What email address or phone number would you like to use to sign in to Docs.com?
If you already have an account that you use with Office or other Microsoft services, enter it here.
Or sign in with:
Signing in allows you to download and like content, and it provides the authors analytical data about your interactions with their content.
Embed code for: 17.01.26.O365Club_3e_End2EndDataGovernance_Compliance_Governance
Select a size
Information Governance & Compliance (Data Governance, eDiscovery, Auditing)
Patrick Van Asch Office 365 Product Marketing Manager firstname.lastname@example.org Dirk Gullentops Office 365 Technical Professional email@example.com 73% orgs indicated security as a top challenge holding back SaaS adoption 89% of orgs required to govern content for compliance or business continuity purposes 63% of orgs state transparency challenges restrict them from growing their cloud usage Top 3 cloud concerns Best-in-class security with over a decade of experience building Enterprise software and online services Privacy by design with a commitment to use customers’ information only to deliver services Office 365 Built-in capabilities and customer controls Commitment to meeting industry standards and delivering a rich set of applications which enable organizational compliance Transparency in our operations so you can monitor the state of your service, track issues, and have historical view of availability Office 365 Service Compliance What is Office 365’s commitment to meeting and staying up to date with the ever-evolving industry standards across geographies? Global, hyper-scale, enterprise-grade infrastructure Enterprise reliability via 100+ data centers and Microsoft’s global network edge No standing access to data, transparent operational model, and financial-backed 99.9% SLA Secure by design operationalized at the physical, logical, and data layers Compliance leadership with standards including ISO 27001/27018, FedRAMP, FISMA, and EU Model Clauses United States______ CJIS CSA CCM DISA FDA CFR Title 21 Part 11 FEDRAMP FERPA FIPS 140-2 FISMA HIPAA/HITECH HITRUST IRS 1075 ISO/IEC 27001, 27018 MARS-E NIST 800-171 Section 508 VPATs SOC 1, 2 United Kingdom___ CSA CCM ENISA IAF EU Model Clauses ISO/IEC 27001, 27018 NIST 800-171 SOC 1, 2, 3 UK G-CloudSpain___ CSA CCM ENISA IAF EU Model Clauses EU-U.S. Privacy Shield ISO/IEC 27001, 27018 SOC 1, 2 Spain ENS Singapore____ CSA CCM ISO/IEC 27001, 27018 MTCS SOC 1, 2 New Zealand____ CSA CCM ISO/IEC 27001, 27018 NZCC Framework SOC 1, 2, Japan____ CSA CCM CS Mark (Gold) FISC ISO/IEC 27001, 27018 Japan My Number Act SOC 1, 2 European Union___ CSA CCM ENISA IAF EU Model Clauses EU-U.S. Privacy Shield ISO/IEC 27001, 27018 SOC 1, 2, China____ China GB 18030 China MLPS China TRUCS Austrailia____ CSA CCM IRAP (CCSL) ISO/IEC 27001, 27018 SOC 1, 2 Argentina____ Argentina PDPA CSA CCM IRAP (CCSL) ISO/IEC 27001, 27018 SOC 1, 2 Key Certifications Commitment to meeting industry standards Over 900 controls in the Office 365 compliance framework enable us to stay up to date with the ever- evolving industry standards across geographies Microsoft is regularly audited, submits self-assessments to independent 3rd party auditors and holds key certifications Office 365 Compliance Solutions What solutions does Microsoft provide to bring data overload under control and support my ability to achieve organizational compliance? 50% year over year growth rate in electronic data 45% of orgs state lack of governance opens them to security & compliance risks 41% of orgs state enforcing a governance policy is their biggest issue Electronic data is exploding Achieving organizational compliance is challenging Office 365 In-place Compliance Solutions Meeting organizational data compliance needs Preserve vital data Organization needs Find relevant data Monitor activity Data Governance Import, store, preserve and expire data eDiscovery Quickly identify the most relevant data Auditing Monitor and investigate actions taken on data Security & Compliance Center Manage compliance for all your data across Office 365 Compliance vision Productivity first Educate and empower end users to be compliant without affecting productivity In-place Deliver rich, low cost compliance via built in features Suite wide Easily apply compliance controls and access reports via a consistent UX across Office 365 workloads Office 365 compliance investment areas Security & Compliance Center Security and Compliance Center Powerful for experts, and easier for generalists to adopt Scenario oriented workflows with cross-cutting policies spanning features Powerful content discovery across Office 365 workloads Proactive suggestions leveraging Microsoft Security Intelligence Graph Microsoft Intelligent Security Graph Size Industry Geography Configuration Role Actions Profile customized recommendations Data Governance Effectively governing data is important Allows for effective knowledge sharing & business agility Proactively meet evolving compliance & legal requirements Protect against increasing threats & data leakage “In the case of litigation, we face rigorous requirements to preserve all relevant documentation, including email messages. It has been exceptionally useful to quickly segregate our searches and comply with requirements using Office 365. The results have been impressive.” 