Think your organization is operating in a secure and compliant manner? After you answer the following questions, you might want to keep reading…
- How do you ensure your sensitive data is protected across all the clouds in your environment, whether it’s Office 365/G-Suite/Box/SalesForce/etc?
- Do you have a single pane of glass view of when someone shares a file from one of those clouds to someone outside the organization
- What about login traffic to those cloud apps?
- Do you have visibility into your Shadow IT and understand which apps in the environment are storing data overseas or aren’t compliant with an industry regulation such as HIPAA or GDPR?
Watch the following 3 minute video for an overview on Cloud App Security in Microsoft 365 – this is the tool that will make you the hero in your organization and help ensure you operate in a secure and compliant manner! Questions? Leave a comment below!
Technical documentation and how to configure what I show in the video for Cloud App Security can be found here.
Do you need to meet an industry regulation? Curious what responsibilities Microsoft has as your cloud service provider and what responsibilities you have as a customer when it comes to using Office 365, Azure or Dynamics in compliance with your industry regulation? You may want to look into Microsoft Compliance Manager as a key tool in your compliance journey. Compliance Manager can help to assist in your compliance journey by helping you to understand the shared responsibility model, how each responsibility aligns/maps to the industry regulation, and enabling you with capabilities to then manage your compliance journey. This tool can help you to keep track of risk, verification and documentation as needed
At the time of this writing Compliance Manager can help you with the following:
- ISO 27018:2014
- ISO 27001:2013
- NIST 800-53
- NIST 800-171
- NIST CSF
- CSA CCM301
- ISO 27018:2014
- ISO 27001:2013
Compliance Manager can be accessed via https://servicetrust.microsoft.com/ComplianceManager for existing Azure, Dynamics, Office 365 customers.
IMPORTANT: For the full technical documentation on Compliance Manager see: Use Compliance Manager to help meet data protection and regulatory requirements when using Microsoft cloud services and the Frequently Asked Questions can be found here.
Here is an example view of Compliance Manager’s dashboard, where you have visibility into each of your regulations by cloud service:
Clicking on any of the regulations will display the shared responsibility model for that regulation From here I can view what are the Microsoft Managed Controls and what are the Customer Managed Controls that I am responsible for.
Expanding Customer Managed Controls, I can see how each control maps back to the regulation articles (in this example, Access Authorization for HIPAA in Office 365). From here I can read more about actions required of me, enter details on how the control was implemented and how it was tested – including any response. In addition I can see if there are any related controls from other regulations, such as GDPR Lastly, I can assign this control to an owner in my organization to then upload relevant documentation and maintain the implementation date, test date, and test result information.
Compliance Manager is a fantastic tool to help manage your compliance compliance journey, and may help to enhance your current processes. If you need to comply with a regulation such as HIPAA or GDPR – please check out Compliance Manager! Enjoy!