Virtual work means that work happens anywhere, Corporate information is accessed from home offices, smartphones, and tablets. How do you protect this information?
Encrypt sensitive information to protect it wherever it may go
Stop staff and contractors from sharing, downloading, or printing sensitive information
Stop staff from emailing sensitive information to internal or external parties
Stop disgruntled employees or contractors trying to steal company information
Stop staff from accessing sensitive information from high-risk areas
Below are some of the Microsoft tools available for you.
Data Protection
To apply flexible protection actions that include encryption, access restrictions, and visual markings, use the following capabilities:
Sensitivity labels - A single solution across apps, services, and devices to label and protect your data as it travels inside and outside your organization.
Azure Information Protection unified labeling client - For Windows computers, extends sensitivity labels for additional features and functionality that includes labeling and protecting all file types from File Explorer and PowerShell
Double Key Encryption - Under all circumstances, only you can ever decrypt protected content, or for regulatory requirements, you must hold encryption keys within a geographical boundary
Office 365 Message Encryption (OME) - Encrypts email messages and attached documents that are sent to any user on any device, so only authorized recipients can read emailed information
Service encryption with Customer Key - Protects against viewing of data by unauthorized systems or personnel, and complements BitLocker disk encryption in Microsoft datacenters
SharePoint Information Rights Management (IRM) - Protects SharePoint lists and libraries so that when a user checks out a document, the downloaded file is protected so that only authorized people can view and use the file according to policies that you specify
Rights Management connector - Protection-only for existing on-premises deployments that use Exchange or SharePoint Server, or file servers that run Windows Server and File Classification Infrastructure (FCI)
Azure Information Protection unified labeling scanner - Discovers, labels, and protects sensitive information that resides in data stores that are on-premises
Microsoft Cloud App Security (MCAS) - Discovers, labels, and protects sensitive information that resides in data stores that are in the cloud
Microsoft Information Protection SDK - Extends sensitivity labels to third-party apps and services
Data Loss Prevention
To help prevent accidental oversharing of sensitive information, use the following capabilities:
Data Loss Prevention (DLP) - Helps prevent unintentional sharing of sensitive items (Sensitive Information Types)
Endpoint data loss prevention (preview) - Extends DLP capabilities to items that are used and shared on Windows 10 computers
Insider Risk Management
Many risks are driven by internal events and user activities that can be minimized and avoided.
Leaks of sensitive data and data spillage
Confidentiality violations
Intellectual property (IP) theft
Fraud
Insider trading
Regulatory compliance violations
Insider risk management is centered around the following principles:
Transparency: Balance user privacy versus organization risk with privacy-by-design architecture.
Configurable: Configurable policies based on industry, geographical, and business groups.
Integrated: Integrated workflow across Microsoft 365 compliance solutions.
Actionable: Provides insights to enable user notifications, data investigations, and user investigations.
You can select from the following policy templates to quickly get started with insider risk management:
Data theft by departing users
General data leaks
Data leaks by priority users (preview)
Data leaks by disgruntled users (preview)
General security policy violations (preview)
Security policy violations by departing users (preview)
Security policy violations by priority users (preview)
Security policy violations by disgruntled users (preview)
Offensive language in the email
This table shows triggering events for the policies and prerequisites.
Communication Compliance
Communication compliance is an insider risk solution in Microsoft 365 that helps minimize communication risks by helping you detect, capture, and act on inappropriate messages in your organization. Pre-defined and custom policies allow you to scan internal and external communications for policy matches so they can be examined by designated reviewers.
Features include:
Prebuilt customizable templates and machine learning
Flexible remediation workflows
Actionable insights
Information Barriers
Information Barriers restrict communication and collaboration between two internal groups to avoid a conflict of interest. In Microsoft Teams, information barrier policies determine and prevent the following kinds of unauthorized communications:
Searching for a user
Adding a member to a team
Starting a chat session with someone
Starting a group chat
Inviting someone to join a meeting
Sharing a screen
Placing a call
Sharing a file with another user
Access to file through sharing the link
Next Step
A 30-day Infotechtion proof-of-concept for Microsoft Information Protection allows you to test:
Manual and automatic classification and protection of sensitive data
Warn users in real-time when trying to share sensitive data internally or externally
Stop sensitive data from being downloaded or shared externally
Stop users from accessing sensitive information from high-risk areas
Visit Infotechtion proof-of-concept for more information.
Comments