Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος
Providing clarity and consistency for the protection of personal data The General Data Protection Regulation (GDPR) imposes new rules on organizations in the European Union (EU) and those that offer goods and services to people in the EU, or that collect and analyze data tied to EU residents, no matter where they are located. Enhanced personal privacy rights Increased duty for protecting data Mandatory breach reporting Significant penalties for non-compliance Microsoft believes the GDPR is an important step forward for clarifying and enabling individual privacy rights
Protecting customer privacy with GDPR
Trust Protect your organization, data and people Integrated intelligent security Transparency and control Privacy by design Compliance leadership
GDPR Compliance Simplify your privacy journey Uncover risk & take action Leverage guidance from experts
How do I get started? 1 Discover Identify what personal data you have and where it resides 2 Manage Govern how personal data is used and accessed 3 Protect Establish security controls to prevent, detect, and respond to vulnerabilities & data breaches 4 Report Keep required documentation, manage data requests and breach notifications
1 Discover: In-scope: Inventory: Example solutions Microsoft Azure Microsoft Azure Data Catalog Enterprise Mobility + Security (EMS) Microsoft Cloud App Security Dynamics 365 Audit Data & User Activity Reporting & Analytics Office & Office 365 Data Loss Prevention Advanced Data Governance Office 365 ediscovery SQL Server and Azure SQL Database SQL Query Language Windows & Windows Server Windows Search
SEARCH
Translated to SQL technologies... Inventory personal data in database systems T-SQL Queries, Full Text search 1 Discover Review access model, understand the attack surface area Data classification Track data flows and map data lineage Vulnerability Assessment
A one-stop-shop to track and improve your SQL security state Get Visibility Discover sensitive data and potential security holes Remediate Actionable remediation and security hardening steps Customize Baseline policy tuned to your environment, so you focus on deviations Report Pass internal or external audits, facilitates compliance
2 Manage: Example solutions Data governance: Data classification: Microsoft Azure Azure Active Directory Azure Information Protection Azure Role-Based Access Control (RBAC) Enterprise Mobility + Security (EMS) Azure Information Protection Dynamics 365 Security Concepts Office & Office 365 Advanced Data Governance Journaling (Exchange Online) Windows & Windows Server Microsoft Data Classification Toolkit
Assess and manage compliance risk A real-time assessment of your compliance posture with actionable insights to improve your data protection capabilities. Protect personal data Data governance and protection of your sensitive data across devices, apps both on-premises and in the cloud. Streamline processes Built in audit-ready tools that help you collaborate between teams and manage your processes.
Compliance Manager Manage your compliance from one place
MICROSOFT S APPROACH TO INFORMATION PROTECTION Comprehensive protection of sensitive data throughout the lifecycle inside and outside the organization Detect Classify Protect Monitor D E V I C E S C L O U D O N P R E M I S E S
CLASSIFY & PROTECT YOUR SENSITIVE INFORMATION - ANYTIME, ANYWHERE WITH AZURE INFORMATION PROTECTION Detect, classify and label documents with sensitive data Manual and/or automatic process Applies encrypting and rights management into the specific document Provides detailed tracking and reporting Covers open documents on devices and can now also crawl existing documents on on-premises fileshare and SharePoint servers + with Cloud App Security extend capabilities into cloud environments
Translated to SQL technologies... Manage authentication and authorization mechanisms Windows authentication, Azure AD auth, role-base security 2 Manage Properly configure database firewall Azure SQL Firewall Limit application access according to authorization principles Dynamic Data Masking, Row- Level Security ADALSQL ADO.NET 4.6
3 Protect: Preventing data attacks: Detecting & responding to breaches: Example solutions Microsoft Azure Azure Key Vault Azure Security Center Azure Storage Services Encryption Enterprise Mobility + Security (EMS) Azure Active Directory Premium Microsoft Intune Office & Office 365 Advanced Threat Protection Threat Intelligence SQL Server and Azure SQL Database Transparent data encryption Always Encrypted Windows & Windows Server Windows Defender Advanced Threat Protection Windows Hello Device Guard
DETECT Detect Abnormal Behavior & Anomalies in Cloud Apps Identify high risk usage, cloud security issues, detect abnormal user behavior in cloud apps. Identify and stop known attack pattern activities originating from risky sources with threat prevention enhanced with vast Microsoft threat intelligence
DETECT Detect Abnormal Behaviors with Windows Defender ATP Detect targeted advanced attacks and zero days. Visually investigate forensic evidence across your devices to easily uncover scope of breach, assess the entire footprint of the incident, and trace it back to identify the root cause. Search and explore 6 months of historical data across your devices
4 Report: Record-keeping: Reporting tools: Example solutions Microsoft Trust Center Service Trust Portal Microsoft Azure Azure Auditing & Logging Azure Data Lake Azure Monitor Enterprise Mobility + Security (EMS) Azure Information Protection Dynamics 365 Reporting & Analytics Office & Office 365 Service Assurance Office 365 Audit Logs Customer Lockbox Windows & Windows Server Windows Defender Advanced Threat Protection
PROTECT Protect Your Email with O365 ATP Stop malicious attachments Provide time of click protection against malicious links Stop known email threats
RESPOND Respond to Malicious Email Files with O365 ATP Remove emails found to be malicious after they land in user inbox. Intelligent filters which update based on evolving cyber threat landscape. Ability to remediate for real-time malicious emails.
