Governing Your Data in O365files.informatandm.com/uploads/2018/10/Governing_Your... ·...

Governing Your Data in O365Classifying, Retaining, Complying and Discovering

#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM

David C. BroussardPrincipal Consultant

Catapult Systems

Who am I?

• Principal Consultant, O365 Evangelist, Cloud Whisperer• Been in IT since 1990, SharePoint since 2003, and Catapult since 2007

What is Governance and Why is it important?The act of affecting and monitoring (through policy) the long-term strategy and direction of an organization. In general, governance comprises:

TraditionsInstitutionsProcesses

that determine how: Change is exercisedUsers are given a voiceDecisions are made on issues of company-wide concern.

Peace, Love, and SharePoint

ProsFast to Implement

No barriers to growth

Used for anything and everything

ConsNo control on

growth

Poor security, findability,

navigation, etc.

No service assurances

The Iron Gauntlet of SharePoint

ProsCentral regulation of

Navigation, Taxonomy, security

Everything is done the “right” way

IT (Owner) is in control

ConsSlow to Implement

Don’t use new functionality until its fully

understood

Shadow IT will flourish

The challenge that we face

Used to upgrade SharePoint every version or two (every 3-5 years)Upgrades involved:

New HardwareNew FeaturesNew DesignMoving old content to the new farm – R.O.T. Analysis

Office 365 and SharePoint now upgrade continuouslyNo “Burning Platform” for new Hardware, Design, R.O.T. Analysis

Data Governance Challenges

• In the modern world of digital communication, the amount of electronic data grows exponentially, leading the company to do a daunting job of deciding what to keep and what not to keep

• 44 Zetabytes of information created each year now (and increasing)• Data stored in different repositories (example: One Drive, SharePoint,

Exchange)• Reducing compliance risk is directly proportional to reducing amount of

data and keeping only the high value data• Anything that is not adding business value, should be on the road to

deletion

Personas in Data Governance• Personas of Data Governance (Permissions/Rules)

• Compliance Officer (CO)• Ensure employees abide by internal policies and regulations set by regulatory

bodies• Continuous review of policies and regulations

• Records Manager• Oversee implementation of Data Retention, Archival and Classification • Coordinates with program managers to ensure schedules of records (retention,

creation etc.)• Monitors the insights and usage of policies and take action to ensure efficient

records management• IT Admin

• Custodian of O365 Service• Perform System maintenance and regular health checks

• Information Worker• Make use of all compliance and data governance• Understand attributes attached to a document• Auto classification of content will help them work faster

Laundry as an Analogy

Corporate Data as Laundry

Iron Mountain

O365 Data Governance From the Tenant to the Item• Retention Policies• Data Loss Prevention• Advanced Data Governance Labels• Azure Information Protection• Records Management • Workload Specific Data Governance

Tenant Level Controls

Retention PoliciesTwo competing and conflicting Priorities:

Retention of DataDeletion of Data

Lots of Locations Data is stored:ExchangeSharePoint/OneDriveFile Shares

Policies:Can apply to all workloads, or to subsets of each workloadCan Retain dataCan Delete dataCan be applied only to specific keywords or sensitive information

Demo #1 – O365 Retention Policy

Data Loss Prevention

• Created at a Tenant Level, but Applies to each Item when it is emailed or shared• Can use standard sensitive information types (Medical, Privacy, Financial)

or custom• Can apply to Email, SharePoint, and OneDrive• Can be used to track internal or external sharing

• Advanced rules can be created for complex scenarios• Content Matches, Shared, IP match, email attachments not scanned,

password protected emails, attachment file types, etc.• Can restrict access or automatically encrypt outgoing emails

Demo #2 – Data Loss Prevention

Item Level Controls

Advanced Data Governance Labels

• Applied to a specific item• Can be used to Retain the item• Can be used to Delete the item• Can be used by Data Loss Prevention to control the movement of the item• Can be used to “Recordize” the item• Each Item can have Zero or One ADG Label

• Created by Admins in the Security & Compliance Center• Two ways to apply a Label

• Published and applied by an End User• Automatically applied by O365 based on keyword or sensitive data (E5)

Demo #3 – Advanced Data Governance Labels

Azure Information Protection• Applied to an Individual Item

• Can classify an Item• Can apply Digital Rights Management to an Item• Can apply Headers, Footers, and Watermarks to an Item

• Future plans include• Ability to use as part of DLP (we think)

• Warning: O365 Search cannot decrypt DRM encrypted files• They do not appear in search• They do not appear in eDiscovery searches• eDiscovery can export and decrypt protected files• Admins can use PowerShell to encrypt and decrypt files

Demo #4 – Azure Information Protection

Workload Level Controls

Exchange Retention Labels and Policies• Same controls that have always existed in Exchange• Create in the Exchange Admin Center• Retention Tags

• Can be Default (entire mailbox, specific folder, or user applied)• Set retention period (in days)• Then Move email to Archive, Recycle Bin, or Permanently Delete

• User can apply to an item or to a folder (all items in folder inherit tag)• Retention Policies are groups of Retention Tags that can control who gets to see

what tags and what tags are automatically applied to default folders

SharePoint Records and Retention• All of the On-Premise tools are still available• Create a Records Center to “recordize” items

• Can flag as a record in place, link to Records Center, or Move item• Content Organizer looks at Metadata in Records Center an stores record• Usually entire record is immutable as opposed to ADG Label Record• Retention Policy of Content Type determines how long a record is kept

When to use what?• Need to apply retention rules across SharePoint, Exchange, Groups and Skype?