1 9 Traditional Challenges Point in time data Captures data at a point in time which miss any edits in place or from transport agents in flight Increased risks Content may be compromised moving from one environment to another Increased time Waiting for indexing increases time required to find relevant data Increased costs Having a separate copy of the data being stored significantly increases costs No service wide insights Unable to leverage service wide machine learning to draw correlations between the data Exchange Data Outsourced Data Journaling Third party outsourced journaling Many organizations transfer data to a third party hosted archiving service which has challenges 2 0 In-Place Office 365 Data Governance Office 365 In-Place Data Lifecycle Benefits of In-Place Office over Journaling Location, query or policy based Apply preservation to mailboxor SharePoint site, apply a query to hold less content, or use preservation policies Higher fidelity and lower costs Content stays in Exchange and SharePoint, which results in lower storage costs, and higher fidelity data No impact to users Seamlessly create, edit, and delete without knowing data is being preserved Reduce risk Data is not duplicated to another provider or compliance boundary. Record all actions taken on the data Insights Insights to enable you to keep what’s important, delete what’s not, and to share according to policy Data stays in-place and does not need to be continually transferred out of Office 365 providing benefits 2 1 Ingestion of data outside Office 365 In-Place data creation, retention and archiving In-Place eDiscovery Auditing Export Office 365 Compliance Data Lifecycle Retention policies Unified Retention and Disposition Policy for all of Office 365 Records management End user classification in Outlook, SharePoint, OneDrive and Groups. Event triggered records management, manual review and disposition, reporting and permissions SEC 17A-4 compliant SEC 17A-4 whitepaper covering SharePoint, OneDrive, Groups, Skype, Preservation Lock, immutability, Supervisory Review Import Drive Shipping, Network Upload and 3rd Party Data Ingestion (Facebook, Twitter, Bloomberg) through partners to provide cross platform compliance and governance Security and Compliance Center Office 365 experience to bring together all compliance and security experiences Data Governance: Where we are today Intelligent import and Retention Age, Data type and user filters when importing data into Office 365, intelligent recommendation retention policies Supervisory review Review & Reporting for email messaging and all 3rd-party data (social, instant messaging, vertical, etc.) communications PST collection tool Enterprise scale utility to gather PSTs across network to import into Office 365 Retention based on classifications Document fingerprints, content analysis, query and metadata, and site and groups Intelligent insights Help gain an accurate and intuitive understanding of how compliance features are being used in your organization and across Office 365 Data Governance: Where we are going Demo Data Governance eDiscovery eDiscovery challenges Norton Rose Fulbright – Litigation Trends Survey May 2015 Bloomberg January 2015 The cost of non-compliance The Wall Street Journal. “LPL Fined $9 Million for Email ‘Failures.’” 2013. 40% of large organizations have one or more lawsuits with $20+ million at issue Median litigation budget, excluding settlement costs, is $1.2 million Legal costs for the biggest U.S. banks alone totaled $30 billion in 2014 Office 365 eDiscovery Enabling in-place, intelligent eDiscovery, to quickly identify relevant data while decreasing cost and risk Organization eDiscovery needs Regulatory Requests Litigations Internal Investigations Preserve Identify Search Analyze Review Reducing the amount of data to quickly identify what’s relevant Beyond litigation: Investigations Self service case management tools Investigators can create & manage cases, put data on hold, perform searches and export Wide range of scenarios Regulatory compliance, employment law, HR, financial, internal business requirements Enable collaboration Between investigators & attorneys overseeing the case Identify subjects, witnesses, custodians Search for relevant subjects or witnesses or custodians Identify relevant data Search for data relevant to the investigation across Office 365 and imported data Secure access Provide access based on role, delegated access and enable security filters to scope access Rich search capabilities Real time In Place searching No waiting for indexing, always live and up-to-date across Office 365 Quickly find relevant data Proximity search, rich query syntax Make decisions Query and source statistics help you analyze Export options Export with analysis Export into review tool ➢ Light weight tagging ➢ Single-investigator cases ➢ Simple investigations ➢ Full review tools ➢ Collaboration on tagging & review ➢ Larger investigations Technology Partners Epiq Rational Enterprises Everlaw Recommind Kcura Servient iConect Zapproved iPro Zylab Mindseye ➢ Download to PST or Native Folder ➢ Manual data review ➢ Move data between locations Native export Advanced eDiscovery Intelligently explore and analyze unstructured data to quickly identify what’s relevant Predictive coding enables you to train the system to automatically distinguish between likely relevant and non-relevant documents Identify relevant documents Use clustering technology to look at documents in context and identify relationships between them Identify data relationships Use near duplicate detection to organize the data and reconstruct email threads from unstructured data to reduce what’s sent to review Organize and reduce data prior to review New advanced analytics Additional search types: fuzzy, phonic, stemming, keyword expansion, etc.; visualized filters, pivot bar, search