SPSNL17 - Secure Collaboration: Start classifying, labeling, and protecting your (most valuable) data - Bram de Jager
0 likes268 views
This document discusses how Azure Information Protection can help organizations classify, label, and protect their most sensitive data. It notes challenges around protecting data across employees, partners, customers and apps. Azure Information Protection allows automatic and manual classification of data based on sensitivity levels. Labels can then be applied to data which travel with the data and include encryption and access controls. The document demonstrates how Azure Information Protection works and integrates with applications like SharePoint. It concludes that Azure Information Protection helps secure data by understanding how to classify and protect information based on an organization's needs.
SPSNL17 - Secure Collaboration: Start classifying, labeling, and protecting your (most valuable) data - Bram de Jager
- 1. Secure Collaboration: Start classifying, labeling, and protecting your (most valuable) data Bram de Jager Lead Architect - delaware
- 3. Challenges with the complex environment Employees Business partners Customers Apps Devices Data Users Data leaks Lost device Compromised identity Stolen credentials
- 4. The problem is ubiquitous Intellectual Property theft has increased 56% rise data theft Accidental or malicious breaches due to lack of internal controls 88% of organizations are Losing control of data 80% of employees admit to use non-approved SaaS app 91% of breaches could have been avoided Organizations no longer confident in their ability to detect and prevent threats Saving files to non-approved cloud storage apps is common
- 5. Unregulated, unknown Managed mobile environment How much control do you have? On-premises Perimeter protection Identity, device management protection Hybrid data = new normal It is harder to protect
- 6. The evolution of Azure RMS DOCUMENT TRACKING DOCUMENT REVOCATION Monitor & respond LABELINGCLASSIFICATION Classification & labeling ENCRYPTION Protect ACCESS CONTROL POLICY ENFORCEMENT
- 7. Azure Information Protection DOCUMENT TRACKING DOCUMENT REVOCATION Monitor & respond LABELINGCLASSIFICATION Classification & labeling ENCRYPTION Protect ACCESS CONTROL POLICY ENFORCEMENT Full Data Lifecycle
- 8. Classify Data – Begin the Journey SECRET CONFIDENTIAL INTERNAL PUBLIC IT admin sets policies, templates, and rules PERSONAL Classify data based on sensitivity Start with the data that is most sensitive IT can set automatic rules; users can complement it Associate actions such as visual markings and protection
- 9. How Classification Works Reclassification You can override a classification and optionally be required to provide a justification Automatic Policies can be set by IT Admins for automatically applying classification and protection to data Recommended Based on the content you’re working on, you can be prompted with suggested classification User set Users can choose to apply a sensitivity label to the email or file they are working on with a single click
- 10. Apply labels based on classification %##&$^#*!~@& FINANCE CONFIDENTIAL %$^#*@& Persistent labels that travel with the document Labels are metadata written to documents Labels are in clear text so that other systems such as a DLP engine can read it and a hash of policies, rules, and user information
- 11. Protect data against unauthorized use VIEW EDIT COPY PASTE Email attachment FILE Protect data needing protection by: Encrypting data Including authentication requirement and a definition of use rights (permissions) to the data Providing protection that is persistent and travels with the data Personal apps Corporate apps
- 12. Demo Set an information protection platform for your business - in minutes
- 13. Demo – scenarios Manual and default labels Label action: content marking & RMS protection Conditions: Automatic & recommended Setting your information protection policy in minutes (administration experience)
- 14. Using variables in visual markings • ${Item.Label} for the selected label. For example: Internal • ${Item.Name} for the file name or email subject. For example: JulySales.docx • ${Item.Location} for the path and file name for documents, and the email subject for emails. For example: Sales2016Q3JulyReport.docx • ${User.Name} for the owner of the document or email, by the Windows signed in user name. For example: rsimone • ${User.PrincipalName} for the owner of the document or email, by the Azure Information Protection client signed in email address (UPN). For example: rsimone@vanarsdelltd.com • ${Event.DateTime} for the date and time when the selected label was set. For example: 8/16/2016 1:30 PM
- 15. Azure Information Protection and SharePoint SharePoint supports Information Rights Management, based on Azure RMS Not “integrated” with Azure Information Protection (yet?) Automation based on AIP SDK would be a option to auto apply labels based on context Align Data Loss Prevention with Azure Information Protection
- 16. Wrap-up
- 17. Azure Information Protection Premium P1/P2 Feature Azure Information Protection Premium P1 (EMS E3) Azure Information Protection Premium P2 (EMS E5) Manual labeling (user driven) Yes Yes View labels and watermarks in Office Yes Yes Apply content marking and RMS protection in Office Yes Yes Automatic and recommended labeling (conditions) Yes Classification, labeling and protection with MCAS Yes HYOK (Hold your own key – multi RMS server support) Yes
- 18. Key takeaways Azure Information Protection is about securing your data Helps your organization to understand and really use business information protection based on data classification Think about compliancy for the General Data Protection Regulation (GDPR), which is active as off May 25th 2018