Accelerate GDPR compliance with the Microsoft Cloud Ole Tom Seierstad National Security Officer Microsoft Norway

Similar documents
U susret GDPR regulativi Dočekajmo spremni Maj 2018

This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.

By 2020, a corporate no-cloud policy will be as rare as a no-internet policy is today. 1

Accelerate GDPR compliance with the Microsoft Cloud

Morgan Independent Software Vendor Lead

QBS Talks. June GDPR a Microsoft perspective Ole Kjeldsen, CTO Microsoft DK

Closing Keynote: Addressing Data Privacy and GDPR on Microsoft Data Platform Technologies. Ronit Reger, Senior Program Manager at Microsoft

Microsoft 365 Das modern Büro der Zukunft

Our Mission. Empower every person and every organization on the planet to achieve more.

Today s top THREAT ACTORS pose unique challenges

Avanade Zerouno : Cloud Experience. Version 1.0 May 16, 2017 Author(s): Ivan Loreti

Kimberly Nelson Executive Director Government Solutions US SLG. March 2017

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

What is Dell EMC Cloud for Microsoft Azure Stack?

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος

Compliance & Security in Azure. April 21, 2018

COMPLIANCE IN THE CLOUD

Klaus Schwab, Founder & Executive Chairman

Enterprise Mobility + Security

Microsoft Azure. The cloud platform for digital transformation

Matt Holden-Milner Richard Willmott

Hyper scale Infrastructure is the enabler

Microsoft + SUSE This partnership gets stronger every day

CAN MICROSOFT HELP MEET THE GDPR

Die intelligente Cloud als Kernelement der IT Transformation. Dr. Bernd Kiupel Business Group Lead Cloud & Enterprise, Microsoft Schweiz

Dublin* Amsterdam. London

Amit Panchal Enterprise Technology Strategist

Accelerate GDPR compliance with the Microsoft Cloud

PostgreSQL & The Cloud

Microsoft Azure: Using the Public Cloud to solve the Big Questions

Cloud Transformation and Significance of Security

Your vision, your results, your cloud

Your vision. Your cloud.

Azure: The Cloud On Your Terms. Herns Hermida Cloud and Enterprise Business Lead Microsoft Philippines

What is Blockchain? Cryptographically Authentic Shared Distributed Ledger. Cryptographically Authentic Each transaction recorded in the database is

Introductie Intercept

Managing Microsoft 365 Identity and Access

Herausforderungen und Lösungen um Devices mit der Cloud zu verbinden. 14. Dezember 2017, München Oliver Niedung

Security & Compliance in the AWS Cloud. Amazon Web Services

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

Microsoft Security Management

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Microsoft Azure Security, Privacy, & Compliance

The growing global data platform market

Azure Everywhere. Brandon Murray, Cami Williams, David Haver, Kevin Carter, Russ Henderson

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

TRACKVIA SECURITY OVERVIEW

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

White Paper. How Organizations. Can Use The Cloud In Confidence. In business for people.

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Database Centric Information Security. Speaker Name / Title

GDPR - What does this mean for you? Accelerate GDPR compliance with the Microsoft Services. Konstantin Sviridov Andrey Ivanov.

SECURITY & PRIVACY DOCUMENTATION

HIPAA Controls. Powered by Auditor Mapping.

Microsoft 365 Business FAQs

Go mobile. Stay in control.

Accelerate your General Data Protection Regulation (GDPR) compliance journey with Microsoft 365

Identity & Access Management

Windows Server The operating system

Riverbed Xirrus Cloud Processes and Data Privacy June 19, 2018

ProCloud An Overview

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

WELCOME! Office 365 What Security Threats Worry You?

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

Data Privacy and Protection GDPR Compliance for Databases

celerate GDPR compliance h the use of new technologies oni Papanikolaou orate, External & Legal Affairs Director soft Greece, Cyprus & Malta

Introduction to AWS GoldBase

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

Altius IT Policy Collection Compliance and Standards Matrix

Google Cloud & the General Data Protection Regulation (GDPR)

Best Practices in Securing a Multicloud World

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Network Visibility and Segmentation

How do you decide what s best for you?

CipherCloud CASB+ Connector for ServiceNow

Cybersecurity Considerations for GDPR

OFFICE 365 GOVERNANCE: Top FAQ s & Best Practices. Internal Audit, Risk, Business & Technology Consulting

The Nasuni Security Model

Security Information & Policies

SAP on Azure - DataCenter Transformation

Data Security and Privacy at Handshake

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

CSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES. Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Cisco Webex Messenger

Altius IT Policy Collection Compliance and Standards Matrix

locuz.com SOC Services

Fabrizio Patriarca. Come creare valore dalla GDPR

Title: Planning AWS Platform Security Assessment?

