Protecting your company data with Azure Information Protection.
While recent improvements to the Office 365 suite have vastly increased data sharing and collaboration capabilities, raising the potential for productivity, you might be left wondering if all this data being passed around (and possibly outside of) your company might bring certain security risks. This is a valid concern – at its base level of implementation, there is nothing stopping a member of staff sending any Office 365 document out of the company network in an email or copying it to a thumb drive and walking out of the office with it. Yes, any good data protection policy will forbid this type of behaviour, but wouldn’t it be better to add an electronic barrier, which would restrict the opening of a document to a limited group of staff members, or even allow the author to revoke access to a specific document if he or she felt that it had fallen into the wrong hands?
This is where Azure Information Protection (AIP) comes in. Enabled with the addition of an Enterprise Mobility + Security (EMS) licence, AIP allows a document author or system administrator to sort documents by classification, add labels that remind the reader of the documents restriction type, and protect the document against unauthorised access. If this sounds somewhat abstract, take a look at this example to see how simple it is to protect your company data inside of Office 365.
The following assumes you have set up the required classifications with your IT administrator and have the AIP client installed on your device.
First, identify how the information in the document should be classified. This process can be automated, but for the sake of this article, we’ll run through the process of applying it manually.
If the document contains credit card details or other financially sensitive information, you may want to restrict access to only the financial department. This can be achieved with a few simple clicks, like so:
Selecting the Secret: Finance Only classification.
With just these two clicks, quite a bit has happened. First, you’ll notice that labels have been applied to the document, which plainly shows the restricted nature of the document. In this example, we can see the “SECRET” watermark applied to each page.
A big secret.
In addition to the labelling, much more has happened to the document in the background. Depending on the Azure settings agreed on between you and your IT provider, there may be file encryption applied, as well as rules stipulating whether the file can be opened on devices outside of the business. If external access is denied by the classification, or you don’t have the permissions to enable it, then you’ll see a message like this when attempting to email the document out:
This data ain’t going anywhere.
However, if you have got the ability to enable external access, you’ll end up with an email that looks like this. Notice the file is still classified as “secret”, which will become important later.
An open secret?
Notice how this process lets you send encrypted/protected information without the hassle of using PGP, digital certificates, password management or any of the other needlessly complicated solutions on the market.
Now, your document has restrictions placed on it, but it would give us even more peace of mind if we could see who was opening the document worldwide – and revoke that access if we think someone has it when they shouldn’t. Luckily, AIP lets us do this within Azure RMS:
It definitely shouldn’t be in America right now.
If you suspect a ne’er-do-well has a hold of your data, then it’s as simple as clicking “revoke access” and confirming the operation to take it away again.
Only I get to know how badly we did this quarter!
That’s it! Well, actually it isn’t since this only scratches the surface of what AIP can do for the protection of data within your company.
To find out more about what combining the power of Office 365 and AIP can do for plugging security holes in your business, contact one of our friendly sales representatives at Curatrix today.