1 / 40

Office 365 Data Security & Compliancy

Office 365 Data Security & Compliancy. Jethro Seghers MVP Office 365 MCITP SharePoint 2010 ITILv3 Certified. Jethro Seghers. Twitter: @ jseghers E-mail: jethro.seghers@j-solutions.be Blog: http://www.j-solutions.be/blog. Consultant. Blogger. Trainer. J-Solutions.be.

alton
Download Presentation

Office 365 Data Security & Compliancy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Office 365 Data Security & Compliancy Jethro Seghers MVP Office 365 MCITP SharePoint 2010 ITILv3 Certified

  2. Jethro Seghers Twitter: @jseghers E-mail: jethro.seghers@j-solutions.be Blog: http://www.j-solutions.be/blog Consultant Blogger Trainer

  3. J-Solutions.be • Located in Belgium • Provides IT Business Consultancy • SharePoint 2010 and Online • Cloud Services – Office 365 and Windows Intune • IT as a service – MOF and ITIL v3

  4. Agenda • Office 365 • Terminology • Infrastructure settings • Exchange Online • Lync Online • SharePoint Online • Sources of Information

  5. Data Security

  6. The protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure

  7. Data Compliance

  8. Compliance is either a state of being in accordance with established guidelines, specifications, or legislation or the process of becoming so

  9. BRINGING TOGETHER CLOUD VERSIONS OF OUR MOST TRUSTED COMMUNICATIONS AND COLLABORATION PRODUCTS WITH THE LATEST VERSION OF OUR DESKTOP SUITE FOR BUSINESSES OF ALL SIZES. 

  10. Infrastructure

  11. Overview • Microsoft Datacenters & their locations • DataFlow • Privacy • Encryption • Identity Protection • Password Policies

  12. Microsoft Datacenters . • Physical Security • Secure physical access for authorized personnel only • State of the Art datacenters • Hosted Applications Security • Anti SPAM • Encryption Mail • Security Development Lifecycle • Potential threats while running a service • Exposed aspects of the service that are open to attack

  13. Microsoft Datacenters .. • Secured Office 365 Services Infrastructure • Server Monitoring via System Center • Secure Remote Access via RDS • Intrusion Detection • Network-level Security Measures • Customer Access via SSL • Uptime 99,9 % • Identity & Access Management • Access control follows the separation of duties principle and granting least privilege.

  14. Where is our data stored: Example: EMEA • A primary data center is where the application software and the customer data running on the application software are hosted. • A backup data center is used for failover purposes • Data center Dublin: Primary for F.O.P.E. • Data center The Netherlands: SharePoint Online • Dublin + The Netherlands: interchangeably Exchange Online + Lync Online

  15. What is stored in the US: EMEA • Customer Information • Microsoft Online Portal • Routing Lync Online Communications • Office 365 Authentication • Additionally, Microsoft abides by the Safe Harbor Framework for transfer of data between the European Union and the United States.

  16. Privacy .

  17. Privacy ..

  18. Encryption • HTTPS Communication with portal.microsoftonline.com • HTTPS Communication between clients and Exchange Online for all protocols • PGP: Transportation and storage of Exchange Online Messages • Lync Online: Instant Messaging, IM Federation • SharePoint Online: HTTPS Connection (only for Enterprise)

  19. Identity Protection • Identity stored in Microsoft Online • Identity federation via SSO • Granular Licenses • Different Administrator Roles

  20. Identity architecture: Identity options 1. Microsoft Online IDs 2. Microsoft Online IDs + DirSync Microsoft Office 365 Services 3. Federated IDs + DirSync Identity platform Trust Federation Gateway Exchange Online Bronze Sky customer premises Authentication platform Active Directory Federation Server 2.0 IdP SharePoint Online IdP Provisioning platform MS Online Directory Sync AD Lync Online Directory Store Service connector Admin Portal

  21. Identity options comparison • 1. MS Online IDs • 2. MS Online IDs + Dir Sync • 3. Federated IDs + Dir Sync • Appropriate for • Smaller organizations without AD on-premise • Pros • No servers required on-premise • Cons • No SSO • 2 sets of credentials to manage with differing password policies • Users and groups mastered in the cloud • Appropriate for • Orgs with AD on-premise • Pros • Users and groups mastered on-premise • Enables co-existence scenarios • Cons • No SSO • 2 sets of credentials to manage with differing password policies • Single server deployment • Appropriate for • Larger enterprise organizations with AD on-premise • Pros • SSO with corporate cred • Users and groups mastered on-premise • Password policy controlled on-premise • Enables co-existence scenarios • Cons • High availability server deployments required

  22. Password Policy • Password Restriction: 8 characters minimum and 16 characters maximum • Values allowed: • A-Z • a-z • 0-9 • ! @ # $ % ^ & * - _ + = [ ] { } | \ : ‘ , . ? / ` ~ “ < > ( ) ; • No UNICODE • Cannot contain the username alias (part before @ symbol) • Password expiry duration: • This is set to 90 days and is not configurable

  23. Password Policy • Password expiry: • Can be enabled/disable via powershell at user level • Password strength • Strong passwords require 3 out of 4 of the following: • Lowercase characters • Uppercase characters • Numbers (0-9) • Symbols (see password restrictions above) • Password history • Last password cannot be used again

  24. Password Policy • Account Lockout • After 10 unsuccessful logon attempts (wrong password), the user will need to solve a CAPTCHA dialog as part of logon.

  25. Is this Independently Verified?

  26. MS Online Certification and Compliance Finder • Certified for ISO 27001 • EU Safe Harbor • HIPAA-Business Associate Agreement • Data Processing Agreement • FISMA

  27. Exchange Online

  28. Exchange Online . • Archiving • 100 GB for E Subscriptions – 25 GB for P Subscriptions • Moderation Security/Distribution Groups • Item Level Recovery • 14 days • Transport Rules • Retention Policies – Managed Folder Assistent • Deleted Mailbox Recovery • Within 30 days

  29. Exchange Online .. • Journaling • F.O.P.E. • Auditing • Retention Hold • Only via PowerShell • Disables Retention Policies on Mailbox • Litigation Hold • Only via PowerShell • Logging of every change on a Mailbox • Mobile Device

  30. DEMO

  31. Lync Online

  32. Lync Online • Privacy Settings • External Communications • User Defined Settings • Sending files via IM • Make audio and video calls • Record Call and conferences • Federation with Lync users in other organizations • Federation with Users of public IM service providers • Dial-in Conferencing

  33. DEMO

  34. SharePoint Online

  35. SharePoint Online . • Information Management Policy – Records • Use Of Term Store & Required Fields – Content Types • Drop Off Library • Audit • Blocked File Types • Security • Versioning • Recycle Bin • Backup: 14 days

  36. SharePoint Online .. • Governance defines your security and compliancy • Very hard to maintain and to make it required. • Missing functionalities that are available on Premise.

  37. DEMO

  38. 3rd Party Tools • Backup SharePoint Online: • Metavis • AvePoint: DocAve Online • Compliance Tools: • Axceler: Control Point • AvePoint: DocAve Online

  39. Sources Of Information • Office 365 Trust Center : http://www.microsoft.com/en-us/office365/trust-center.aspx • Service Description • Office 365 Password Policy • Security White Paper • Data Boundaries

  40. Questions

More Related