Embed Size (px)
Citation preview
(Nie)Bezpieczeństwo danych w Office 365 - fakty i mity
Kamil Bączyk
Senior Infrastructure& Security Expert
Kamil Bączyk• Senior Infrastructure & Security Expert
• Technologie: Office 365, SharePoint, Windows Server, Microsoft Azure, Security
• Prelegent na wielu konferencjach, spotkaniach i wydarzeniach
• Autor artykułów (media online i tradycyjne) oraz webcastów
• Twitter @KamilBaczyk
• Mail: [email protected]
• Ponad 10 lat doświadczenia w IT• MCSE, MCSA, MCT
• CEH
• ITIL
Agenda
1. Jak to robi Microsoft ?
2. (Nie)Bezpieczeństwo – fakty i mity
a) Bezpieczeństwo Centrum Danych?
b) Office w chmurze?
(Bezpieczny Word z przeglądarki?)
c) Lokalna serwerownia
(Moje jest mojsze)
d) Cyber Bezpieczeństwo
(la la la NSA)
3. Podsumowanie
Jak robi to Microsoft ?
Idea
Bezpieczeństwo - rozwiązania
Gdzie są moje serwery?
Microsoft security platform components
User log-ins
Unauthorized data access
Data encryption
Malware
System updates
Enterprise security
Attacks
Phishing Denial of service
User accounts
Device log-ins
Multi-factor authentication
300B
1B
200B
Our unique intelligence
Global compliance with focus
Foundational
ISO 27001 SOC 1 Type 2 SOC 2 Type 2 ISO 27018Cloud Controls
Matrix
Industry
HIPAA /
HITECHFIPS 140-2 FERPA DISA Level 2 ITAR-readyCJIS
21 CFR
Part 11IRS 1075
FedRAMP
JAB P-ATO
FocusedEuropean Union
Model Clauses
United
Kingdom
G-Cloud
Singapore
MTCS Level 1
Australian
Signals
Directorate
Japan
Financial
Services
China Multi
Layer Protection
Scheme
China
CCCPPF
New
Zealand
GCIO
China
GB 18030
EU Safe
HarborENISA
IAF
Over 900 controls in the Office 365 compliance framework enable us to stay up to date with the ever-evolving industry standards across geographies.
Trust Microsoft’s verified services.Microsoft is regularly audited, submits self-assessments to independent 3rd party auditors, and holds key certifications.
Key certifications
United StatesCJIS
CSA CCM
DISA
FDA CFR Title 21 Part 11
FEDRAMP
FERPA
FIPS 140-2
FISMA
HIPPA/HITECH
HITRUST
IRS 1075
ISO/IEC 27001, 27018
MARS-E
NIST 800-171
Section 508 VPATs
SOC 1, 2
ArgentinaArgentina PDPA
CSA CCM
IRAP (CCSL)
ISO/IEC 27001, 27018
SOC 1, 2
SpainCSA CCM
ENISA IAF
EU Model Clauses
EU-U.S. Privacy Shield
ISO/IEC 27001, 27018
SOC 1, 2
Spain ENS
United KingdomCSA CCM
ENISA IAF
EU Model Clauses
ISO/IEC 27001, 27018
NIST 800-171
SOC 1, 2, 3
UK G-Cloud
JapanCSA CCM
CS Mark (Gold)
FISC
ISO/IEC 27001, 27018
Japan My Number Act
SOC 1, 2
SingaporeCSA CCM
ISO/IEC 27001, 27018
MTCS
SOC 1, 2
New ZealandCSA CCM
ISO/IEC 27001, 27018
NZCC Framework
SOC 1, 2
AustraliaCSA CCM
IRAP (CCSL)
ISO/IEC 27001, 27018
SOC 1, 2
European UnionCSA CCM
ENISA IAF
EU Model Clauses
EU-U.S. Privacy Shield
ISO/IEC 27001, 27018
SOC 1, 2,
ChinaChina GB 18030
China MLPS
China TRUCS
Apps and Data
SaaS
Malware Protection Center Cyber Hunting Teams Security Response Center
DeviceInfrastructure
CERTs
Identity
INTELLIGENT SECURITY GRAPH
Cyber Defense
Operations Center
Digital Crimes Unit
Antivirus NetworkIndustry Partners
PaaS IaaS
Microsoft’s Secure Approach
Gdzie są moje serwery ?
Demo
(Nie)Bezpieczeństwo– fakty i mity
Bezpieczeństwo Centrum Danych?
Office w chmurze?
Lokalna serwerownia
Logi aktywności
Cyber Bezpieczeństwo
Zero access privilege and automated operations
Office 365 Datacenter Network
Microsoft Corporate Network
Grants least privilege required to
complete task
Verify eligibility by checking if:
1. Background check completed
2. Fingerprinting completed
3. Security training completed
O365 Admin
requests access
Grants temporary
privilege
Bezpieczeństwo Centrum Danych? - Customer Lockbox
Musi być dodatkowo
włączony
Office 365 support musi
poczekać na zatwierdzenie
dostępu
Można określić na jak długo
(czas) suport ma dostęp do
danych klienta
Działa z : Exchange Online,
SharePoint Online, OneDrive
for Business
Security Management
Network perimeter
Internal network
Host
Application
Data
User
Facility
Threat and vulnerability management, security monitoring, and response, access control and monitoring, file/data integrity, encryption
Edge routers, firewalls, intrusion detection, vulnerability scanning
Dual-factor authentication, intrusion detection, vulnerability scanning
Access control and monitoring, anti-malware, patch and configuration management
Secure engineering (SDL), access control and monitoring, anti-malware
Account management, training and awareness, screening
Physical controls, video surveillance, access control
Defense in depth
Office w chmurze? DLP + RMS
Szyfrowanie wiadomości na
żądanie lub stworzenie reguł
Szyfrowana treść działa tylko
po uwierzytelnieniu
i obrębie organizacji
Własne reguły które można
łączyć (DLP + szyfrowanie)
Działa z : Exchange Online,
SharePoint Online, OneDrive
for Business
DLP + RMS
Demo
Alerting architecture
Advanced Security
Management Portal
Users Admins Microsoft Admins
Audit Data
Service
Event enrichment
Alert investigation & notification
Azure
Big data and machine learning based alerts engine
Anomaly detection
Activity policy evaluation
SMSYou have mail!
Anomaly Detection Architecture
Risks: Location User-
Agent
Admin
user?
Anonym
ous
proxy?
Time
since last
activity
ISP . .
.
Session
Risk
Session
#139 71 100 0 68 84 97
Session
#297 56 0 100 50 34 80
Session
#339 5 0 0 2 26 49
Session
#459 85 0 0 48 50 29
…
Session
#N5 76 0 0 39 40 14
Threshold
Session-based: Recent user
activities across apps, devices
and locations are combined to
create a user session
Risk score: Risk factors are
calculated for each session and
combined to calculate the total
session risk score
Alert trigger: sessions above risk
threshold trigger an alert (top k
sessions) containing risk breakdown
& related activities
User feedback: anomaly
engine is customized by
turning on/off risk factors for
specific users/groups
Advanced Security Management
Log parser
Azure
Network logs manually uploaded
Log analysis (SaaS DB)
Cloud apps
On-Premise
Network
Discovery aggregations
SaaS DB
Tenant DB
FirewallWeb proxy
App discovery architectureDiscovery
Use traffic logs to discover and analyze which cloud apps are in use
Office 365 Discovery Categories
Collaboration: SharePoint
Cloud Storage: OneDrive
WebMail: Exchange
Social Network: Yammer
Online Meeting: Skype
Log Format Compatibility
Network traffic logs include a
notification/ disclaimer that
explains if there is missing data in
the chosen format.
App permissions architectureApp permissions
Enterprise apps can integrate to Azure Active Directory to provide secure sign in and authorization for Office 365 services.
We provide a dashboard for the security admin to get visibility and control for all third party apps that users or admins consented to.
All 3rd party apps in tenant
App permissions dashboard
Azure
App permissions aggregation
Introducing Microsoft Cloud App Security
Cloud-delivered service bringing
visibility and control to cloud apps
Committed to support third-party
cloud apps
Based on the Adallom acquisition
Standalone / E5
Enterprise-grade security for your cloud apps
Lokalna serwerownia – ASM, ATP, CloudApp Security
Raporty z aktywności
serwisów, użytkowników,
logowań,
skompromitowanych kont i
lokalizacji
Import i analiza logów
Personalizacja danych
w raportach
Działa z : Exchange Online,
SharePoint Online, OneDrive
for Business
CloudApp Security, ASM, ATP
Demo
24-hour monitored
physical hardware
Isolated customer data
Secure networkEncrypted data
Automated operations
Microsoft security best
practices
Built-in security
Customer controls
Independent verification
Office 365 Security
Isolated Customer Data
Data in Cloud
Encryption: In transit and at rest
In transit SSL/TLS encryption protects:
• Client to server communications
• Server to server communications
• Datacenter to datacenter communications
At rest protects:
• Unauthorized physical access to servers/hardware in datacenters
• Theft or inappropriate handling of a disk or server
Customer
Windowscomputer
Windows server
Data disk
Customer
Windows PC
server server
Client server: SSL/TLS protected
Data disk Data disk
Server to server:SSL/TLS protected