SMS - GUI003. GDPR Information. Release Certificate SMS - GUI003. Version: 1.0 Date: 27/03/2018 Page 1 of 25

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

Overview of Archiving. Cloud & IT Services for your Company. EagleMercury Archiving

Microsoft: What s new and cool FY16

IBM services and technology solutions for supporting GDPR program

Cloud Customer Architecture for Securing Workloads on Cloud Services

BDPA Conference Windows 10

Transcription:

Accelerate GDPR compliance with the Microsoft Cloud Ole Tom Seierstad National Security Officer Microsoft Norway This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.

GDPR Compliance Simplify your privacy journey Uncover risk & take action Leverage guidance from experts

Centralize, Protect, Comply with the Cloud Process all in one place Centralize processing in a single system, simplifying data management, governance, classification, and oversight. Maximize your protections Protect data with industry leading encryption and security technology that s always up-to-date and assessed by experts. Streamline your compliance Utilize services that already comply with complex, internationallyrecognized standards to more easily meet new requirements, such as facilitating the requests of data subjects.

Protecting customer privacy with GDPR

46% 99.9% 23% 50%

We will stand behind you with contractual commitments for our cloud services that: Meet stringent security requirements Support customers in managing data subject requests Provide documentation that enables customers to demonstrate compliance for all the other requirements of the GDPR applicable to processors and more Microsoft was the first major cloud services provider to make these commitments to its customers. Our goal is to simplify compliance for our customers with both the GDPR and other major regulations. The GDPR commitments are now available in the Online Services Terms (OST) at www.microsoft.com/licensing

How do I get started? 1 Discover Identify what personal data you have and where it resides 2 Manage Govern how personal data is used and accessed 3 Protect Establish security controls to prevent, detect, and respond to vulnerabilities & data breaches 4 Report Keep required documentation, manage data requests and breach notifications

1 Discover: Example solutions Microsoft Azure Microsoft Azure Data Catalog In-scope: Inventory: Enterprise Mobility + Security (EMS) Microsoft Cloud App Security Dynamics 365 Audit Data & User Activity Reporting & Analytics Office & Office 365 Data Loss Prevention Advanced Data Governance Office 365 ediscovery SQL Server and Azure SQL Database SQL Query Language Windows & Windows Server Windows Search

2 Manage: Example solutions Data governance: Data classification: Microsoft Azure Azure Active Directory Azure Information Protection Azure Role-Based Access Control (RBAC) Enterprise Mobility + Security (EMS) Azure Information Protection Dynamics 365 Security Concepts Office & Office 365 Advanced Data Governance Journaling (Exchange Online) Windows & Windows Server Microsoft Data Classification Toolkit

3 Protect: Example solutions Preventing data attacks: Detecting & responding to breaches: Microsoft Azure Azure Key Vault Azure Security Center Azure Storage Services Encryption Enterprise Mobility + Security (EMS) Azure Active Directory Premium Microsoft Intune Office & Office 365 Advanced Threat Protection Threat Intelligence SQL Server and Azure SQL Database Transparent data encryption Always Encrypted Windows & Windows Server Windows Defender Advanced Threat Protection Windows Hello Device Guard

4 Report: Example solutions Microsoft Trust Center Service Trust Portal Record-keeping: Reporting tools: Microsoft Azure Azure Auditing & Logging Azure Data Lake Azure Monitor Enterprise Mobility + Security (EMS) Azure Information Protection Dynamics 365 Reporting & Analytics Office & Office 365 Service Assurance Office 365 Audit Logs Customer Lockbox Windows & Windows Server Windows Defender Advanced Threat Protection

Responsibility SaaS PaaS IaaS On-prem Data governance & rights management Client endpoints Account & access management Identity & directory infrastructure Application Network controls Operating system Physical hosts Physical network Physical datacenter Microsoft Customer

38 Cloud regions worldwide North Central US United Kingdom South West US 2 West Central US West US US Gov Arizona 3 US Gov Texas 3 Central US US Gov Iowa US DoD West South Central US Canada Central US Gov Virginia Canada East US DoD East United Kingdom West East US East US 2 North Europe France 3 France 3 West Europe Germany Northeast 2 Germany Central 2 West India Central India China West 1 China East 1 South India Korea Central 3 East Asia Korea South 3 Japan East Japan West 100+ datacenters One of 3 largest networks in the world Southeast Asia 1 China datacenters operated by 21 Vianet 2 German data trustee services provided by T-systems 3 France, South Korea and US Gov datacenter regions have been announced but are not currently operational Brazil South Australia Southeast Australia East Global datacenters Sovereign datacenters

Our commitment to you To simplify your path to compliance, we are committing to GDPR compliance across our cloud services when enforcement begins on May 25, 2018. We will share our experience in complying with complex regulations such as the GDPR. Together with our partners, we are prepared to help you meet your policy, people, process, and technology goals on your journey to GDPR.

