Steps to Developing a Microsoft Data Protection Plan: Part 2

Your data protection plan is as only as good as your employees. Make sure your tool set is understood and used by your company.

By Cathy Dew

Data Protection is not set it and forget it, you need employee compliance and monitoring

Data protection has become logarithmically more difficult with the advent of cloud services and mobile devices. We are no longer in the age of complete network control and unless you work in an industry that requires and air gap between the network and outside services, you are going to have to build a data protection plan that covers your critical files both internally and externally. Last article we covered what is a Data Protection plan, and how Azure Information Services can help you build a digital data protection plan. Today, we’ll cover a few more tools and discuss that one critical element that every company must deal with when it comes to data protection, employees.

Office 365 Security & Compliance

The first place you need to start building out your data protection plan is within Office 365 Security & Compliance center. The classifications, labels, and data loss prevention policies for Office 365 are all managed here. Office 365 also has sensitive information types that can be activated, customized or created in order to assist with identifying and controlling critical files.

Office 365 Data Loss Prevention

This tool—often abbreviated as DLP—allows you to create data loss policies in SharePoint Online, OneDrive, or Microsoft Exchange Online. DLP lets you set up rules for sensitive information that should not be emailed outside of the organization. It can even implement policies that don’t allow certain data to be sent in an email at all, whether internally or externally. DLP policies help identify sensitive information for users that might not be aware of all confidentiality rules, prevent purposeful or accidental disclosure of sensitive information, and protect your company’s compliance and data retention practices.

The Labels & DLP policies for Office 365 and Azure Information Protection services currently do not overlap. You will have to maintain two sets of policies until Microsoft integrates the rules between the two systems.

Getting Your Users Involved

Obviously, Office 365 Security & Compliance and Azure Information Protection are each a cornerstone of any data protection plan in the Microsoft ecosystem. These software management solutions give you an unprecedented amount of control over the security and monitoring of your data, no matter what form it takes, how it’s used, or where it’s being sent. If there’s a drawback, it’s that these protection tools are such a vast, overarching solution that managing it is almost certainly too much for one person to do alone.

Therefore, businesses need to get their end-users involved. Files as they are created need to be labeled so the correct policies are applied. As new sensitive data types are developed, IT needs to be notified so that new policies can be crafted. Additionally, Legal and IT need to be in communication as to the correct policy terms in an ever-changing legal environment.

Desktops are on the wane and devices are all the rage. File access and creation are no longer the domain of the desktop PC. And when you want your data policy to extend beyond Office 365, you have to implement Azure Information Services. Therefore, once you have Azure Information Protection rules in place, your employees need to download and install the Azure Information Protection client on all their devices. Once installed, the client takes the form of an “Information Protection bar,” which integrates itself into all Microsoft Office applications. The toolbar makes it easy for users to choose the right classification for any file they are creating. That way, the right level of protection is applied to that file from the beginning, with no need for a central data protection manager to audit the file and determine how sensitive it is.

Mobile Data Management

Office 365 includes a corporate mobile application that assists with managing device access to the corporate network, and even allows a remote wipe of corporate data if the device is lost or stolen. These access rules and restrictions need to be activated in your Office 365 tenant space and all the devices connecting to the Office 365 environment need to be enrolled in the new security policies.

Once you have the MDM configured, you can manage the devices and device rules directly from the Security & Compliance center.

Other Tools for Your Data Protection Plan

Implementing both Office 365 Security & Compliance and Azure Information Protection are the most significant and most important steps to creating an effective data protection plan for your Office 365/SharePoint/Microsoft ecosystem. However, even with Office 365’s and Azure’s numerous protections in place, there are still other steps you might want to take to make your data even more secure. Here are a few more tools you should consider implementing as part of your protection strategy:

  • Windows Information Protection: Windows Information Protection (WIP) is designed to prevent the leakage of sensitive data. It integrates with the Windows platform to ensure data protection without requiring end users to change the way they do things (e.g., use different apps or store documents in special folders). With WIP enabled, only authorized users and applications can access sensitive data. There is also a copy and paste protection feature, which makes it impossible for users to copy business data and use it with personal applications. In other words, it stops users from sending out trade secrets or confidential photos via their personal email, or from accidentally pasting sensitive financial information into a social media post. Finally, WIP has a feature that makes it possible to wipe corporate data from a device remotely, without disrupting or compromising the user’s personal data.

Using these features will give your business much greater data protection than SharePoint permissions alone can provide. By securing data across numerous platforms, channels, programs, applications, users, and devices, Microsoft’s various tools for data protection create a powerful wall against data breaches, data leaks, and other similar catastrophes.

Get Help Implementing Your Data Protection Strategy

Building your data protection plan is the easy part. Implementing the strategy within your organization is considerably more difficult. If you have any questions about building a data protection plan, or how to implement them fully, feel free to reach out. Go online to schedule a free consultation with our team or call 510-652-7700 today.

Cathy Dew
Cathy Dew – CEO + Information Architect
Cathy focuses the company on our mission – Real results. Every time. Information architect and strategist, Cathy is passionate about making software work well – the function, the feel, the result.
Send me great news