Data Protection and Compliance - Architecting Privacy in Devops
Ganessh Kumar R P
Remember the incident(https://ia.acs.org.au/article/2019/millions-of-facebook-passwords-stored-in-plain-text.html), early this year, when millions of Facebook users were asked to reset their password as one of their systems was storing user passwords in plain text?
How do you formulate your process so that this does not happen in your company? At Microsoft, we have a unique way of handling customer data and information flow. In Microsoft Teams, we store a range of customer data ranging from healthcare to education - all of which have strict data compliance and regulatory requirements. And we have strict data handling policies so that even Microsoft employees don’t see your data.
This talk focuses on our experience in building a compliant storage layer to store the content of users and teams in Microsoft Teams.
- Process - Compliance to Data Protection is part of our Engineering Process
- Data handling
- Customer Promises
- Microsoft Teams & Building Compliant New Services
- Data Handling - Walk through how data regulation is baked into a feature
- Data classification
- Data deletion
- Active deletion
- Passive deletion
- Retention hooks
- Data Encryption
- CosmosDB encryption
- Bring your own key
- Legal hold and eDiscovery
- Change Feed
- Engineering Systems - So that even employees in Microsoft can’t tamper with your data
- KeyVault and it’s features
- Certificate Rotation
- PAVC, Host IDS, AzureSecPack
- Case Studies
- Go Local
If you can bring your enthusiasm about privacy, security, and compliance, you will be able to appreciate the challenges and the solutions.
I am Ganessh Kumar, Software Engineer at Microsoft India Development Centre, Bengaluru. I am working on a new service that acts as the Data Layer to enable services in Microsoft Teams to store their data in a secure and compliant way.
Over my 7 years of experience in Software Industry, I have worked on frontend, backend, mobile, and DevOps. I enjoy being a Full Stack Developer where I can understand the product end-to-end. As an end user, I value privacy a lot and at Microsoft, I enjoy the opportunity to work on a product that has a lot of emphasis on data security and compliance.
Before Microsoft, I have worked at Amazon and Mitter.io building some of the highly available mission-critical services.