Last Updated on
Why Microsoft’s new Azure Information Protection is making waves in enterprise security.
In today’s business environment, data frequently travels not only beyond corporate network borders, but also across numerous platforms and devices over which enterprises have little or no control. As such, it has become essential to classify and protect sensitive data at the source to maintain control over the information, regardless of a file’s location.
This kind of document-level security has always been a component of a well-structured information management and security strategy, but it’s also been one of the most difficult elements to deploy and manage. Solutions in the space are renowned for their complicated and cumbersome natures, and their reliance on user and admin vigilance for any level of success.
As a result, their implementation is seldom successful or cost-effective without the assistance of a very experienced partner, or an extremely dedicated information security team.
These solutions are, however, no longer the only option.
Microsoft recently launched the new Azure Information Protection: an extension of Azure Rights Management that leverages data classification and labelling technology made available by Microsoft’s acquisition of Secure Islands. The result is a groundbreakingly simple and intuitive cloud-based solution that protects document-level data both internally and as it travels outside the organisation.
How it works
There are 5 main parts to Microsoft’s Azure Information Protection.
1. Data classification
Data classification functionality allows a security label to be assigned to a document on saving. This can either be user-driven (with highly visible tooltip prompts and optional automatic label recommendations) or fully automated using DLP rules to recognise and flag sensitive information. Enterprises can choose between these options to find their preferred balance between minimising human error and limiting user flexibility – a refreshing approach for solutions of this nature.
Security labels and their associated permissions are completely customisable by the organisation. This means access, usage and sharing restrictions can be tailored based on corporate and departmental structures and hierarchies, as well as the specific type of sensitive information the document contains. This can be particularly useful for ensuring compliance with legislation like POPI and EU-GDPR.
Assigned security labels are persistent, and travel with the document wherever it goes, including internal, external and cloud networks, file shares and mobile devices. This enables the allocated permissions to be enforced regardless of where the file is opened, requiring the user to authenticate to confirm authorisation and their level of access.
Anyone who shares protected content can also track who has access or opened it via the Azure Tracking Portal. This shows how many times the document has been shared, viewed, or denied access, and includes activity logs and access locations to help flag suspicious activity.
If any suspicious activity does take place, the Azure Tracking Portal also enables access to be revoked at any point.
Why it’s revolutionary
Azure Information Protection is the first solution in this space to truly simplify what has historically been an infrastructurally-heavy, complex and arduous area of data security. It leverages the full power of Office 365’s security suite to provide an intuitive solution for maintaining control over documents both inside and outside corporate borders. It also removes the need for complex 3rd-party add-ons for enterprises adopting the full Office 365 solution pack, and integrates smoothly into a greater information management and security posture.
While Microsoft Azure Information Protection has revolutionised modern document-level security solutions, it is only one piece of a much bigger security picture. Information retention, access and identity management, data loss prevention, mobile device management and rights management are still essential components of a complete corporate data security posture.