profile (report), from-to analysis Data completeness RMS decryption, optical character recognition, additional file types and metadata Defensibility Error reporting, Search & Export analytics, auditing log enhancements Unified case management Consistency across eDiscovery & Advanced eDiscovery with one consistent UX Expansion of markets US Government Community Cloud, ITAR, data centers, e.g. Germany, China, etc. Advanced eDiscovery: Where we are going Office 365 eDiscovery partners Help to ensure the success, usage and adoption of all O365 Compliance capabilities http://partners.office.com/modern-productivity/compliance-and-security Showing a live demo of the integrated Equivio capabilities available in Office 365 Auditing Azure Active Directory Security & Compliance Center SharePoint Online Power BI Opt-in for all O365 tenants 1 billion events collected daily Office 365 Auditing Why auditing is important Increasing risk Losing intellectual property and customer data Compliance risks if data isn’t preserved Multiple sharing options Productivity requires easier collaboration Adding online services to your environment Vendors, external partners, malicious insiders Architecture Exchange Online Admin activity, end-user (mailbox) activity Security and Compliance Center Admin activity Azure Active Directory Office 365 logins, directory activity Power BI Admin activity SharePoint Online and OneDrive for Business File activity, sharing activity What data is audited? Activity API See our Microsoft IT case study for DIY ideas 300+ third party apps 2 TB downloaded each month AvePoint 4wardSharegate Sumologic Symantec Cogmotive Palerra JiJi TechnologiesPalo Alto Knowledge Vault BarracudaCloudLock Varonis HPE ArcSight Rapid7 Splunk Netskope IBM SkyHigh NetworksDell • multi-dimensional analysis • across Office 365 services • pivot on user information in AD • customizable • shareable • opt-in to initialize Aggregate Datasets • Usage by Product • Usage by Product Activity Activity Datasets • User Activity MOM (for all products) • OneDrive Account Activity MOM • SharePoint Site Activity MOM State Datasets • User Attributes • Mailbox Attributes • OneDrive Attributes • SharePoint Attributes • User Office Activations • User Products Assigned Are there times when Microsoft would have access to my data, if so who and when? Transparency Providing transparency to where your data is located and control over how and when it is being accessed is our top priority Meet Compliance Needs Customer Lockbox can help customers meet compliance obligations by demonstrating that they have procedures in place for explicit data access authorization Extended access Control Use Customer Lockbox to control access to customer content for service operations Visibility into actions Actions taken by Microsoft engineers in response to Customer Lockbox requests are logged and accessible via the Management Activity API and the Security and Compliance Center Microsoft Engineer Microsoft Manager Microsoft Approved Customer Microsoft EngineerLockbox systemCustomer Submits request 100101 011010 100011 Customer Approved Customer Lockbox This interactive data map provide specific geographic locations of our datacenters throughout the world where customer data is stored in Office 365 and Dynamics CRM Online. Where is my data? Want to know more? REGISTER FOR UPCOMING EVENTS: ▪ 21 Feb - IT INSPIRATION DAY (Microsoft Zaventem): http://aka.ms/itinspirationday ▪ 28 Mar - OFFICE365 CLUB (EBC): GDPR Updates + Keep Pace with Security Challenges “(Enterprise Mobility + Security”-focus) – http://aka.ms/o365club ▪ 25 Apr - IT INSPIRATION DAY (Microsoft Zaventem) ▪ 9 May - CIO ADVISORY BOARD ▪ 11-12 May - OFFICE365 CLUB (EBC): GDPR Updates + Windows focus (on Day1) INDICATE ON YOUR EVAL FORM WHICH EVENT YOU LIKE TO REGISTER FOR Try out Office 365 and The New Office ▪ Contact your account manager to plan a proof of concept or pilot deployment ▪ Request support through one of our partners or MCS, and FastTrack/Onboarding Services CIE’ing = Believing: participate in a Customer Immersion Experience (CIE) session with a partner or Microsoft Stay Informed • Pulse blog • Discover the #NewOffice on the Office Blog • Office 365 Trust center Monthly Episodes & OnDemand Viewing alytics, auditing log enhancements Unified case management Consistency across eDiscovery & Advanced eDiscovery with one consistent UX Expansion of markets US Government Community Cloud, ITAR, data centers, e.g. Germany, China, etc. Advanced eDiscovery: Where we are going Office 365 eDiscovery partners Help to ensure the success, usage and adoption of all O365 Compliance capabilities http://partners.office.com/modern-productivity/compliance-and-security Showing a live demo of the integrated Equivio capabilities available in Office 365 Auditing Azure Active Directory Security & Compliance Center SharePoint Online Power BI Opt-in for all O365 tenants 1 billion events collected daily Office 365 Auditing Why auditing is important Increasing risk Losing intellectual property and customer data Compliance risks if data isn’t preserved Multiple sharing options Productivity requires easier collaboration Adding online services to your environment Vendors, external partners, malicious insiders Architecture Exchange Online Admin activity, end-user (mailbox) activity Security and Compliance Center Admin activity Azure Active Directory Office 365 logins, directory activity Power BI Admin activity SharePoint Online and OneDrive for Business File activity, sharing activity What data is audited? Activity API See our Microsoft IT case study for DIY i