In today’s always-online world, misplacing or having data stolen is almost an inevitability. Whether corporate data is mailed to the wrong address by mistake, devices are left in public places, or data is stolen in a breach, there are many ways for confidential information to fall into the wrong hands.
The modern approach to data security is to secure the data itself, rather than securing devices or relying on user training. This means that even if data falls into the wrong hands, it cannot be accessed and that protection is guaranteed no matter where the data is moved to.
This is in contrast to the older ‘defence in depth’ approach, putting controls on devices and users in an attempt to keep data secure. While effective in most cases, this puts the emphasis on users and has an impact on their experience – often pushing them towards storing their data on uncontrolled devices for their ease or sharing data over methods that you cannot control.
The Importance of Data Protection
Not only can the loss of data be expensive and embarrassing for a business, but it also carries legal implications – especially in light of GDPR. The General Data Protection Regulations instituted by the EU in May 2018 require businesses to take measures to secure consumer data and attach hefty fines to businesses that fail.
If your users are storing sensitive information in the incorrect place, like unsecured devices or a Dropbox account, and not taking appropriate care with work devices, you could easily fall foul of these laws. But, by protecting the data itself, you can ensure that any lost data still can’t be accessed and, in so doing, stay compliant even amid user errors.
Using Azure Information Protection
Azure Information Protection, or AIP, is a cloud-based tool that enables users to label documents to ensure their classification or protection.
The rules attached to labels can be customised, to provide different levels of protection. Labels can be both manually applied or follow rules for automatic application – a label might be automatically applied if a credit card is detected, for example, or if customer contact details are present in a document.
AIP makes use of Azure Rights Management, ARM, to protect data, using identity controls and encryption to keep it safe. ARM integrates with other Microsoft applications like Office 365 and Azure Active Directory to allow for protected emails, spreadsheets and other commonly used business documents. Older documents can be retroactively labelled too, as AIP can scan local and network libraries to apply labels based on admin-set rules.
Rights can be set to easily allow access only to certain people – recipients of an email or member of a business team, for example. Users will be made aware of the security status of a document when they receive it and no one but the specified users will be able to access the contents.
Once data has had a label applied through AIP, it can be tracked and controlled by administrators, it is also possible to revoke access at any time. Following where protected data goes and how it is used not only gives businesses more control but can help with identifying weak points in security infrastructure, allows failing users to be targeted with training, and can help to prevent data leakage or misuse.
Thanks to AIP, then, not only can a business secure its documents even in the case of user errors but use the feedback and tracking tools to improve overall data security and user compliance.
Be sure to check out our resource to secure device freedom for a deeper insight on how these user mistakes are mitigated here.