PETs and ID PETs and ID ManagementManagement

Privacy & Security WorkshopPrivacy & Security Workshop

JC CannonJC CannonPrivacy StrategistPrivacy StrategistCorporate Privacy GroupCorporate Privacy GroupMicrosoft CorporationMicrosoft Corporation

PD3+C Privacy FrameworkPD3+C Privacy Framework

Analyst reviews and white papersAnalyst reviews and white papersContent on MS.com, MSN.com privacy Content on MS.com, MSN.com privacy sitessitesParticipation in privacy & tech Participation in privacy & tech conferencesconferences

Put users in charge of their informationPut users in charge of their informationAddress needs of enterprises and Address needs of enterprises and parentsparentsComply with corporate policiesComply with corporate policiesCollect only data that is requiredCollect only data that is requiredGet appropriate consentGet appropriate consentProtect the storage and transfer of dataProtect the storage and transfer of data

Privacy deployment guidelines for usersOffer comprehensive privacy optionsPrivacy response team for all products

PDPD33 + Communications + Communications

Privacy Privacy in Designin Design

PrivacyPrivacy by Defaultby Default

PrivacyPrivacy in in DeploymentDeployment

CommunicationsCommunications

Privacy SettingsPrivacy Settings

•Provides customers Provides customers the ability to check the ability to check the status of the status of security security functionalities such functionalities such as;as;

• Antivirus through your Antivirus through your Internet Option Internet Option settingssettings

• FirewallsFirewalls

• Automatic UpdateAutomatic Update

• Inform users if Inform users if additional actions are additional actions are necessary to make necessary to make them more secure.them more secure.

Windows Security Windows Security CenterCenter

EducationEducationwww.microsoft.com/www.microsoft.com/

spamspam

Industry Industry Associations Associations

Standards and Standards and policypolicy

Government Government PartnershipsPartnerships

Strong lawsStrong lawsEnforcementEnforcement

eMail usereMail user

Prevention Prevention AgentsAgents

Attack Attack detection detection Sender Sender reputation reputation Outbound Outbound filteringfiltering

Proof: Identity & EvidenceProof: Identity & EvidenceSender IDSender IDComputational postageComputational postageCertificatesCertificatesSender safelistsSender safelists

Protection FiltersProtection FiltersSmartScreenSmartScreenAt gateway, At gateway, server and server and desktopdesktopUpdate serviceUpdate service

Microsoft PETsMicrosoft PETs

Privacy TechnologiesPrivacy Technologies

Anti-spam featuresAnti-spam features

Deceptive software protectionDeceptive software protection

Popup ad blockerPopup ad blocker

Anti-virus softwareAnti-virus software

P3P integrationP3P integration

Internet firewall Internet firewall

Data Protection TechnologiesData Protection Technologies

Encrypted File SystemEncrypted File System

Crypto API Component (CAPICOM)Crypto API Component (CAPICOM)

Windows Rights Management ServicesWindows Rights Management Services

RMS WorkflowRMS Workflow

Information Information AuthorAuthor

The RecipientThe Recipient

RMS ServerRMS Server

SQL Server Active Directory

2 3

4

5

2.2. Author defines a set of usage Author defines a set of usage rights and rules for their file; rights and rules for their file; Application creates a “publishing Application creates a “publishing license” and encrypts the file.license” and encrypts the file.

3.3. Author distributes file.Author distributes file.

4.4. Recipient clicks file to open, the Recipient clicks file to open, the application calls to the RMS server application calls to the RMS server which validates the user and which validates the user and issues a “use license.”issues a “use license.”

5.5. Application renders file and Application renders file and enforces rights.enforces rights.

1.1. Author receives a client licensor Author receives a client licensor certificate the “first time” they certificate the “first time” they rights-protect information. rights-protect information.

1

Identity ManagementIdentity Management

Active Directory AuthenticationActive Directory Authentication

SQLSQLServerServer

Active Directory

IRM-EnabledIRM-EnabledOffice documentsOffice documents

UnixUnix

MIISMIISMicrosoft Identity Integration ServerMicrosoft Identity Integration Server

Active Directory

UnixUnix

iMaciMac

MainframeMainframe

JohnSJohnS

JohnnyJohnny

JSm

ith

JSm

ith

John

_Sm

ith

John

_Sm

ithMIISMIIS

John SmithJohn Smith

John SmithJohn Smith

11 JohnSJohnS

22 JohnnyJohnny

33 JSmithJSmith

44 John_SmithJohn_Smith

Authorization ManagerAuthorization Manager

Administrators Administrators define roles for define roles for

a companya company

Active Directory

Accountant

Accountant

AdministratorAdministrator

LawyerLawyer

Developer

Developer

ExcelExcel

WordWord

PowerPoin

t

PowerPoin

t

Update payroll

Update payroll

Create contracts

Create contracts

LawyerLawyerCreate contractsCreate contracts

AuthorizationAuthorizationManagerManager

LOB AdministratorLOB Administrator

Applications Applications register during register during

their installtheir install

LOBs have LOBs have their tasks their tasks

defineddefined

AzMan AzMan stores this stores this data in ADdata in AD

Users are Users are assigned roles, assigned roles, tasks and apps tasks and apps

at loginat login

WordWord

Employee

SummarySummary

Microsoft is committed to privacyMicrosoft is committed to privacy– Email practices respect customer preferencesEmail practices respect customer preferences– Privacy process in place for product Privacy process in place for product

developmentdevelopment

Microsoft is building technology to protect Microsoft is building technology to protect an individuals privacy and dataan individuals privacy and data

Identity management is key to data Identity management is key to data governance. governance.