Construction of information infrastructure control and internal risk countermeasures realized by Microsoft 365 Compliance

Introduction There are various risks to a company. For example, there are management risk, credit risk, reputation risk, etc., but as risk measures utilizing IT, not only cyber security measures, but also information protection, privacy protection, thorough internal risk management, IT legal control, etc. There are many items to cover, and risk management in this area has become extremely difficult to implement. In addition, regulations on data management around the world have been increasing since the enforcement of the GDPR (General Data Protection Regulation) in May 2018, and regulations on privacy and compliance in China, California, the United States, Asia, etc. other than Europe Strengthening is progressing all over the world.

* Click to see an enlarged image Furthermore, in June 2020, in Japan, the “Power Harassment Prevention Law (formal name: Law Concerning Comprehensive Promotion of Labor Measures, Stabilization of Employment of Workers, and Enhancement of Work Life, etc.)” Has been enforced, and it has become necessary to deal with harassment in addition to the above measures. In addition to this situation, with the progress of remote work these days, it has become extremely difficult to take measures against regulations in such an environment. Because it is remote, the behavior of each employee becomes invisible, and even if fraudulent activity occurs, it is difficult to notice, so new risk management measures are required. Microsoft Compliance Solutions There are two main types of security and compliance solutions that Microsoft offers. The first is external risk countermeasures. I think this is an area where many companies are already working on measures mainly related to cyber security, and it takes time and cost to develop them. The second is internal risk countermeasures. This mainly includes compliance measures, internal fraud countermeasures, and audits of human behavior. In this field, there are many cases where the measures taken by companies are still insufficient, and an increasing number of companies are considering the introduction of measures in earnest in order to respond to the increasing risk in the remote work environment these days. This time, I would like to introduce Microsoft’s compliance solution, focusing on the second internal risk countermeasure.

* Click to see an enlarged image Microsoft’s compliance solution group consists of four pillars. The first is “Information Protection & Governance”. It is primarily a suite of solutions for identifying, classifying, protecting and disposing of data and managing it in an integrated manner. The second is “Insider Risk Management”. This is a group of solutions for analyzing employee behavior that leads to internal risks, detecting risks within insiders, and implementing countermeasures. The third is “Discovery & Respond”. This is a set of solutions for efficiently narrowing down relevant data in the event of an incident, and for long-term storage of more detailed audit logs to perform high-performance searches. The fourth “Compliance Management” is to visualize how much the company’s environment is taking measures against the laws and regulations of each country, which is increasing year by year, and to easily take measures to reduce the risk. It is a group of solutions that provide various management functions. After this, we’ll discuss each solution in a little more detail.

* Click to see an enlarged image Information Protection & Governance First, Information Protection & Governance. This allows you to identify, protect, and prevent leaks in the data you create, and to enforce governance on your data. In addition, the data handled in business every day is created in various places, and the place where the data exists also moves to various places such as terminals and mobiles, Microsoft clouds, on-premises servers, third-party cloud storage, etc. .. In order to protect and maintain control of information, it is necessary to manage data so that it will not be out of control no matter where the data moves, so we provide a cross-sectional data management and control mechanism. I will. This means integrated management of the entire information lifecycle, from information generation to sensitive data detection, classification, protection, fraud detection, and ultimately data retention and disposal. The most important of these is how to identify information, but here we will focus on the DLP (Data Loss Prevention) function. By performing identification and classification by DLP, it is possible to realize life cycle management of information utilizing MIP (Microsoft Information Protection), which is an information protection solution. With MIP, you can manage the entire process from file creation to classification, protection, visualization, and long-term storage and disposal of information from generation to disposal. By identifying the information, the DLP implements subsequent actions such as classification and protection, so in order to protect the data, it is first necessary to understand what kind of data exists in the own organization. First of all, grasp the information assets, how to handle the information, whether it can be consistent with the existing security policy, how to change it if it can not be, etc. Acquire data to review the way it should be.

