Data Privacy continues to be a top priority for I.T. and executive management. As the security landscape changes and becomes more complex, it’s no surprise that organizations are looking to experts like Kiefer and Microsoft to ensure that their data security strategy and data privacy policies will protect the organization and their clients/constituents.
Office 365 is a practical way for your organization to keep data in place, which helps in reducing the chances of content being compromised. In addition, organizations can manage data governance by using automated labels and policies that keep the right data for the right amount of time, while restricting access to only authorized users.
Kiefer works with many organizations that have documents and data that contain sensitive and confidential information. Sadly, all it takes is an honest mistake to compromise the data, and equally as bad, your organization’s reputation.
Even an honest mistake that compromises data will hurt your reputation.
Even when data leakage isn’t intended or malicious, it can still result in the same penalties and damage to your organization’s reputation. In addition, these accidental data leaks do not free you from potential legal responsibilities.
Some common examples of how information is leaked are as follows;
- Accidentally attaching the wrong file to an e-mail
- Sharing confidential information with an authorized colleague, only to have that information inadvertently shared with an unauthorized user.
- Phishing attacksThe Ill-Intentioned or disgruntled Employee
- How Can Office 365 help you in protecting sensitive data
One small but significant shift in how organizations establish better control of how data is accessed and shared is by keeping the data in one place. Applications like SharePoint Online and OneDrive allows users to share links to a document as opposed to sending an attachment. By sending a link to a document that is stored in the cloud, organizations can help ensure that the data is only accessible to those with the credentials to view the data or documents.
Best-in-class organizations are going beyond just keeping data in place, they are implementing end-to-end practices that help keep data secure and reduce the risk of data leaks. Here is how some organizations are applying data protection across the entire lifecycle of a document and the data contained within the document.
When Data is Created
IT can help improve security at the document level by applying encryption policies at both the file creation level and the laptop to help in protecting sensitive or confidential information.
As Data Moves
As data moves, IT can scan the data when it’s uploaded to the cloud. Scanning a document for sensitive data enables the data to be labeled based on IT policies. Classifying (or labeling) the data enables the organization to reflect a level of sensitivity. Based on the contents of a spreadsheet or a document, the document can be labeled accordingly and security policies can be applied.
IT security policies determine what protective actions should be applied to the file. Actions include;
- Encryption of a document
- Restricted access rights to a document
- Application of visual marks or watermarks to a document
- Compliance with retention or deletion policies
- Blocking users from sharing a file
When someone needs to share information, the labels and security policies that were applied by IT travel with the data. The file’s protection is persistent. Policies like “restricted access rights” can be applied to specific documents and only specific users will be able to view the data.
The Document Lifecycle and Data Governance
As a part of a comprehensive data security strategy, IT can monitor data access and sharing. With his capability in place, IT is alerted if abuse or threats are detected.
Many organizations struggle with managing data governance and applying policies to a document. Microsoft allows IT to establish expiration, retention, and deletion policies to reduce that risk. Data governance is sometimes overlooked but it’s important to protecting sensitive data. If information is retained longer than it should, there is unnecessary risk of being discovered and compromised.
Kiefer Consulting has been helping organizations leverage the inherent capabilities of Office 365 to improve how they manage sensitive or confidential information in their organization. Talk to Kiefer to better understand how Microsoft’s approach to end-to-end data protection could be leveraged to help prevent the leakage of sensitive data while helping to protect your organization’s reputation.