Safeguard your Enterprise Information Ecosystem with Microsoft Information Security and Information Protection tools.
Organizations nowadays have to be more resilient than ever. The need for organizations to remain Business As Usual (BAU) has increased exposure to external threats/risks by hackers, data theft, architectural loopholes, ultimately leading to customers' lack of trust in the ability of the organization in safeguarding the information.
Organizations also need to tackle with the risk of Data Exfiltration; a term used to describe data theft/loss from inside the organization due to lack of understanding of the importance of data, types of data, inappropriate handling of data unintentionally or intentionally by users or applications.
A lot of times organizations merge the Information Security and Information Protection requirements under Data Privacy/Data Protection/Access Management category since this seems easier than spending time analyzing what constitutes Information Security and Information Protection for the organization.
The result is a confusing, loosely defined Information Security and Protection Architecture.
In essence, Information Security and Information Protection are two distinct areas of governance and implementation.
Information Security is the First Line of Defense.
Information Security deals with guarding your information from outside threats. Consider it as the Gatekeeper Principles that you define to verify who gets access to your digital information by keeping an active watch on the entry points to your organization.
Information Security helps you:
Detect risks due to hackers/bad practices/weakly configured environments
Prevent the threat/risk from entering your organization
Investigate a security incident/breach to help understand why the incident happened
Respond to incoming threats/risks by automatically taking relevant actions to stop the threat at the gate
We can summarize Information Security mindset with the idiom - "nip it in the bud":
to stop (something) immediately so that it does not become a worse problem [Merriam-Webster Dictionary]
Information Protection is the Last Line of Defense.
Information Protection deals with classifying your information within the organization based on the type of sensitivity of the content. Think that you are assigning a rank to each type of information in your organization. Here, a rank may denote the importance of that piece of information to your organization and the consequence of using it inappropriately (as a risk).
The higher the rank (sensitivity) of a type of information, the closely that information needs to be protected.
Information Protection helps you:
Know Your Data
Motivates you to understand the various types of information stored in your organization to be protected
Protect Your Data
Add tag (label) to data (files, emails, sites etc.) containing sensitive information
Encrypt files and emails and specify who can access such files and emails
Add watermark, headers, footers to files and emails
Set expiry of user access to content
Specify whether content can be accessed offline (not connected to Internet) and for how many days
Prevent Data Loss
Detect user and application behaviors to prevent unintentional sharing of sensitive data
Govern Your Data
Tag (apply label) information by automatically detecting type of content to manage lifecycle of the data (retain, delete) in a compliant manner
We can summarize Information Protection mindset as "Zero Trust Principles":
Verify explicitly, Use least privileged access, Assume breach [Microsoft]
Microsoft Information Security and Information Protection Features
Information Security and Information Protection are two sides of the Enterprise Information Ecosystem, each side complimenting the other.
Establishing a last line of defense with preventive controls powered by Data Loss Prevention (DLP), Insider Risk Detection provide a comprehensive protection to your corporate digital assets.
Reach out to us
For more information on how you can achieve a simpler user experience with integrated protection of information Book a Demo | infotechtion.com to see a unified experience when Microsoft365 is configured with recommended practices.
Comments