top of page

Do not miss new blog posts! Subscribe to new posts, news, and updates.

Thank you for joining our Blog subscription!

Writer's pictureShriram Tyagrajan

Microsoft Information Security vs Information Protection

Updated: Apr 14, 2022

Safeguard your Enterprise Information Ecosystem with Microsoft Information Security and Information Protection tools.


Organizations nowadays have to be more resilient than ever. The need for organizations to remain Business As Usual (BAU) has increased exposure to external threats/risks by hackers, data theft, architectural loopholes, ultimately leading to customers' lack of trust in the ability of the organization in safeguarding the information.


Organizations also need to tackle with the risk of Data Exfiltration; a term used to describe data theft/loss from inside the organization due to lack of understanding of the importance of data, types of data, inappropriate handling of data unintentionally or intentionally by users or applications.


A lot of times organizations merge the Information Security and Information Protection requirements under Data Privacy/Data Protection/Access Management category since this seems easier than spending time analyzing what constitutes Information Security and Information Protection for the organization.


The result is a confusing, loosely defined Information Security and Protection Architecture.


In essence, Information Security and Information Protection are two distinct areas of governance and implementation.

 
Information Security is the First Line of Defense.

Information Security deals with guarding your information from outside threats. Consider it as the Gatekeeper Principles that you define to verify who gets access to your digital information by keeping an active watch on the entry points to your organization.


Information Security helps you:

  • Detect risks due to hackers/bad practices/weakly configured environments

  • Prevent the threat/risk from entering your organization

  • Investigate a security incident/breach to help understand why the incident happened

  • Respond to incoming threats/risks by automatically taking relevant actions to stop the threat at the gate

We can summarize Information Security mindset with the idiom - "nip it in the bud":

to stop (something) immediately so that it does not become a worse problem [Merriam-Webster Dictionary]

 
Information Protection is the Last Line of Defense.

Information Protection deals with classifying your information within the organization based on the type of sensitivity of the content. Think that you are assigning a rank to each type of information in your organization. Here, a rank may denote the importance of that piece of information to your organization and the consequence of using it inappropriately (as a risk).


The higher the rank (sensitivity) of a type of information, the closely that information needs to be protected.

Information Protection helps you:

  • Know Your Data

    • Motivates you to understand the various types of information stored in your organization to be protected

  • Protect Your Data

    • Add tag (label) to data (files, emails, sites etc.) containing sensitive information

    • Encrypt files and emails and specify who can access such files and emails

    • Add watermark, headers, footers to files and emails

    • Set expiry of user access to content

    • Specify whether content can be accessed offline (not connected to Internet) and for how many days

  • Prevent Data Loss

    • Detect user and application behaviors to prevent unintentional sharing of sensitive data

  • Govern Your Data

    • Tag (apply label) information by automatically detecting type of content to manage lifecycle of the data (retain, delete) in a compliant manner

We can summarize Information Protection mindset as "Zero Trust Principles":

Verify explicitly, Use least privileged access, Assume breach [Microsoft]

 

Microsoft Information Security and Information Protection Features

Overview of Microsoft Information Security and Information Protection Features
Overview of Microsoft Information Security and Information Protection Features

Information Security and Information Protection are two sides of the Enterprise Information Ecosystem, each side complimenting the other.


Establishing a last line of defense with preventive controls powered by Data Loss Prevention (DLP), Insider Risk Detection provide a comprehensive protection to your corporate digital assets.

 

Reach out to us

For more information on how you can achieve a simpler user experience with integrated protection of information Book a Demo | infotechtion.com to see a unified experience when Microsoft365 is configured with recommended practices.

 


Recent Posts

See All

Comments


bottom of page