Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chris Louloudakis Technology Specialist – Identity and Access Management Microsoft Australia

Published byHenry Johnson Modified over 9 years ago

Similar presentations

Presentation on theme: "Chris Louloudakis Technology Specialist – Identity and Access Management Microsoft Australia"— Presentation transcript:

1 Chris Louloudakis Technology Specialist – Identity and Access Management Microsoft Australia chris.louloudakis@microsoft.com

2 Agenda The Business Problem Windows Rights Management Services How RMS address the problem Usage Scenarios Demo RMS components Q&A

3 What is IDA? Directory Federation Smart-cards SSO UserProvisioning WebSSO Meta-Directory VirtualDirectory OTP P/WMgmt Audit RBAC BiometricAuthN PKI ESSO RightsMgmt Directory Services Strong Authentication Federated Identity Information Protection Identity Lifecycle Management A system of procedures and policies to manage the lifecycle and entitlements of electronic credentials.

4 Information Loss and Liability are a Growing Concern among Financial Services organizations… 1 Source: Worldwide Secure Content Management 2005-2009 Forecast: The Emergence of Outbound Content Compliance, March 2005 2 Source: JupiterMedia,DRM in the Enterpise, May 2004 “Enterprises report forwarding of e-mails among their top three security breaches” – Jupiter Research “ Organizations that manage patient health information, social security numbers, and credit card numbers are being forced by government and industry regulations to implement minimal levels of security to address leakage of personal information.” – IDC

5 Horizontal Scenarios Information Protection: sensitive e-mails, board communications, financial data, price lists, HR & Legal information Corporate Governance: Sarbanes Oxley (US) Financial Services Equity Research, M&A GLB, NASD 2711 Healthcare & Life Services Research, Clinical Trials HIPAA Manufacturing & High Technology Collaborative Design, Data Protection in Outsourcing Government RFP Process, Classified Information HIPAA …Information Leakage is Broadly Reaching

6 …And Is Costly On Multiple Fronts Legal, Regulatory & Financial impacts Damage to Image & Credibility Damage to public image and credibility with customers and citizens Financial impact on organisations Leaked e-mails or memos can be embarrassing Cost of digital leakage per year is measured in $ billions Increasing number and complexity of regulations, e.g. GLBA, SOX, CA SB 1386 Non-compliance with regulations or loss of data can lead to significant legal fees, fines and/or jail time Loss of Competitive Advantage Disclosure of strategic plans, M&A info potentially lead to loss of revenue, market capitalization Loss of research, analytical data, and other intellectual capital

7 Traditional solutions protect initial access … Access Control List Perimeter No Yes Firewall Perimeter Authorized Users Unauthorized Users Information Leakage Unauthorized Users …but not usage

8 Today’s policy expression… …lacks enforcement tools

9 The Premiers Leaked memo Courtesy of the Herald Sun Feb 13 th @ 8:48 pm http://www.news.com.au/heraldsun/story/0,21985,21221914- 5005961,00.html http://www.news.com.au/heraldsun/story/0,21985,21221914- 5005961,00.html

10 How does RMS address this? Provides persistent protection for sensitive data Controls access to sensitive information no matter where it lives Secures transmission and storage of sensitive information wherever it goes – policies embedded into the content; documents encrypted with 128 bit encryption Embeds digital usage policies (print, view, edit, expiration etc. ) in to the content to help prevent misuse after delivery Helps reduce risks and enables compliance Helps organizations comply with access control, audit, and privacy policies Allows only authorized access based on Active Directory users/groups Provides Attestation via strong authentication methods Includes auditing and tracking capabilities Reduce operational costs Enables secure sharing of files and posting to shared locations, reducing paper and delivery time Digital files eliminate need to follow document destruction protocols, saving time and expense Helps automate and streamline information protection across the enterprise Provides a platform for comprehensive information protection Out-of-the-box support in Office 2003 Flexible and customizable technology Third parties can integrate RMS with client and server-based solutions Windows RMS provides organizations with the tools they need to safeguard confidential & sensitive data

