Microsoft Asks: Is Your Company Compliant with the Data Privacy Act?

Friday, March 17, 2017

Spent the afternoon having lunch and excercising my brain about cloud security and network love. I'm glad I still have the gist taking this in, and making use of my Computer Engineering diploma after a while. This topic really concerns me.

Microsoft has a long standing commitment with the Philippine government regarding the Data Privacy Act to make sure Filipinos have solutions for security, privacy and transparency. If your company has 250 employees and up requires compliancy with the Data Privacy Act. The National Privacy Comission was created as an agency to implement this and you have to do this before September 9, 2017.

Dale Jose the Solutions Specialist of Enterprise Mobility Security of Microsoft Philippines remarks "Microsoft isn't just in the business of security and we're syncing it with the Data Privacy Act. Attacks happen every minute and the mindset should be that you must "assume that you have already been breached". We know companies have invested in firewalls and before, we always had the notion of just building walls, making it thicker and thinking it's secure, but today those permiter security is no longer enough. Attacks happen because of compromised credentials (75%) and it is important to protect your identity. If you read in the dark world people sometimes shop for credentials. Republic Act 10173 includes encryption. We need to protect data while it is stored or if it is in transit. Organizations today should be able to report breach in 72 hours and if you don't you will suffer the penalties of that. It's the same security that we have in Office 365, Windows 10 and Enterprise Mobility+Security. They go through a value chain of protect, detect and respond. Based on studies, it takes over 500 days to detect malware in Asia. There are options today without the need for VPN, Microsoft Azure Active Directory for example detects when there is an unusual login attempt on your directory. You will need to go through verification with Microsoft threat intelligence and we update this in tons of devices. All these events are also monitored in Azure as risk events. You can creat a policy to block access or allow access then challenge them with Azure MFA security. We also have Microsoft Intune to manage mobile devices, applications and PC's for company issues devices so you have the ability to confine data and not on personal emails etc. and do selective or full wipe of the device which can be done remotely. You can also do this on policies on Windows 10 for company owned devices. When you look at the protection of the document, it all starts from the creation of the document. You have to do policy enforcement from the start and choose the audience whom you want the data to be seen. We also have Cloud Application Security which can run and check how many cloud apps are installed and how much risk you are getting with these tools. We also have Microsoft Advanced Threat Analytics that detects, prioritize and investigate advanced attacks and insider threats before they can do damage." 

If you need to know how much time you have left, go to If you are not compliant, there is jail time and penalties involved.  Herns Hermida the Cloud and Enterprise Business Lead of Microsoft Philippines says "When we talk to customers, people ask how to get the infrastructure at par, my suggestion is to MOVE EVERYTHING TO THE CLOUD. It's cheaper, you can run things securely but customers who have done this experience security benefits that they don't have when they use in premise infrastructure. The Microsoft Cloud is something you can trust because it works with Security, privacy and conteol, compliance and security. Go to Youtube and search Cloud Security 101 with my name on it and you'll get a very detailed explanation of what you need to learn in cloud security. Everything that we do starts with security. Every developer starts from that. So if you are asked by your PC to restart your computer no matter how inconvenient that may be, please do because we install patches for security and that is our responsibilty. We want our customers safe and we invest 1 Billion dollars every year for it. Microsoft cannot do this alone so we have partners around the world to deal with attacks now and in the future. Attacks increase in amount and intensity. Using Azure, you can use security propreitary or third party software to protect our customers. We have hundreds of data centers in 38 regions. The Microsoft Cloud is used by 85% of Fortune 500 companies so why shouldn't you? We also use our own Hyper V, we use them on our data centers because we believe in it. We have an internal and external DDOS Defense System, we also do Data Segregation, do Data Protection, multiple options for replicating data and do Data Destruction when they leave Azure as Microsoft follows procedure to make it inaccessible after wiping out. Our defense strategy protect breach and assume breach to make sure we do not encounter problems. We do big data analytics to seek threat detection so if there is imminent attack or attack going on already. These solutions have also gotten certifications and programs including ISO and has the biggest compared with competitors."

Microsoft Azure is the most efficient cloud security solution today. Companies in the Philippines already are using them as we speak so don't discount yourself from acheiving the things that the Data Privacy Act needs to see you comply on that date. What they also need to see is your commitment and understanding this may be a tall order but if you need to secure data in all aspects especially of your customers. You need to be pro active and be aware. It's dangerous to have your date lying around somewhere and waiting to be pounced on by hackers and use it for the not so greater good. 

You can also answer the risk assesment questionaire on the site mentioned above if you want to know if you are in trouble or not, so start from that.

Fresh Blogs Fast!

No comments: