Well, Ignite 2019 is off and running. And during this week I’ll be trying to cover a lot of subjects. Most of them are security & compliance related, but I’m an Office 365 consultant as well. So that’s going to be part of my blog as well.
From the key-notes
Compliance and security are a major investment-area for Microsoft. They have been for a long time, and looking at some statistics we know why:
- 75 billion devices by the end of 2019;
- 4 billion records exposed by hacks;
- 53% of organizations face insider attacks;
- 220+ regulatory updates per day;
- 8 trillions signals in the Microsoft systems regarding incidents….
- 175 Zettabytes of data in 2025…..
To handle the security and compliance when looking at these numbers, we will need a zero trust model. Or, as agent Mulder (x-files, duh….) would say: trust no one. No reactive security, but proactive..
Organizations need to think about cyberattacks as they think about and prepare for any other calamity (an electrical black-out for example). It’s disrupting your enterprise and you should prepare for this!
Two words that were used for this:
1 – Operational Resilience
2 – Cyber Recovery Plan
How many organizations do we know that include cyber into their operational resilience plans and/or have a cyber recovery plan? If you don’t: start now!
Microsoft’s CISO also covered the zero trust model @ Microsoft. His message was that it can be secure without having a negative effect on productivity. One of the most important aspects is conditional access, to make it super-easy for the users and to have the right telemetry in place. Also, security should be a boardroom discussion! Change that culture!
His top 3 aspects:
- Turn on MFa and biometrics (why do we still have to say this????);
- Stay current;
- Use Secure Score.
Intelligent compliance and risk management
This IC&RM contains four important parts.
- Information protection and governance
- Insider risk management
- Discover and respond
- Compliance management
These are some of the announcements done during Ignite 2019.
Microsoft Information Protection
MIP is now going beyond documents. The integration with PowerBI is very cool stuff. You can now classify PowerBI workspaces and the Excel-sheet associated is classified automatically. When using Edge to open a protected document, Edge can show you the permissions natively from the browser. A very nice dashboard now shows you where sensitive information is stored. This was already available in Azure Information Protection, but has been greatly improved.
Very new is the trainable classifier. This uses machine learning to create a classifier which searches for relevant/non relevant content. Based on your feedback, the classifier will be trained to detect sensitive content.
Any yes!!!! Information protection is now included into Office Online.
This allows you to group enterprise applications and assign these to specific groups of users. You can use these workspaces with Cloud App Security, so that you don’t have to manage these applications separately.
Insider Risk Management in Microsoft 365 (private preview)
This brings together existing alerts/rules but enhances this by using Delve and even external (3rd party) signals. Using an impressive dashboard, you can now do insider threat hunting based on the activity in Microsoft 365. The dashboard does not show the usernames – by default. These are made anonymous.
When drilling down to a user, you can see suspicious behavior like confidential files printed, files shared, files e-mails externally, offensive language used, files downloaded (incl. classifications). The “suspicious” part is handled by machine intelligence. The platform also includes connections to external systems, like HR platforms.
So, in the end, you can look at such a timeline:
HR (Resignation date entered) -> 140 classified documents saved to USB-drive -> 150 SharePoint files downloaded.
The platform is also based on collaboration. People from HR, IT, Security, Risk, and more can work together (using build-in workflows) on the generated cases.
The compliance score is directly related to the Secure Score. It provides you a score – related to the specific norm (GDPR, HIPPA, etc.) and includes recommendation to become more compliant. When you work from the Secure Score, this will affect the Compliance Score as-well.
In order to help you use the different compliance tools (and to find them :-)), there’s now the solution catalog. This catalog displays specific solutions for specific themes.
You can not add connectors to (corporate) social account. So these can be made part of your compliance solution as-well.
Well, that’s it for the first day.
Stay tuned for more information 🙂