11 Users without Office 2003 can view rights-protected files Enforces assigned rights: view, print, export, copy/paste & time-based expiration Secure Intranets IE w/RMA, Windows RMS Control access to sensitive info Set access level - view, change, print... Determine length of access Log and audit who has accessed rights-protected information Secure Documents Word 2003, PowerPoint 2003 Excel 2003, Windows RMS Keep corporate e-mail off the Internet Prevent forwarding of confidential information Templates to centrally manage policies Secure Emails Outlook 2003 Windows RMS Safeguard Sensitive Information with RMS Protect e-mail, documents, and Web content End User Scenarios

12 How does RMS work? Information Author The Recipient RMS Server SQL Server Active Directory 2 3 4 5 2.Author defines a set of usage rights and rules for their file; Application creates a “publishing license” and encrypts the file 3.Author distributes file 4.Recipient clicks file to open, the application calls to the RMS server which validates the user and issues a “use license” 5.Application renders file and enforces rights 1.Author receives a client licensor certificate the first time they rights-protect information 1

13 Authoring and Consuming Rights-Protected Information with Office 2003 Professional IRM

14 RMS client software An RMS-enabled application Required for creating or viewing rights-protected content Microsoft Office 2003 Editions includes RMS-enabled applications – Word, Excel, PowerPoint, Outlook Office Professional 2003 is required for creating or viewing rights-protected content Other Office 2003 Editions allows users to view—but not create—rights-protected content. Rights Management Add-on (RMA) for Internet Explorer 6.0 Allows users to view rights-protected content in a browser Enables down-level viewing support for content protected by Office 2003 RMS Solution Components Server RMS Server Runs on Windows Server 2003 (Standard, Enterprise, Web or Datacenter Editions) Provides certification and licensing Active Directory ® directory service Windows Server 2000 or later Provides a well-known unique identifier for each user E-mail address property for each user must be populated Database Server Such as Microsoft SQL Server™ or MSDE Stores configuration data and use license requests Client

15 RMS does not protect against analog attacks…

16 RMS Roadmap Highlights 2006/7 Windows Mobile H1 2007 Enables consumption and creation of protected Outlook email on Windows Mobile devices Enables consumption of protected attachments Office 2007 Microsoft Office SharePoint Server 2007 allows rights policy to be enforced consistently across the contents of a document library, while contents remain searchable InfoPath 2007 supports RMS protection Outlook RMS improvements Windows Vista A wide variety of documents, including Office 2007 documents, can be saved to the new XPS “XML Paper Specification” document format, which can be RMS- protected Built-in XPS viewer supports RMS protection and consumption of RMS protected XPS documents Exchange “2007” H1 2007 “Pre-licensing” of protected content enables mobility scenarios and performance improvements Enables RMS protection of e-mail based on policies configured at the Exchange server Longhorn Server 2007 RMS integration with Active Directory Federation Services (ADFS)

17 Office 2007 and RMS Detail New Office SharePoint Server 2007 capabilities Apply IRM protection consistently across document library IRM policy automatically protects content Departmental control over information protection Policies configured by workspace owner, not central IT Content is searchable in document library Content is RMS protected upon viewing and downloading New RMS options exposed Embargo period Offline viewing allowed, but must re-license after “N days” Requires Office 2007 Server Premium SKU But works with Office 2003 / RMS SP1 clients New Office 2007 client capabilities Infopath becomes RMS enabled Improvements to IRM protected Outlook email behavior Reply with context allows protected thread RMS icon instead of “attachment” icon in message list

18 Microsoft Office Sharepoint Server 2007 Protected Intranet Portal

19

20

21

22

23 RMS in Windows Vista For the IT Professional RMS Client included in Vista OS No separate download/deployment required For the Developer New RMS APIs in Windows Presentation Foundation Makes RMS-enabling applications easier For the Information Worker RMS support for new XML Paper Specification (XPS) file format, a fixed-layout format similar to “Electronic Paper” Enables new scenarios

24 RMS in Windows Mobile Author using Office 2003 Mobile User

25 RMS in Exchange 2007 Pre-licensing Easier consumption of rights protected messages on mobile devices and better end-user perceived performance Email and RMS use license delivered at the same time to the recipient’s inbox No extra “loop backs” to RMS server when opening mail means mail opens instantly Fewer authentication prompts for remote users Automatic, policy-based RMS protection Conditional RMS protection of messages at the Exchange server, based on administrator-configured rules No need to “trust” end users to remember to protect messages Ability to journal in clear text or in protected state, to meet privacy, archiving, and discovery requirements

