to specific requests (DSR)? Protect Establish security controls to prevent, detect, and respond to vulnerabilities and data breaches Report Keep required documentation and manage data requests and breach notifications New v3 GDPR Detailed Assessment GDPR Data Discovery Toolkit GDPR 101 Foundational
4
Understand the scope 8/7/2019 2:38 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
5
Major data classifications related to GDPR
8/7/2019 2:38 AM Major data classifications related to GDPR Structured data Data in fixed fields within a record or file Found in eg databases Data model describes the types of data Unstructured data Not organized by using a data model For example PDF and word processing documents, Power Point presentations, photos, images and videos. Semi Structured Data Mix of structured and unstructured data. No strict data model Typically one or more tags or properties (meta data). For example author, title, subject, contributors. sender, recipient(s), subject, time & date © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
6
8/7/2019 2:38 AM Discover © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
7
A typical discovery engagement
Identify the data repositories, do we know where our data is, can we access it, who owns it, ….? Identify & Assess 1 Plan for Classification 2 Before we start to implement.. On-premises or online, how does the roadmap look like? Are we migrating to the cloud, staying on-premises or … Select the right solution 3 Implement 4 Build and configure; test, validate and adjust Discover & Classify 5 Analyze the data, build the inventory; label and classify
8
Defining Policies and Labels – how to start?
8/7/2019 2:38 AM Defining Policies and Labels – how to start? From the GDPR to automated data discovery and classification Legal How does the GDPR apply to my organization? Translate the regulation into customer specific requirements Business Provides insight in business processes and needs Does it fit, is it workable? Test & validate IT Required technology Technical capabilities and limitations Legal Requirements Business Requirements IT Requirements Taxonomy Policies Labels Conditions Sensitive Data Types © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
9
Recommendations and tips
8/7/2019 2:38 AM Recommendations and tips Use existing classification schema (if any) Improves adoption because it looks familiar Start with default policies and labels Why spend more time and make it more complicated? Start small and keep it simple Too many choices often means no choice at all. Use scenario’s and use cases Validate your ideas using real life use cases. Question every request for a new label Do we really need another label? Use sub-labels for key departments Only for very specific use cases. Consider scoped policies Should sales people see HR labels? Use meaningful label names If your label says GDPR, everybody needs to know what GDPR is. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
10
Introduction to Contoso
8/7/2019 2:38 AM Introduction to Contoso European Union CONTOSO © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
11
Contoso’s Discovery engagement
Terabytes of data stored on premises today Sensitivity and ownership not well understood Identify & Assess 1 Confidential / Personal Data Confidential / Finance Data Plan for Classification 2 Scan & classify the data on premises first Prioritize migration of confidential personal data to O365 Finance data will remain in place for now Select the right solution 3 AIP for classification & labels Office 365 for confidential personal data Implement 4 Discover & Classify 5 AIP Scanner to discover & classify data
12
Contoso Requirements for GDPR
8/7/2019 2:38 AM Contoso Requirements for GDPR Confidential / Financial Data Files contain credit card number(s) Remain on premises to support legacy application Block external sharing Confidential / Personal Data Files contain Contoso Customer Number(s) Migrate to protect in the cloud Support subject access rights with content search Block external sharing © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
13
Anatomy of a Contoso Customer Number
8/7/2019 2:38 AM Anatomy of a Contoso Customer Number P 9562 Alpha (Line ID = P) 4 Digits (Serial = 9562) Three Digits (Agency ID = 080) Two Digits (Year = 2015) © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
14
Contoso Schema & Taxonomy
8/7/2019 2:38 AM Contoso Schema & Taxonomy Label Taxonomy Method Confidential / Customer Data Any file with a CCN: Two digit year, > 02 Three digit agency ID, Alpha Agency ID, a-Z Serial number Search Pattern (Regex) [0-1][0-9][0-9]{3}[A-Za-z][0-9]{4} Confidential / Financial Data Credit Card Numbers Built in Sensitive Item Type © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
15
AIP Scanner - high level
8/7/2019 2:38 AM AIP Scanner - high level Azure Information Protection Sensitive Data Types Labels Policies AIP Client AIP Client AIP Scanner Data repositories on-premises Office User Inventory © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
16
8/7/2019 2:38 AM Demo Discover © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
17
8/7/2019 2:38 AM Manage © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
18
Data Classification Approach
8/7/2019 2:38 AM Data Classification Approach Labels Understand what it is you want to classify Protection 1 2a Clear purpose Retention / Deletion 2 2b Scoping a search Visual Markings 3 2c © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
19
Contoso Schema & Taxonomy
8/7/2019 2:38 AM Contoso Schema & Taxonomy Label Taxonomy Method Confidential / Customer Data Any file with a CCN: Two digit year, > 02 Three digit agency ID, Alpha Agency ID, a-Z Serial number Search Pattern (Regex) [0-1][0-9][0-9]{3}[A-Za-z][0-9]{4} Confidential / Financial Data Credit Card Numbers Built in Sensitive Item Type © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
20
8/7/2019 2:38 AM Demo Manage © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
21
8/7/2019 2:38 AM Protect © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
22
Contoso Protection Options for GDPR
8/7/2019 2:38 AM Contoso Protection Options for GDPR Two options today: Parallel classification & protection for cloud and on-premises, Custom sensitive item types in Office 365 Duplicate labels for cloud and on-premises Manually configured protection that consumes AIP label DLP file custom property MSIP_Label_<GUID>_Enabled=True © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
23
Contoso Protection Example
Exchange DLP Protection Sensitive Data Types Policies Labels? Labelled File User Data repositories On-premises © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
24
Exchange Data Loss Prevention
8/7/2019 2:38 AM Exchange Data Loss Prevention Data loss prevention policy Apply this protection . . . Protection can include: Policy tips for users report for admins Prevent sharing externally, internally, or both <define protection> . . . to documents with this type of content . . . <labels or sensitive information types> Use sensitive information types and/or labels © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
25
8/7/2019 2:38 AM Demo Protect © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
26
Download all the details
8/7/2019 2:38 AM Download all the details GDPR Data Discovery Toolkit O365 Information Protection for GDPR GDPR Detailed Assessment © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
27
Microsoft Data Insights Summit
8/7/2019 2:38 AM Thank you! © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.