Your IT department works hard to keep data and systems secure within your company, but what happens when that data is shared outside of your organization? , What happens when you send sensitive information about your company through email? , Is it possible to control it?
Azure Information Protection (hereinafter AIP) is the answer. AIP is a Microsoft cloud service that allows companies to protect their confidential data by encryption (whether they are local or in the cloud), ensuring that even if the document leaves the organization to an unsafe environment, only authorized users they will be able to access it. In addition, we can define the actions that may be carried out by authorized persons and continue to have the document (and its copies), always under our control, wherever it is, even though we do not physically have access to it. This service is focused on solving two important needs for companies: security and legal compliance of information.
How does it protect?
In general, with Azure Information protection you can classify , tag and protect office documents and emails when they are created or modified.
- Sort and identify the data according to your confidentiality.
- Protect data through encryption, authentication and use rights.
- Control the data shared in your company.
Persistent protection for your confidential data
With AIP you can protect the sharing of confidential data inside and outside the organization by applying limitations to the actions that users can take when they receive or share an email or document. For example, you can prevent a file from being sent to external users to the organization or restrict the actions that users can take on a document (print, save, edit, etc …).
AIP uses the protection technology of Azure right management (hereinafter RMS), this service uses encryption, identity and authorization policies to protect files and email in multiple devices and persistently, so that the data remains always protected regardless of where they are stored or with whom they have been shared. RMS allows administrators to create protection templates and define rules that automatically protect documents and emails. Likewise, the service also allows the user to manually protect the document through recommendations (previously defined by the administrators).
In this image the administrator has set up rules to detect confidential data (in this case, credit card information). W hen a user saves a Word document containing credit card information, AIP recommends that you apply a specific label that classifies and protects the document, depending on the configuration.
Likewise, with AIP you can track all the activities that are carried out with the shared data, see where a document has been opened and revoke the access remotely at any time.
1- This screen shows the number of times a document has been viewed and the number of times its access has been revoked. 2- This screen shows the places from which the document has been opened
Identify your confidential data
When we label a document or email, what we really do is classify that information according to the sensitivity of the data it contains. This classification allows users to know the degree of confidentiality so that they are aware that exposing such information can be a serious problem for the company, whether it is filtering corporate secrets, breaching privacy, personal data, etc. .
AIP allows you to configure the labels in the following way:
- Automatically: Rules to detect sensitive content that the administrator establishes and that are applied automatically.
- Manually: In this case it is the user who classifies the document by tagging it with one of the options available by default (Personal, Public, Internal, Confidential and Very Confidential).
- A combination of both , by recommending the user to tag the document or mail if sensitive data is detected.
The recommended classification helps users protect the data they work with just one click.
Administrators from the AIP management console can link the labels with an RMS rights management template to apply the corresponding protection. For example:
This email has been classified with the “General” label, previously the administrator has configured a rule designed so that data classified with this tag can not be sent outside the organization. The tag is inserted into the e-mail headers so that when trying to send the mail, the value is inspected, an audit entry is created and the information is not sent out of the organization.
Recently Microsoft has expanded the capabilities of Azure Information Protection by adding AIP Scanner , a functionality which provides the experience of classification, labeling and continuous protection of the data in the own facilities.
The system continuously tracks local repositories, such as file servers and local SharePoint servers, to discover, tag and protect the files, according to the directives defined in AIP.
How does AIP help meet the GDPR?
AIP guarantees that the data is identifiable and protected , a fundamental requirement of the new European Data Protection Regulation (GDPR) , regardless of where they are stored or how they are shared. The classification, labeling and data protection offered by AIP help to comply with this new regulation and offer the company a secure environment.
Integration with Cloud App Security
The integration of Cloud App Security (CAS), the tool that helps control the cloud applications that users use from the company, and AIP facilitates an extra level of protection for companies. CAS detects if a document has been tagged incorrectly, if it has been shared with external users and it contains sensitive information, the tool forces its proper labeling.
How to acquire Azure Information Protection
AIP can be purchased as an independent product or in one of the following sets of licenses:
- Enterprise Mobility + Security
- Microsoft 365 Enterprise
Azure Information Protection is another of the powerful tools offered by the Microsoft cloud to help companies obtain maximum security and control of their confidential information . You can discover these and other tools in the series of articles that we are publishing in our blog in which we go into the whole subject of security and compliance , we encourage you to follow us!
Do you want to know more about Azure Information Protection? Contact us!