You, who work with IT at your organization. What keeps you from sleeping? What makes you wake up in the middle of the night, cold, sweaty and in distress? Freddy Kreuger? Chucky?
Or might it just be that your organization is stuck in an old legacy way of thinking when it comes to information protection? A way of thinking that has been the same for the last 10-15 years. It sure scares us!
So, let us talk about information protection - the old way and how to approach it in a modern way of thinking, this by utilizing the possibilities the Microsoft cloud brings with it.
The old way of thinking - Like a bank vault?
The old way of thinking in legacy solution may be compared to how a bank vault works. A bank vault might be the safest place in the world to store something within, but what happens when you bring that something outside of the four walls of the vault? How do you maintain control, and thereby the security, of it outside the vault?
The same goes for a data center. Sure, the vendor of your choosing might have configured encryption on the hard drives, firewalls on the network and redundancy on the datacenter, but this is limited to the datacenter itself.
- How do you secure the data when it is accessed on the individual users devices?
- How does this prevent data for being comprimised?
- How is it preventing data from being leaked?
- How does it secure data if and when you want to share it with someone?
The old way of thinking clearly raises a lot of questions, so let's talk about a new way of thinking.
The new way of thinking - Think outside of the vault!
To cover the areas that the old way of thinking does not manage to handle, we have taken a closer look at Information Protection. This made us realize that there are four different areas to focus on: Device Protection, Data Separation, Leak Protection and Sharing Protection. By mapping these and approaching them, we are able to provide a secure solution that empower your users to be creative and innovative in their ways of working.
Information protection starts with Device Protection. How to protect your data on your devices when it has been stolen or lost? In all your Windows 10 devices you have Bitlocker, which by now is more of requirement for your organization rather than an exception.
But what about those other devices like cell phones, tablets and/or computers that run on any other operating system than Windows 10? With the Conditional Access functionalities within Intune, it is now possible to set conditions that forces devices that are enrolled in your organization to be encrypted, and thereby protected.
In the mobile first world, users have a lot of devices. Some might not even be corporate owned, but the users still want to be able to utilize them when working. One important thing to remember in that case is to separate the corporate data from the personal data. Otherwise there will be an increased risk for accidental data leakage as the user might use private applications to send or handle corporate data. The need to separate the two types of data is very important.
There are many benefits by working with Office 365. One of them is the way you can control and block unauthorized users to access leaked data. With the data loss prevention policy within Office 365, you are able to identity, monitor and automatically prevent sensitive data leakage across Office 365.
For example, you can identity any document or email that has been shared with users outside of your organization and block access to it. You can even prevent the emails from ever being sent.
The last focus area when working with Information Protection, is how to approach the possibilities for securely share data. Sure, you could tell the users not to share any of the information they work with, but that would get really boring, really fast. Not to mention making it close to impossible to work together.
With Azure Information Protection and Office 365, you can secure the users by providing them with tools to classify, label and protect documents and emails when sharing them. This can be configured to be done automatically by pre-defined rules configured by the IT administrator, manually by the user or by a combination of the two.
When it comes to working with IT, there will never be a solution that can guarantee a 100 % coverage for your information security needs. But, in a cloud first way of thinking, and the tools you are able to utilize through it, we are getting more and more secure with each step.
Let's get as close as possible to being 100% secure!