REGIONAL INDUSTRY US GOV GLOBAL Azure has the deepest and most comprehensive compliance coverage in the industry ISO 27001 ISO 27018 ISO 27017 ISO 22301 ISO 9001 SOC 1 Type 2 SOC 2 Type 2 SOC 3 CSA STAR Self-Assessment CSA STAR Certification CSA STAR Attestation Moderate JAB P-ATO High JAB P-ATO DoD DISA SRG Level 2 DoD DISA SRG Level 4 DoD DISA SRG Level 5 SP 800-171 FIPS 140-2 Section 508 VPAT ITAR CJIS IRS 1075 PCI DSS Level 1 CDSA MPAA FACT UK Shared Assessments FISC Japan HIPAA / HITECH Act HITRUST GxP 21 CFR Part 11 MARS-E IG Toolkit UK FERPA GLBA FFIEC Argentina PDPA EU Model Clauses UK G-Cloud China DJCP China GB 18030 China TRUCS Singapore MTCS Australia IRAP/CCSL New Zealand GCIO Japan My Number Act ENISA IAF Japan CS Mark Gold Spain ENS Spain DPA India MeitY Canada Privacy Laws Privacy Shield Germany IT Grundschutz workbook

Microsoft.com/GDPR

Discover Manage Protect Report Search & identify personal data Control access Classify data Protect data in the cloud Detect & Remediate threats Recordkeeping Integrate Azure search for hosted applications to locate personal data across user-defined indexes Trace and identify personal data stored in different data sources Securely manage access to your data, applications and other resources Enforce separation of duties Easily determine and assign relative values to your data Employ advanced encryption, cryptography, and monitoring Restore data availability with a variety of recovery and Georedundant storage options Proactively prevent, detect and respond quickly to threats Deliver verifiable transparency and delivers tamper-resistant insights with activity log Leverage comprehensive compliance and privacy documentation for Azure

Discover Manage Protect Report Identify personal data Control access Set retention policies Classify content Safeguard environment Respond to threats Recordkeeping Transparency assurances Utilize ediscovery templates to identify types of personal data Easily find, classify, set policies on and manage data with Advanced Data Governance Use Advanced ediscovery to export and/or delete personal data from Exchange, SharePoint, etc. Archive and preserve content across your Office 365 systems Protect email from today s sophisticated malware attacks with Advanced Threat Protection Prevent sensitive records from being used by unauthorized users with Data Loss Protection Conduct risk assessments using built-in tools in the Service Assurance Dashboard Track and report on user activities with detailed Audit Logs Automatically protect against accidental disclosure by enforcing policy on sensitive data Proactively uncover and protect against advanced threats and risks with Threat Intelligence and Advanced Security Management

Discover Manage Protect Report Identify personal data Classify & label data Protect data, identities, devices & apps Detect threats & remediate Gain rich logging & reporting Quickly identify sensitive data across your environment with Azure Information Protection Discover cloud apps in your environment Gain deeper visibility into user activity Define a classification scheme for better data manageability Use Azure Information Protection to configure policies for classifying, labeling and protecting personal data Deliver consistent data protection with Azure Information Protection Protect personal data with risk-based conditional access and Privileged Identity Management Protect data in mobile devices and mobile apps with Microsoft Intune Detect data breaches with behavioral analytics and anomaly detection technologies Gain rich logging and reporting to analyze how sensitive data is distributed Monitor activities on shared data and revoke access in unexpected events with Azure Information Protection

Discover Manage Protect Report Identify and track personal data Control access Safeguard data Respond to breaches Recordkeeping Easily query databases to uncover personal data Tag data with sensitivity labels using Extended Properties Securely authenticate to your database and apply granular authorization policies Restrict access to users using Dynamic Data Masking and Row-Level Security Encrypt data whether at rest, in transit or in client applications Track and log database events to identify potential threats or security violations Use continuously learning algorithms to identify unusual or suspicious activity Track and report on all database activities with granularly configurable auditing

Discover Manage Protect Report Identify personal data Control access Classify content Define access privileges Monitor service status Recordkeeping Create reports that uncover personal data Discover, analyze and visualize personal data using Power BI Securely manage access to your data by roles, applications and other resources Classify data and protect against accidental disclosure Protect data by limiting access based on user roles Restrict access to specific highimpact fields or records Monitor service health and stayup-to-date on the latest security updates Explore Microsoft s comprehensive documentation on Dynamics 365 s compliance, security, privacy and trust offerings

Discover Manage Protect Report Locate personal data Meet compliance requirements Safeguard environment Respond to threats Recordkeeping Uncover personal data on local and connected machines Utilize sample search expression and rules to ease compliance requirements Move from password to more secure forms of authentication Protect devices with both detection-based solutions and secure-by-design techniques Audit detailed user and application actions to meet reporting auditing requirements Prevent data from leaking to unauthorized documents or locations Easily detect, investigate, contain and respond to data breaches on your network

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback