Data Leak Prevention: Keeping your sensitive out of the public domain Frans Oudendorp Ronny de Jong
Session objectives & takeaways Session objectives: Overview of information protection solutions How to apply these solutions effectively Key takeaways: Solid understanding of information protection solutions Use case of information protection How to adopt in your organization F
Ronny de Jong Lead Consultant InSpark Microsoft MVP @ronnydejong F
Frans Oudendorp Lead Consultant InSpark Microsoft P-TSP @oudendorp R
The challenge(s)
New way of work is driving change 41 % of employees say mobile business apps change how they work 85 % 88 % 58 % of enterprise organizations keep sensitive information in the cloud of organizations no longer have confidence to detect and prevent loss of sensitive data Have accidentally sent sensitive information to the wrong person
In the past, the firewall was the security perimeter users devices apps data On-premises / Private cloud
Now there s fewer boundaries, more data, more complexity On-premises
A few use cases
Proactive Protection Protection on access (CA) Protection on creation (AIP) Protection on use (WIP/MAM) Protection via sharing (Office 365) F
Reactive Protection Protection via sharing (Office 365 DLP) Protection via sharing (MCAS) F
The solution(s)... R
Indepth data protection Information Protection Intelligent App Security Managed Mobile Productivity Identity & Access Management 04 Comprehensive, intelligent protection against today's advanced attacks. 03 Intelligently safeguard your corporate data and enable secured collaboration. 02 Securely manage apps and data on ios, Android, and Windows from one place. 01 Centrally manage single sign-on across devices, your datacenter, and the cloud. R
Solution outline Azure Active Directory Conditional access for any app with set of conditions Microsoft Intune Adds device restrictions, device compliance & app protection Office 365 DLP Application level implementation to identify & block data access from sharing Information Protection Application level implementation to identify & block data access from sharing Cloud App Security Adds deep visibility, granular controls and enhanced threat protection for your cloud apps R
Protection on access Conditional Access R
Conditional Access "When this happens" = Conditions 10TB Controls = "Then do this" Devices Users Machin e learnin g Session Risk 3 Allow access Require MFA Real time Evaluation Engine Limit access Location Deny access Apps Policies Effective policy ****** Force password reset
Protection on creation Azure Information Protection F
Approach to information protection Comprehensive protection of sensitive data throughout the lifecycle across devices, apps, cloud services and on-premises Detect Classify Protect Monitor D E V I C E S C L O U D O N P R E M I S E S
Protection on use BitLocker Windows Information Protection R
Unified endpoint management with Intune Intune gives you the flexibility and control to secure your data on any device even those you don t manage. Shared Primary Companion Public Kiosk Information worker Contractor Company-Managed Employee-Managed 3rd-Party-Managed Secure your data on virtually any device with Intune Mobile Device Management (MDM) Mobile Application Management (MAM) Enroll devices for Provision settings, Report & measure Remove company Publish mobile management certs, profiles device compliance data from devices apps to users Conditional Access: Restrict access to managed & compliant devices Configure and Report app Secure & remove company update apps inventory & usage data within mobile apps Conditional Access: Restrict which apps can be used to access email or files
YOUR INFORMATION PR OTECTION NEEDS DEVICE PROTECTION DATA SEPARATION LEAK PROTECTION SHARING PROTECTION BitLocker enhancements in Windows 8.1 InstantGo 3 rd party BitLocker adoption Windows Information Protection Office 365 Azure Information Protection
Protection on sharing Office 365 & Office 365 DLP F
Office 365 Information Protection Exchange Message Encryption Exchange Message Rules Office 365 DLP rules
Advanced Protection on sharing Microsoft cloud App Security
How Cloud App Security works Discovery Use traffic logs to discover and analyze which cloud apps are in use. Manually or automatically upload your firewall and proxy log files for analysis. App connectors Leverage APIs provided by various cloud app providers to extend protection to Cloud App Security. App connectors Cloud discovery Proxy Access + Session Proxy apps Azure AD redirects risky sessions to the reverse proxy to apply app restrictions Your organization from any location
Recap / Common practices R
INFORMATION PROTECTION SOLUTIONS Comprehensive protection of sensitive data across devices, cloud services and onpremises environments D E V I C E S O F F I C E 3 6 5 C L O U D S E R V I C E S, S A A S A P P S & O N - P R E M I S E S PCs, tablets, mobile Exchange Online, SharePoint Online & OneDrive for Business Highly regulated Azure 3 rd -Party SaaS Datacenters, file shares Windows Information Protection & BitLocker for Windows 10 Office 365 DLP Office 365 Advanced Data Governance Intune MDM & MAM for ios & Android Azure Information Protection Microsoft Cloud App Security
Protection WORKPLACE High Roadmap to keep your sensitive out of the public domain Finish with Cloud App Security Implement Office 365 DLP Deploy Azure Information Protection Embrace Conditional Access Adopt Mobile Application Management Enable Multi-Factor Authentication Low Today Simple Complexity High Tomorrow ;-)
FUTURE READY WORKPLACE SKILLS Do you want to gain more knowledge about Microsoft technology? The Future Ready Skills program offers online courseware, online labs, live Q&A s and expert sessions, so you can acquire your official Microsoft Certificate in the most efficient way. For more information: aka.ms/frsblog
Please Complete your session evaluations http://feedback.expertslive.nl @oudendorp @RonnydeJong @Experts_Live #ExpertsLive
Next session: 13:30 14:30 Windows 10 Modern Management; the Good, the Bad and the Ugly. Pim van de Vis