1 / 13

Presented by Jarrod Roark Director – Advanced Infrastructure Bennett Adelson

Presented by Jarrod Roark Director – Advanced Infrastructure Bennett Adelson. Security and Legal Concerns. The missing manual for SharePoint Online. Agenda. Premise Most commonly asked questions and concerns Summary Q and A. Disclaimer. I am not a lawyer!. Premise.

Download Presentation

Presented by Jarrod Roark Director – Advanced Infrastructure Bennett Adelson

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Presented by Jarrod Roark Director – Advanced Infrastructure Bennett Adelson

  2. Security and Legal Concerns The missing manual for SharePoint Online

  3. Agenda • Premise • Most commonly asked questions and concerns • Summary • Q and A

  4. Disclaimer I am not a lawyer!

  5. Premise • Problem: In my experience the number one roadblock to successfully delivering an on time and on budget online services migration/implementation are legal and security concerns inside of our clients Organization. • Solution: • Education • Policy • Controls

  6. Most common concerns relating to Online Services • Is my information safe in the cloud? • What if Microsoft gets hacked? • How do we deal with sensitive data?

  7. Is my information safe in the cloud? • You are responsible for determining whether Microsoft security meets your organization's requirements. • It is up to you to evaluate if you have particularly sensitive data, or data that must be held to a certain level of security under regulations applicable to your industry. • ISA 27001 • Safe Harbor • SSAE16 SOC1 Type II • FISMA

  8. What if Microsoft gets hacked? • Limitation on liability.  To the extent permitted by applicable law, the liability of each party, its Affiliates, and its contractors arising under this agreement is limited to direct damages up to (1) for Products other than Online Services, the amount you were required to pay for the Product giving rise to that liability and (2) for Online Services, the amount you were required to pay for the Online Service giving rise to that liability during the prior 12 months1. • Look at your existing cyber insurance policies. Does it have a cloud services rider? If not cost of adding. 1. http://www.microsoft.com/global/en-us/office365/RenderingAssets/mosa/MOSA2011Agr(NA)(ENG)(Apr2012)(HTML).htm

  9. How do we deal with sensitive data? • Levelset!

  10. How do we deal with sensitive data?Define mobility strategy. Policy + Controls = Strategy Policy Controls = How

  11. How do we deal with sensitive data? • Consider the paradigm shift to user centric management. • Work with your chosen platform, not against it. • Leverage the included and available tools before third party solutions. • RMS – Data leakage protection • DAC – Policy driven access control • Azure AD premium – user self service and role based access • Intune – mobile device management

  12. Summary • Education • Involve Security, Legal and key stakeholders BEFORE making a decision to understand concerns and address. • Lock in scope based on BUSINESS requirements, not what you can do. • Be informed on the platform • What it can and can not do. • Watch for project creep early and maintain a tight scope. • Policy • Define a mobility strategy. • Document requirements and policy early on and stick to it. • Don’t try to implement every thought or suggestion before go live. • Iterative approach based on current corporate culture, and continuously reviewed/improved. • Controls • Policy should drive controls not the other way around. • Work with the platform not against it.

  13. Q & A • Thank you! • Contact Info • Jarrod Roark • jroark@bennettadelson.com • 614-715-9068

More Related