• If the answer is yes, then O365 Governance is the best (and really only) option across the O365 platform.

• Need workflow automation around the review and disposition of documents?• If the answer is yes, the SharePoint IMPs are the way to go, as you can call custom

workflows and set multiple layers of actions.• Need to identify and retain content based on information contained in a document?

• If the answer is yes, O365 Governance provides the ability to search and retain documents based on keywords or “sensitive information” policies.

• Need to be able to apply different policies per site and library?• If the answer is yes, then SharePoint IMPs allow this level of detailed designations.

• Need the ability to designate some document are “records”?• Both O365 and SharePoint have similar records functionality.• O365 Governance provides the ability to designate records based on information

contained in the content of a document.• SharePoint provides the ability to apply record designation manually or via the outcome

of a workflow.• Document retention and disposition policies general and simple?

• If the answer is yes, O365 Governance can provide an effective solution.

Questions

David C. BroussardDavid.Broussard@catapultsystems.com@dbroussahttps://blogs.catpaultsystems.com/dbroussard

Governing Your Data in O365files.informatandm.com/uploads/2018/10/Governing_Your... ·...

Documents

Enrolling Windows 10 Devices Using Azure AD: VMware … · ENROLLING WINDOWS 10 DEVICES USING AZURE AD: VMWARE WORKSPACE ONE UEM OPERATIONAL TUTORIAL GUIDE | 6 Integrating Azure AD

10 Mind Blowing Facts About SAP And Azure

Azure & Open Source Azure Ecosystem - pershing.com.t€¦ · Azure & Open Source Azure Ecosystem. ... Docker on Azure ... •Jenkins and Hudson Plugins PaaS Websites •Azure Java

Streaming IoT Analytics with the PI Integrator for Azure, Cortana … · 2015. 10. 1. · Azure, Cortana Intelligence and Azure IoT ... Cortana Intelligence Suite SQL Server 2016

Azure IaaS Workshop - Microsoft Azure...2015/10/01 · Ten-day workshop TEN DAY WORKSHOP* •Windows Azure identity services •Windows Azure Active Directory •Data Management •

Azure RTOS GUIX - download.microsoft.com · Microsoft Azure RTOS, Azure RTOS FileX, Azure RTOS GUIX, Azure RTOS GUIX Studio, Azure RTOS NetX, Azure RTOS NetX Duo, Azure RTOS ThreadX,

Azure VMs + Log Shipping + Automationfiles.informatandm.com/uploads/2018/10/Azure_VMs_Log... · 2018-10-17 · Azure VMs + Log Shipping + Automation A Budget Conscious DR Solution

Website 10 03 Azure Schools

Sonata Software Datacenter Modernization - Microsoft Azure€¦ · 01/10/2015 · Integration Services Azure Data Lake Azure DW Data Factory Azure IOT Hub Azure Machine ... Global

Accelerate Azure Journey and Value with CAST Highlightdoc.casthighlight.com/wp-content/uploads/2017/02/Azure... · 2018-10-25 · Accelerate Azure Journey and Value with CAST Highlight

Azure Prime: Azure Mobile Apps Azure Mobile Engagement

AZURE STANDARD Healthy Food · 2018-10-10 · 4 Azure Standard HEALTHY FOOD 2018/2019 Call us at (971) 200-8350 Visit us online at AzureStandard.com Azure Standard HEALTHY FOOD 2018/2019

Pro PowerShell for Microsoft Azure - Home - Springer978-1-4842-06… · · 2017-08-25Pro PowerShell for Microsoft Azure Sherif Talaat ... Chapter 10: Azure Identity and ... Azure

Delivering Real-Time Data with Azure · 2019-10-16 · Azure Event Hubs Azure IoT Hub Apache Kafka Data Storage Azure ... Spark Streaming Analytical Data Store SQL DW Hbase Spark

Windows 10 IoT-Core to Azure IoT Suite

Delivering continuously to 10 Million users

Microsoft Azure Essentials Security... · Protecting Your Virtual Machines As you move into Virtual Machines and compute, the Azure Security Center uses machine learning to continuously

Big Data solution benchmak - Amazon Web Services8kmprod.s3.amazonaws.com/wp-content/uploads/2016/10/8KMiles_… · 7 Azure SQL DWH Microsoft Azure Azure SQL Data Warehouse, Azure

Azure CDN Solution Overview · 2019-10-10 · Cannot rely on Internet alone to deliver Azure workloads. Delivering content from the edge of the internet Azure. Delivering content

Azure Stack: An extension of Azure - Marquam Stack White Paper... · 2018-01-31 · Version 2.0 7/10/2017 Azure Stack: An extension of Azure The information herein is for informational