WHO WILL BENEFIT FROM THIS TALK • • • • IT architects DLP developers Security developers Information Lifecycle app developers TOPICS • • • • Data management overview File Classification Infrastructure and the Data classification toolkit Classification Enhancements.

Download Report

Transcript WHO WILL BENEFIT FROM THIS TALK • • • • IT architects DLP developers Security developers Information Lifecycle app developers TOPICS • • • • Data management overview File Classification Infrastructure and the Data classification toolkit Classification Enhancements. 

WHO WILL BENEFIT FROM THIS TALK
•
•
•
•
IT architects
DLP developers
Security developers
Information Lifecycle app
developers
TOPICS
•
•
•
•
Data management overview
File Classification Infrastructure
and the Data classification toolkit
Classification Enhancements in
Windows 8
Protecting sensitive data
WHAT YOU’LL LEAVE WITH
•
•
•
Using classification to address key
challenges in managing data
across the organization
Controlling access, auditing and
encryption based on
classification
Developing products and LOB
applications that use classification
and native Windows Server 8
access, audit and encryption
policies
Growth of users
and data
?
Distributed
computing
Regulatory and
Business
Compliance
?
Budget
Constraints
Need per-project
share
Business needs can start
simple
But adding policies can
fragment the storage
infrastructure
Complexity increases the
chances of ineffective
policies and prevents
insight into business data
Ensure that
business-secret
files do not leak
out
Retain contract
data for 10 years
Classify
Data
Apply policy
according to
classification
Location based
Manual
• Based on the Folder the file is created in
• Driven by “Business owner” that sets up the folder
• Specified by Information Worker
• Templates of documents can be used for default settings
• Data entry applications that marks files created by users
Automatic
classification
• Automatic classification based on content and other characteristics
• Great solution for classifying large amounts of existing information
Application
• Line of business applications that store information on file servers
• Data management applications
Get classification properties API
for external applications
Discover
Data
Extract
classification
properties
Set classification properties API for
external applications
Classify
Data
Windows Server 2008 R2
File Classification Extensibility points
Store
classification
properties
Apply Policy
based on
classification
Get classification properties API
for external applications
Discover
Data
Extract
classification
properties
Set classification properties API for
external applications
Classify
Data
Store
classification
properties
Apply Policy
based on
classification
Windows Server
File Classification Extensibility points
 Existing APIs retained and extended
 Get/Set classification properties APIs now available to non-Admin
Classification in Windows 8
Area
Properties
Information Privacy
Information Security
Legal
Records Management
Organizational
Values
Personally Identifiable Information
High; Moderate; Low; Public; Not PII
Protected Health Information
Confidentiality
Required Clearance
High; Moderate; Low
High; Moderate; Low
Restricted; Internal Use; Public
Compliancy
SOX; PCI; HIPAA/HITECH; NIST SP 800-53; NIST SP 800-122; U.S.-EU Safe Harbor Framework; GLBA; ITAR; PIPEDA; EU
Data Protection Directive; Japanese Personal Information Privacy Act
Discoverability
Immutable
Intellectual Property
Privileged; Hold
Yes/No
Retention
Retention Start Date
Long-term; Mid-term; Short-term; Indefinite
Impact
High; Moderate; Low
Department
Engineering ;Legal; Human Resources …
Project
Personal Use
<Project>
Yes/No
Copyright; Trade Secret; Parent Application Document; Patent Supporting Document
<Date Value>
Resource Property
Definitions
Impact <- High, Moderate, Low
Personally Identifiable Information
<- High; Moderate; Low; Public; Not PII
Location based
Manual
Automatic
classification
Application
 Consume classification
properties
 Set classification properties
 Automation-compatible COM
API
 Works with native code, managed
code, or scripts
 Available through
IFsrmClassificationManager2
object
Location based
In-box content
classifier
See modified / created
file
Manual
FCI
Automatic
classification
Application
Save classification
Determine
classification
3rd party
classification
plugin
3rd party
classification
plugin
Location based
Manual
Automatic
classification
Application
FsrmClassificationManager cls =
new FsrmClassificationManager();
ICollection c = cls.EnumPropertyDefinitions
(_FsrmEnumOptions.FsrmEnumOptions_None);
foreach (IFsrmPropertyDefinition p in c)
{
/*...*/
}
File Classification with Websense DLP
• Accurate Content Classification
• Easily customizable
• Fully integrated with Websense Data
Security Suite
Data Loss Prevention
File Classification with Websense DLP
Microsoft
“Windows Server 8”
Websense TRITON
Manager
Websense Endpoint Agent
Microsoft
FCI
Data Classifier
Policy Engine
Policy  Property
Mapping
System Architecture
Websense
DLP Policy
Templates
See classification
update
Classify file
FCI
File
Management
Task
Match file to
policy
See classification
update
Classify file
FCI
File
Management
Task
Match file to
policy
User claims
Central Access and audit policy
User.Company=Contoso
User.Department=Finance
User.Clearance=High
Machine claims
Access and audit
Evaluation
Read request for: \\financeServer\Share\estimates.xlsx
Information labeling (FCI
classification properties)
Windows Explorer
Visual Indicators
Client
File Classification Infrastructure on
Desktop
Server
Active Directory
Classification Schema
File Classification Infrastructure APIs
Windows Server 8
Exchange
Enables enterprise-wide file classification
dataglobal dg incorporates Windows Server 8 FCI and extends its classification abilities in three areas:
1 Platform
enabling
2 Enterprise
3 Classification
Enterprise-wide
classification policies
Archiving
Spans multiple data sources e.g. file
systems, SharePoint, Exchange
Life Cycle Management
Delegates administration over hundreds
of servers
Encryption
readiness
Expands classification and Windows FCI
to legacy windows servers (2000, 2003)
and to ntfs-based NAS systems
Performs fast and automated
classification of a vast number of
existing files
based actions
Compliance Management
Renditions
Multi-Tier Storage
… and much more …
dataglobal is a global technology leader for the analysis, classification, management and archiving of enterprise-wide data. dataglobal and its Universal
and Storage Information Management platform dg suite, is a close technology partner of the Microsoft Windows Server team. For more information,
visit us at www.dataglobal.com .
Windows 8 Server
FSRM
AD RMS Server
Active Directory
File Share
2
1
GIGATRUST IRM
PROTECTOR
OFFICE
IRM
PROTECTOR
File Management Task
RMS-protect Files
3
4
3
4
Windows 8 Server
Active Directory
Administrative Center
FSRM
AD RMS Server
File Share
1
GIGATRUST CAP
PROTECTOR
File Mgmt Task
RMS-protect Files
With Global Policy
2
2
1
Global
Policy
GIGATRUST DYNAMIC
POLICY CONNECTOR
3
4
http://forums.dev.windows.com
http://bldw.in/SessionFeedback