26 Infrastructure Optimization Model BasicStandardizedRationalizedDynamic Uncoordinated, manual Infrastructure Knowledge not captured Managed IT Infrastructure with limited automation and knowledge capture automation and knowledge capture Managed and consolidated IT Infrastructure Infrastructure with extensive Automation Fully automated management, Knowledge capture automated and use automated Cost Center More Efficient Cost Center Business Enabler Strategic Asset Cost Value

27 IDA Optimization Model BasicStandardizedRationalizedDynamic No NOS Directory No Formal Lifecycle Processes Physical Protection User IDs and Passwords No Single Sign-On NOS Directory Deployed Directory Data & Workflow Process Standardization Encryption- Protected Content Strong Password Policy enforcement Windows SSO for applications Directory-Based Management of Desktops, Servers & Security Settings Metadirectory- Based User, Group & Password Management Enterprise Rights Management PKI/Certificate Infrastructure with Two-Factor Authentication NOS Directory Integration with Enterprise & Metadirectory Broadly Integrated Lifecycle Management Policy-Based Enterprise Rights Management Claims-Based Federated Single Sign-On & Access Control Cost Center More Efficient Cost Center Business Enabler Strategic Asset Step 1: “Get your directory house in order”

28 For More Information… General RMS www.microsoft.com/rms Microsoft IT Deployment http://www.microsoft.com/technet/itsolutions/msit/infowork/deprmsw p.mspx RMS SDK on MSDN http://msdn.microsoft.com/library/en- us/dnanchor/html/rm_sdks_overview.asp

29 © 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Download ppt "Chris Louloudakis Technology Specialist – Identity and Access Management Microsoft Australia"

Similar presentations

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft.

We have to Share Data - Now What? Jon R. Wall Security / IA Microsoft.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Identity & Security. Today's IT Security challenges Rising Internal Attacks 75% of companies report insiders responsible for breaches Growing headcount.

Identity & Security. Today's IT Security challenges Rising Internal Attacks 75% of companies report insiders responsible for breaches Growing headcount.
Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.

Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
Microsoft Confidential Solution Overview: Foxit Software Corporation’s PDF Security Suite.

Microsoft Confidential Solution Overview: Foxit Software Corporation’s PDF Security Suite.
Persistent Protection Using E-DRM Technology Jason Fasoo 06/18/2008.

Persistent Protection Using E-DRM Technology Jason Fasoo 06/18/2008.
Enterprise Desktop A Detailed Intro ved Jeppe Skovhus Gerholt © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational.

Enterprise Desktop A Detailed Intro ved Jeppe Skovhus Gerholt © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational.
PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.

PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.
Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.

Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.
Joe Schulman Program Manager, Forefront For Office

Joe Schulman Program Manager, Forefront For Office
Understanding Active Directory

Understanding Active Directory
Work Better Together Work Better Together Bring Ideas to Life Bring Ideas to Life Use Office Anywhere Use Office Anywhere Collaboration Without Compromise.

Work Better Together Work Better Together Bring Ideas to Life Bring Ideas to Life Use Office Anywhere Use Office Anywhere Collaboration Without Compromise.
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
1 © Copyright 2007 EMC Corporation. All rights reserved. EMC Documentum Information Rights Management EMC Content Management and Archiving.

1 © Copyright 2007 EMC Corporation. All rights reserved. EMC Documentum Information Rights Management EMC Content Management and Archiving.
Microsoft CRM 3.0 Features that provide values for customers.

Microsoft CRM 3.0 Features that provide values for customers.
Microsoft Office Sharepoint Server 2007 (MOSS) Overview Momentum Microsoft November 15, 2007.

Microsoft Office Sharepoint Server 2007 (MOSS) Overview Momentum Microsoft November 15, 2007.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
2007 Microsoft Office System Client/Server Capabilities Client/server capabilities of Microsoft Office Professional Enterprise Edition 2003 compared to.

2007 Microsoft Office System Client/Server Capabilities Client/server capabilities of Microsoft Office Professional Enterprise Edition 2003 compared to.
SIM318. Protect Sensitive Information Reduce risk associated with information leaks Improve regulatory compliance Centrally manage information protection.

SIM318. Protect Sensitive Information Reduce risk associated with information leaks Improve regulatory compliance Centrally manage information protection.

Similar presentations

Ads by Google