These are some of the questions that are on the top of our minds every time we move a document or photo to the cloud, or share it with our customers and partners.
To alleviate these fears and to protect data, Microsoft has come up with a new service called Microsoft Azure Information Protection. This service builds on the existing Microsoft Azure Rights Management Service (Azure RMS), and requires only a 5-step implementation process.
The first step is to identify what is classified data. Not all data generated in your organization is critical or classified, so it's important to make this distinction before you can protect it. Once you identify critical data, the next step is to label it, so the system knows that it has to be protected. Next, your labeled data will be protected by the system, and you can monitor or track its access and usage. Lastly, if you notice any misuse of your data, you can revoke access to it at any time. Simple, right?
Though the process sounds similar to Office Data Loss Prevention (DLP), what's unique here is that you can classify, label, and protect at the same time, and this obviously makes your document more secure.
In addition to this easy implementation process, Azure Information Protection also comes with other cool features that protect your data in the best way possible. Here's a look at some of them.
Label classification at the time of creation
Azure Information Protection allows you to classify and label documents and its contents at the time of creation. You have the choice to configure rules to detect sensitive data and label them as they occur in your document. For example, let's say you configured rules to protect your credit card information. Every time you enter that information on an Office document or email, you'll get a custom tool tip that would recommend you to apply a specific label. Once you've labeled the content, you can track where it is used. These labels allow you to track the flow of specific information, detect any risky or suspicious behavior, prevent data leakage, protect documents, avoid misuse, and more.
Hold Your Own Key (HYOK)
Another important protection feature is Hold Your Own Key (HYOK), that allows you to deploy multiple RMS services within a single Azure Information Protection environment. This way, when an end user uses your classification system, they'll see the labels, but won't know the exact RMS Server to which it is mapped. They can only pick the label, while you, as the IT admin can set the policies you want for each classification and label. In other words, your data is opaquely encrypted with HYOK.
The obvious advantage is only a small group of people know the classifications and mapping, so it gives an extra layer of security. From an employee's perspective, they don't have to worry about labels and their guidelines, and all that they have to do, is simply add labels to classified data.
That said, it's not a good idea to use HYOK frequently as Office 365 cannot offer many rich and interactive functionalities such as search, web views, anti-spam, anti-malware, and pivoted views, as this data is opaquely encrypted. For these reasons, it's important to restrict the use of HYOK to just a small amount of highly critical data.
The best part about Azure Information Protection is that the classification you do travels along with your data, regardless of where it is stored or how it is accessed. It works on all devices, including smartphones, so you can rest assured that your data is safe, and more importantly, you have control over who accesses it.
As a document owner, you can decide with whom you should share data, who can access its contents, and what they can do with it. For example, you can allow users to only view or print documents, and not edit or share it with someone else. Such a high level of control makes it safe for you to share data across any network, and with anyone.
The hallmark of any good service is its simplicity. In general, users should never be able to see the complex processing that goes on behind the scenes, and they should be able to perform all complex mechanisms through a simple interface. Microsoft Azure Information Protection fits this description perfectly.
It's protection controls are integrated with Office documents and other common applications, so you don't have to install a new software. In addition, it comes with simple and sometimes even a one-click option to secure confidential data. In-product notifications and appropriate recommendations also make it easy for you to make the right decisions to secure your data.
Azure Protection Information offers the highest levels of visibility for your data, which means, you can track it, and even revoke access if needed. Your IT admin department can also log, monitor, and analyze the data that is shared with others.
Sometimes, it's common sense to protect certain data like your SSN and credit card information, and for such cases, Azure Protection Information has automated rules. This way, you don't have to create separate rules for information that have to be protected universally.
This protection is available for Microsoft Exchange Online, Microsoft Sharepoint Online, and Microsoft OneDrive, and this means, your business content and private information will always be safe.
You can protect your data regardless of where it is stored. Whether it is on the cloud, or in your own data centers, you can protect your data in the best way possible.
No extra effort
Employees can classify data and emails during the normal course of their work, and this means no extra effort or time is needed from their end. Also, it is simple to implement and doesn't require any elaborate training.
For IT admin too, the process of setting up rules is fairly simple and self-explanatory. They can use the existing RMS templates and apply them to the content generated by Word, Excel, and Outlook applications.
To conclude, Azure Information Protection service from Microsoft offers the best protection for your data. It uses a simple labeling system to identify classified data, and gives you the control to track, monitor, and revoke access to this classified data whenever you want. For more critical data, you have the choice to use an encryption system called HYOK, but it's a good idea to restrict it to the "top-secret" data of your organization as it can affect user experience on Office documents. The best part is it is easy to use, and comes with no extra fringes that can affect the productivity of employees. For these reasons, Azure Information Protection is a great way to protect your data, especially in today's business environment.
Are you ready to try it?