RESPOND Respond to Compromised Data with Cloud App Security Identify high-risk and anomalous usage in cross cloud apps - including office 365 Get recommendations and remediation actions for next steps
Make no mistake, the GDPR sets a new and higher bar for privacy rights, for security, and for compliance. And while your journey to GDPR may seem challenging, Microsoft is here to help all of our customers around the world. Brad Smith President & Chief Legal Officer Microsoft Corporation
Why Microsoft for GDPR Best path to compliance is with the Microsoft Cloud Committed to the Highest Privacy Standards Supporting your trust with contractual assurances Industry leading security and privacy certifications Microsoft products and services are available today to help meet the GDPR requirements. Through our cloud services and on-premises solutions we help customers locate and catalog the personal data in their systems, build more secure environments, simplify management and monitoring of personal data, and provide tools and resources needed to help them meet reporting and assessment requirements. Comprehensive guidance on beginning the GDPR journey Microsoft believes that the GDPR is an important step forward for clarifying and enabling individual privacy rights. We have committed to GDPR compliance across our cloud services when enforcement begins May 25, 2018. Microsoft and our partners can help customers meet the requirements of the GDPR. Blog post: Get GDPR compliant with the Microsoft Cloud Deep Investments in products and services Microsoft was the first global cloud services provider to publicly offer contractual commitments for our services. Our contractual commitments outline how we help customers: Respond to data subject requests. Detect and report personal data breaches. Demonstrate GDPR compliance The GDPR amendments can be found in the Online Services Terms (OST) at microsoft.com/licensing Largest portfolio of cloud solutions Microsoft's services are independently verified to meet legal and compliance requirements, are financially backed, and offer transparent information on their availability. Security policies and audit reports are made available to customers and if necessary, their regulators through the Trust Center (Microsoft.com/trustcenter). Broadest partner ecosystem Microsoft has published a large library of GDPR guidance covering the four steps (Discover, Manage, Protect and Report) and our products and services. Including the Beginning you GDPR Journey, GDPR Overview and product whitepapers. These and more can be found at Microsoft.com/gdpr. We continue to publish new resources on a regular basis. Microsoft has made significant investments in our products and services to help our customers with GDPR compliance within Azure, Office 365, Windows, EMS, SQL Database and Dynamics 365. For example, Microsoft 365 delivers a range of tools and services that enable GDPR scenarios such as data discovery, governance, and protection. We designed our cloud products (including Office 365, Azure, SQL, Windows and Dynamics 365) with industry-leading privacy policies and security measures to safeguard customer data in the cloud, including the categories of personal data identified by the GDPR. Please see How our products help you meet GDPR requirements for more detail The Microsoft Partner Network includes hundreds of thousands of organizations worldwide. By working with this broad partner ecosystem we offer customers more comprehensive solutions. Many of our partners, including Accenture and EY, have developed a wide array of practices to help customers achieve GDPR compliance.
Microsoft.com/GDPR