* Click to see a larger image Microsoft 365 DLP provides more than 150 templates for detecting information as standard, so you can start detecting important information immediately. In addition, these features are implemented by built-in so that they can be used for various products such as Exchange, SharePoint, Office Apps, Teams, and Windows without the addition of agents or software. In other words, the functions can be enabled immediately by distributing the policies, and those policies can also be centrally managed from the Compliance Center, so simple operation can be realized. Recently, DLP has been introduced and increased to control Teams and remote terminals by remote work. Teams can audit posted messages and control the channels that externally invited members are participating in, such as blocking the posting of confidential information within the company. In addition, on the terminal, it is possible to suppress actions such as copying a file containing information corresponding to confidential information to a USB memory at home, copying to another server at home via a network, or printing with a printer at home. Therefore, it is also used as a countermeasure against information leakage. Insider Risk Management The second pillar is Insider Risk Management (IRM). Please note that this IRM has the same name as the solution group and the name of the individual solution. This article describes IRM as an individual solution. It analyzes the various activities that users are doing and scores their behavior against risk. And when the score exceeds a certain threshold, it warns that the user is at high risk. I will omit the details because I will explain it in another time, but some of the user’s daily actions are relatively high risk, but if the action is only once, the risk is really high. That is not the case. Since DLP basically sets one action or alert for one action, depending on the operation, the amount of information may become enormous and it may be difficult to find the one that is really at risk. Therefore, IRM analyzes the frequency, type, and relative amount of such actions to determine the risk, and as a result of the correlation analysis, it is possible to find users who are really at high risk. As a result, only users who are really at high risk can be identified and dealt with, which can significantly reduce the time required for early detection and response to risk.

* Click to see an enlarged image Communication Compliance And another representative solution in the IRM solution group is Communication Compliance. This can detect violations of the Code of Conduct in message content, and can detect and deal with previously difficult signs such as harassment, overwork, illegal business orders, and cartel collusion. Communication Compliance can connect to Microsoft products such as Exchange, Teams, Skype and Yammer, as well as audit messages using the data connector with Zoom and Slack. As of March 2021 at the time of writing this article, there are approximately 27 types of third-party data connectors for Communication Compliance, which will be expanded in the future. Auditing communication that is clearly illegal is important, but in a remote environment, it may feel harassment depending on how you communicate and receive it compared to face-to-face communication, so find and correct such behavior. I think that communication is one of the measures that will be required in the future. Discover & Respond And the third pillar is Discover & Respond. Advanced Audit is a representative of this group of solutions. First of all, a major feature of Advanced Audit is that it enables long-term storage of logs. Normally, the default audit log retention policy within Microsoft 365 allows 90 days of log retention, but with this Advanced Audit, you can retain audit records in Exchange, SharePoint, and Azure Active Directory for a year. It will be possible. In addition, you can extend the log retention period up to 10 years at an additional cost. It also adds important access logs for forensics and compliance investigations, especially in Exchange Online and SharePoint Online, to record whether emails were read and what users were searching for emails and files. This makes it possible to audit the details of rogue activity. In addition, about twice the normal bandwidth is allocated to improve performance when accessing such a huge amount of log data, and it is possible to improve the efficiency of audit work.

* Click to see a larger image Compliance Management The last pillar is Compliance Management. The solutions provided by this Compliance Management are Compliance Manager and Microsoft 365 Compliance Center. First, compliance managers can assess how well their tenants meet the ever-increasing number of data protection regulations around the world, and how well they are responding to each. By presenting what measures have not been implemented, you can visualize the risks to data protection and various regulations and manage the measures intuitively. The evaluation is presented as a compliance score, which shows which measures should be taken to improve the score. For example, by performing “Enable self-service password reset”, “+27 points” will be added and reflected in the score of the relevant regulation. Currently, there are more than 150 types of evaluation templates that can be provided, and they comply with regulations in Japan such as GDPR and CCPA. In addition, the evaluation of each regulation is automatically calculated from the introduction status of the service in Microsoft 365, so the management load is minimized and continuous response is possible.

* Click to see a larger image And the Microsoft 365 Compliance Center centrally manages various functions and solutions such as visualization of compliance risks in your own tenants, dashboards, policies, reports, data classification, auditing, and search. It is an integrated management console that can be used. Compliance measures require the management of many sensors and policies, but they can be implemented from a single console, enabling efficient operation. Summary This time, we have introduced some typical compliance solutions at the overview level, but we also offer many other solutions, so I would like to introduce them again if there is an opportunity. .title {background-color: # 0067b8; color: #fff; margin: 25px 0; padding: 0 5px! important; width: 20%; text-align: center; font-weight: bold;} h2.pickup {background -color: # f0f0f0; margin: 25px 0; padding: 10px 15px 10px 35px; font-size: 22px; color: # 333; position: relative;} h2.pickup: after {content: “”; position: absolute; top : 27px; left: -15px; width: 35px; height: 5px; background-color: # 0067b8;} .article-contents .center img {max-width: 80%;} .article-contents .center img {border: 1px solid #ccc;}