Keep it secret, keep it safe: Azure Information Protection

To quote Grandad from ‘Only Fools and Horses’, you could say that “during the war” people were far more aware of how easily information could spread. After all, “careless talk costs lives.”

While we don’t have the immediate pressures of wartime Britain today, we still have information that we need to manage and take care of in the age of GDPR and regulations like it.

While the loss of data may not cost lives, it could well result in a hefty fine or even company closure (remember Cambridge Analytica).

 

Old School

The way that IT systems take care of data and the way humans process data can be very similar.

Let’s look at a file the human way. Here is an example file in a folder:

A plain document file

So, how does a real person know what to do with the file? Simple, they open it up and look inside. Of course, that may mean that they read information that they are not supposed to. With people it’s easy to stamp the folder with something that tells them what classification of information is inside the folder.

A paper file marked with a top secret stamp

Now, that makes it much easier to understand. The folder may not be sealed to protect against unauthorised eyes, but it is much more obvious that the data inside needs to be handled carefully.

We can apply a similar process to IT systems, with a much greater degree of security thankfully.

When using something like file explorer we see a file appear like this:

We can see the file name and the type of file (in this case Word) and if we look at the properties, we can see specific details about the file.

What we really need to add to the file though is a label or ‘stamp’ that defines its classification or sensitivity. If we do this in a way that IT systems can read, then we can start to use that label to control what happens to the file.

 

For Azure eyes only

Azure Information Protection (AIP) provides an easy way of attaching a sensitivity label to the file. In Word, for example, we can utilise a toolbar that allows a user to select the relevant sensitivity of the document they are working on.

This document is now considered to be a ‘General’ document.

Once we have assigned the sensitivity it appears in the properties of the file.

Because the sensitivity is held as part of the document (Word, PowerPoint, Excel, email message), it can be used as part of a set of security controls.

As an example, if a user tries to send a sensitive email outside of the organisation, it can be blocked – or an advisory message can be sent to the user or admin.

When a classified document is saved to a SharePoint location, the system can tell if it has been misfiled and report appropriately.

By adding the correct label (stamping the file), we can gain more control over what happens to it. If we add encryption to protect the file, then we are sealing it against inadvertent opening.

If we think about what we want to control based on what classification the file has, things become easier. Using AIP to help label the file allows the other Microsoft tools to work together to help with data protection compliance – whether that be GDPR or some other regulation.

Tools like Data Loss Prevention (DLP) or Cloud Application Security operating in conjunction with the Security and Compliance tools, go a long way to ensuring that sensitive data is kept as secure as possible.

Labelling is an effective first step toward protecting your sensitive data but there’s still more you can do to ensure maximum security.

To help get you started we have developed a quick Cyber Security Assessment so you can benchmark your organisation’s current performance.

If you would like a more detailed discussion, then do get in touch to speak to us about the security benefits of a full Current State Assessment.