Microsoft 365: Helping accelerate your journey toward compliance - Axdata
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Microsoft 365: Helping accelerate your journey toward compliance
July Microsoft 365: Helping accelerate your journey toward compliance 2
2020
Introduction The regulatory landscape is complex and ever evolving.
For example, there are currently more than 200 updates
per day issued by 750 regulatory bodies around the
world, with new regulations being established frequently.
Microsoft 365 is uniquely suited to help facilitate your
compliance journey with a wide range of regulatory
requirements and standards, including the General Data
Protection Regulation (GDPR), ISO, and NIST.
Microsoft 365 can speed up compliance processes with tools
that integrate across your data landscape. Advanced tools
and capabilities will help you:
• Protect and govern data wherever it lives.
• Identify and take action on critical insider risks.
• Quickly investigate and respond with relevant data.
• Simplify compliance and reduce risk.
July Microsoft 365: Helping accelerate your journey toward compliance 3 2020 1. Trust is the foundation of the right security platform.
July Microsoft 365: Helping accelerate your journey toward compliance 4
2020
Our guiding principles for Security Transparency
the Microsoft 365 platform Microsoft spends over $1 billion a
year on security technology and
Through reports on our practices,
notifications to customers, and third-
illustrate our commitment to practices, with a comprehensive
approach that protects data wherever
party audits, we work tirelessly to
increase our own transparency, as well as
data security, with products and it is—and whenever you access it. that of our industry and its regulators.
services designed to help your Privacy and control Reliability
company become compliant. Your data is your data—period—and Investments in state-of-the-art hardware
we invest heavily in the right safety and infrastructure help us meet
and administrative tools to help keep it customers’ regulatory needs; anticipate
protected, whether it’s on premises, in future requirements; and continue to
the cloud, or in hybrid environments. provide the world-class availability,
recovery, and backup capabilities that
are trusted by organizations worldwide.
Compliance
At the heart of protecting privacy of
personal data, we work to help you
understand your compliance posture
against a wide range of regulations.July Microsoft 365: Helping accelerate your journey toward compliance 5 2020 2. Microsoft strengthens its security promise with action.
July Microsoft 365: Helping accelerate your journey toward compliance 6
2020
Our operational security model,
based on two decades of building
1. 2.
Physical security Logical security
enterprise software and managing
• 24-hour monitoring of datacenters. • Lockbox processes for a strictly
online services, provides a platform • Multi-factor authentication,
supervised escalation process
limit access to your data.
focused on five areas that are designed including biometric scanning
for datacenter access. • Servers run only those processes
to meet the challenges of a rapidly • Internal datacenter network is
that are whitelisted, minimizing
risk from malicious code.
segregated from the external network.
changing regulatory environment. • Role separation renders location of
• Dedicated threat management
teams proactively anticipate, prevent,
specific customer data unintelligible to
and mitigate malicious access.
personnel that have physical access.
• Port scanning, perimeter vulnerability
• Faulty drives and hardware are
scanning, and intrusion detection
demagnetized and destroyed.
prevent or detect any malicious access.July Microsoft 365: Helping accelerate your journey toward compliance 7
2020
3. 4. 5. 6.
Data security User controls Admin controls Microsoft 365 Cloud
• Encryption at rest protects • The new Office 365 Message • Multi-factor authentication protects
App Security
your data on our servers. Encryption capabilities allow users to access to services with a second
• A Cloud Access Security Broker
send encrypted and rights-protected verification method such as a phone.
• Encryption in transit with SSL/ that provides rich visibility, control,
emails to anyone, regardless of which
TLS protects your data when • Data loss prevention prevents sensitive and sophisticated analytics to
email service recipients may use.
it’s transmitted between data from leaking either inside or identify and combat cyberthreats
you and Microsoft. • Data loss prevention can be combined outside the organization while providing across all your Microsoft and
with Rights Management and user education and empowerment. third-party cloud services.
• Threat management, security
Office 365 Message Encryption.
monitoring, and file/data • Built-in mobile device management
integrity prevent or detect • S/MIME provides message security capabilities allow you to manage
any tampering of data. with certificate-based email access. access to corporate data.
• Exchange Online Protection provides • Azure Rights Management • Mobile application management
robust security and reliability against prevents file-level access without within Office mobile apps powered by
spam and malware to help protect the right user credentials. Intune provides granular controls to
your information and access to email. secure data contained in these apps.
• Built-in antivirus and antispam protection
along with advanced threat protection
safeguard against external threats.July Microsoft 365: Helping accelerate your journey toward compliance 8 2020 3. Intelligent compliance and risk management.
July Microsoft 365: Helping accelerate your journey toward compliance 9
2020
Microsoft 365 compliance
solutions help you protect data, Data loss prevention Event-driven retention
address regulations and standards, Identify, monitor, and
automatically protect sensitive
Use labels to retain content
based on when a specific
and mitigate insider risks. information stored across
Microsoft 365 locations.
type of event occurs.
Sensitive Advanced Message
information types Encryption
Identify and protect sensitive Send and receive encrypted
data including credit card, bank email messages to people inside
account, and passport numbers. and outside your organization.July Microsoft 365: Helping accelerate your journey toward compliance 10
2020
Communication Advanced Audit Insider risk Privileged access
compliance Gain visibility with new management management
auditing capabilities that
Minimize communication risks Detect, investigate, and take Help protect your organization
help with forensic and
by detecting, capturing, and action on risky activities from breaches through
compliance investigations.
remediating inappropriate in your organization. granular access control over
messages in your organization. privileged admin tasks.
Customer Lockbox Customer Key Information barriers Advanced
Maintain control over Help meet compliance Restrict communications eDiscovery
your content with explicit requirements by exercising between specific groups
Manage the end-to-end
access authorization for control over your organization’s of users inside your
workflow of internal and
service operations. encryption keys. organization to safeguard
external investigations.
internal information.11
Microsoft 365 Microsoft
Measure your progress
compliance center Compliance Score
Microsoft 365 accelerates and simplifies Monitor your overall compliance Manage compliance and reduce
the way you manage compliance and posture, review recommended compliance risks through a
actions, and configure settings to user-friendly experience that
improve your risk posture. meet complex compliance obligations. calculates a risk-based score.
Learn more about Microsoft 365 E5
Compliance Solutions
Learn more
This content includes commentary on the GDPR, as Microsoft interprets it, as of the date of publication. We’ve spent a lot of time with GDPR and like to think we’ve been thoughtful about its intent and meaning. But the
application of GDPR is highly fact-specific, and not all aspects and interpretations of GDPR are well-settled. As a result, this content is provided for informational purposes only and should not be relied upon as legal advice
or to determine how GDPR might apply to you and your organization. We encourage you to work with a legally qualified professional to discuss GDPR, how it applies specifically to your organization, and how best to
ensure compliance. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS CONTENT. ©2020 Microsoft Corporation. All rights reserved. This document is provided
“as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. This document does not provide you with any legal
rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.You can also read
