Steps to Developing a Microsoft Data Protection Plan: Part 1

A Microsoft data protection plan is a strategy that utilizes Microsoft’s software, features, and tools to strengthen the security of your information.

By Cathy Dew

Securing your Office365 data requires first building a data protection plan

Having a comprehensive, uniform data governance strategy for your business will go a long way toward improving the efficiency of the way your users interact with documents and data. It will also help you stay compliant with government or industry regulations (re: document retention and deletion) and can even be beneficial for data security. If you want your data to be truly secured, though, you need more than a basic permissions policy to govern who can access or change what. Indeed, for true document security, you will need to develop and implement a full-bodied data protection plan.

What Is a Data Protection Plan?

A Microsoft data protection plan is a strategy that utilizes Microsoft’s software, features, and tools to strengthen the security of your data. A robust data protection plan should apply different levels of control and security policies to files depending on their sensitivity. It should also adhere to any relevant laws or regulations. Finally, it should be universal across all channels and devices in your organization, whether that means encrypting data on your network or remote wiping devices to mitigate security threats.

Leveraging the Right Tools: Azure Information Protection

The good news is that Microsoft provides you with several tools you can use to secure your data. The bad news is that many enterprises don’t know how to use these tools for information security, or don’t even realize they are there in the first place. The question, then, is where to start as you devise your data protection strategy?

Probably the most powerful data protection tool in the Microsoft arsenal is Azure Information Protection. Azure, of course, is a powerful cloud computing platform that allows users to build, test, and deploy applications or services. Azure Information Protection is a cloud-based system that lets you classify your data and apply different levels of protection to it, depending on what you need it to do.

Azure Information Protection utilizes a labeling and classification system. When you first use the service, you will configure rules to stipulate the kinds of data you want to protect. For instance, you might want to protect any document that includes credit card information. By configuring the right rules, you can tell Azure Information Protection to detect credit card information in any document—be it an Excel spreadsheet tracking recent transactions or an invoice that includes a customer’s credit details. The protection can even extend to emails.

Once you have set up rules in Azure, the next piece of the puzzle is labeling. With labels, you can classify documents based on the level of security or protection they require. Once documents are classified in this fashion, you can manage their security at a macro level. You can use labeling to track who is accessing various files or to monitor how the data is moved, exchanged, or reused throughout your organization. In essence, Azure Information Protection gives you a global view of the data security in your enterprise. This global view makes it easy to spot behaviors that might be a risk to data integrity or security, in turn giving you the foresight to correct these problems before they lead to leaks or data breaches.

Labels applied through the Azure Information Protection system do a few things to classify documents. First, they apply visual markings to all protected files. These markings may manifest as headers, footers, or watermarks, but they always tell users when they are looking at protected information. Secondly, they apply metadata to documents or emails, which can be read and understood by other Microsoft security functions and services.

For instance, say you are sending an email that includes sensitive information. You are sending it out to your entire team, which means there are a dozen or more recipients. However, you want to make sure the data won’t be forwarded to anyone outside of your organization—whether by accident or on purpose. Azure’s data classification system helps avoid such an outcome in several ways. By applying visual markings to emails or documents, the labeling system gives users a tough-to-miss warning that the data is sensitive and should not be shared. With a metadata tag, the classification system can also send the same message to other data security and protection services. For example, a metadata tag in the header of your email can tell your email service not to let it be forward or sent to anyone outside of your business.

In addition to rules and labels, Azure Information Protection also uses Azure Rights Management to protect your data. Azure Rights Management (or Azure RMS) uses a mix of encryption, identity recognition, and authorization systems to keep your data from falling into the wrong hands. By integrating with other software—include Office 365 and many third-party applications—Azure RMS policies remain intact on your files or emails, no matter where they go. You might use RMS policies to make a file impossible to print, or to make it so that emails cannot be forwarded.

Microsoft currently offers a similar feature within SharePoint itself: SharePoint Information Rights Management. But this feature is deprecated, and if you are using it you should be looking into migrating to the newer Azure Information Protection options via labels and file retention policies

Get Help Implementing Your Data Protection Strategy

Deciding all the different things you want your data protection plan to do is the easy part. Implementing the strategy throughout your organization’s technology environment is considerably more difficult. If you have any questions about where to access the features discussed in this article, or how to implement them fully, feel free to give us a call at 2Plus2. We would be happy to schedule a free consultation to learn about your needs and figure out what we can do to help. Go online to schedule a free consultation with our team or call 510-652-7700 today.

Cathy Dew
Cathy Dew – CEO + Information Architect
Cathy focuses the company on our mission – Real results. Every time. Information architect and strategist, Cathy is passionate about making software work well – the function, the feel, the result.
Send me great news