PETs and ID PETs and ID ManagementManagement
Privacy & Security WorkshopPrivacy & Security Workshop
JC CannonJC CannonPrivacy StrategistPrivacy StrategistCorporate Privacy GroupCorporate Privacy GroupMicrosoft CorporationMicrosoft Corporation
PD3+C Privacy FrameworkPD3+C Privacy Framework
Analyst reviews and white papersAnalyst reviews and white papersContent on MS.com, MSN.com privacy Content on MS.com, MSN.com privacy sitessitesParticipation in privacy & tech Participation in privacy & tech conferencesconferences
Put users in charge of their informationPut users in charge of their informationAddress needs of enterprises and Address needs of enterprises and parentsparentsComply with corporate policiesComply with corporate policiesCollect only data that is requiredCollect only data that is requiredGet appropriate consentGet appropriate consentProtect the storage and transfer of dataProtect the storage and transfer of data
Privacy deployment guidelines for usersOffer comprehensive privacy optionsPrivacy response team for all products
PDPD33 + Communications + Communications
Privacy Privacy in Designin Design
PrivacyPrivacy by Defaultby Default
PrivacyPrivacy in in DeploymentDeployment
CommunicationsCommunications
Privacy SettingsPrivacy Settings
•Provides customers Provides customers the ability to check the ability to check the status of the status of security security functionalities such functionalities such as;as;
• Antivirus through your Antivirus through your Internet Option Internet Option settingssettings
• FirewallsFirewalls
• Automatic UpdateAutomatic Update
• Inform users if Inform users if additional actions are additional actions are necessary to make necessary to make them more secure.them more secure.
Windows Security Windows Security CenterCenter
EducationEducationwww.microsoft.com/www.microsoft.com/
spamspam
Industry Industry Associations Associations
Standards and Standards and policypolicy
Government Government PartnershipsPartnerships
Strong lawsStrong lawsEnforcementEnforcement
eMail usereMail user
Prevention Prevention AgentsAgents
Attack Attack detection detection Sender Sender reputation reputation Outbound Outbound filteringfiltering
Proof: Identity & EvidenceProof: Identity & EvidenceSender IDSender IDComputational postageComputational postageCertificatesCertificatesSender safelistsSender safelists
Protection FiltersProtection FiltersSmartScreenSmartScreenAt gateway, At gateway, server and server and desktopdesktopUpdate serviceUpdate service
Microsoft PETsMicrosoft PETs
Privacy TechnologiesPrivacy Technologies
Anti-spam featuresAnti-spam features
Deceptive software protectionDeceptive software protection
Popup ad blockerPopup ad blocker
Anti-virus softwareAnti-virus software
P3P integrationP3P integration
Internet firewall Internet firewall
Data Protection TechnologiesData Protection Technologies
Encrypted File SystemEncrypted File System
Crypto API Component (CAPICOM)Crypto API Component (CAPICOM)
Windows Rights Management ServicesWindows Rights Management Services
RMS WorkflowRMS Workflow
Information Information AuthorAuthor
The RecipientThe Recipient
RMS ServerRMS Server
SQL Server Active Directory
2 3
4
5
2.2. Author defines a set of usage Author defines a set of usage rights and rules for their file; rights and rules for their file; Application creates a “publishing Application creates a “publishing license” and encrypts the file.license” and encrypts the file.
3.3. Author distributes file.Author distributes file.
4.4. Recipient clicks file to open, the Recipient clicks file to open, the application calls to the RMS server application calls to the RMS server which validates the user and which validates the user and issues a “use license.”issues a “use license.”
5.5. Application renders file and Application renders file and enforces rights.enforces rights.
1.1. Author receives a client licensor Author receives a client licensor certificate the “first time” they certificate the “first time” they rights-protect information. rights-protect information.
1
Identity ManagementIdentity Management
Active Directory AuthenticationActive Directory Authentication
SQLSQLServerServer
Active Directory
IRM-EnabledIRM-EnabledOffice documentsOffice documents
UnixUnix
MIISMIISMicrosoft Identity Integration ServerMicrosoft Identity Integration Server
Active Directory
UnixUnix
iMaciMac
MainframeMainframe
JohnSJohnS
JohnnyJohnny
JSm
ith
JSm
ith
John
_Sm
ith
John
_Sm
ithMIISMIIS
John SmithJohn Smith
John SmithJohn Smith
11 JohnSJohnS
22 JohnnyJohnny
33 JSmithJSmith
44 John_SmithJohn_Smith
Authorization ManagerAuthorization Manager
Administrators Administrators define roles for define roles for
a companya company
Active Directory
Accountant
Accountant
AdministratorAdministrator
LawyerLawyer
Developer
Developer
ExcelExcel
WordWord
PowerPoin
t
PowerPoin
t
Update payroll
Update payroll
Create contracts
Create contracts
LawyerLawyerCreate contractsCreate contracts
AuthorizationAuthorizationManagerManager
LOB AdministratorLOB Administrator
Applications Applications register during register during
their installtheir install
LOBs have LOBs have their tasks their tasks
defineddefined
AzMan AzMan stores this stores this data in ADdata in AD
Users are Users are assigned roles, assigned roles, tasks and apps tasks and apps
at loginat login
WordWord
Employee
SummarySummary
Microsoft is committed to privacyMicrosoft is committed to privacy– Email practices respect customer preferencesEmail practices respect customer preferences– Privacy process in place for product Privacy process in place for product
developmentdevelopment
Microsoft is building technology to protect Microsoft is building technology to protect an individuals privacy and dataan individuals privacy and data
Identity management is key to data Identity management is key to data governance. governance.