New Microsoft service puts a leash on documents on the web

Microsoft has launched a new security service that adapts data leakage prevention to the cloud.

Azure Information Protection is in Microsoft’s view data loss prevention (DLP) on steroids, and one that the Redmond company claims is better built for the organisation with porous borders. In other words, any organisation that uses the cloud.

The service combines Microsoft’s Azure Rights Management (ARM) and data protection technology it gained through its acquisition of Israel-based Secure Islands late last year, which it said would bolster Microsoft’s DLP-related data classification capabilities that are already built in to Windows and Office 365.

Microsoft announced on Wednesday that it will roll out a public preview of Azure Information Protection by July, showcasing its integration of Secure Islands’ technology and Microsoft’s ARM.

“This new approach delivers data protection, as well as innovative and intelligent new detection capabilities for security teams, while retaining great productivity experiences for people at work,” Microsoft said in a blogpost.

Microsoft wants to make employee identity the root of protecting information assets, whether they’re in the cloud, on mobile devices, or in apps.

While Office 365 already assesses what corporate data to protect, the new service will help organisations protect the document itself, even after the document has moved beyond the corporate firewall.

As with DLP, organisations will still need to define what is sensitive and what is not, but Microsoft is going to help label the content, with a focus on the most sensitive documents. It aims to strike a balance between end-user convenience and burdens on admins as users navigate anti-leak protections.

It will also automate processes to protect documents whether they’re inside and outside the organisation. Once restrictions on a document are narrowed down, admins will have tools to monitor for use or abuse.

Additionally, users will have the option to select whether a document is “confidential” or “secret” and restricted to the finance department. If the document has been marked as the latter, the rules for it will stay with the document beyond the firewall.

Key capabilities that Microsoft says the service will deliver include:

  • Classify, label and protect data at the time of creation or modification. Use policies to classify and label data in intuitive ways based on the source, context and content of the data. Classification can be fully automatic, user-driven or based on a recommendation. Once data is classified and labeled, protection can be applied automatically on that basis.
  • Persistent protection that travels with your data. Classification and protection information travels with the data. This ensures that data is protected at all times, regardless of where it is stored, with whom it is shared, or if the device is running iOS, Android or Windows.
  • Enable safe sharing with customers and partners. Share data safely with users within your organization as well as with external customers and partners. Document owners can define who can access data and what they can do with it; for example, recipients can view and edit files, but they cannot print or forward.
  • Simple, intuitive controls help users make the right decisions and stay productive. Data classification and protection controls are integrated into Office and common applications. These provide simple one-click options to secure data that users are working on. In-product notifications provide recommendations to help users make the right decisions.
  • Visibility and control over shared data. Document owners can track activities on shared data and revoke access when necessary. IT can use logging and reporting to monitor, analyze and reason over shared data.
  • Deployment and management flexibility. Protect data whether it is stored in the cloud or on-premises, and choose how your encryption keys are managed with Bring Your Own Key options.

Join the CSO newsletter!

Error: Please check your email address.

Tags Office 365azureMicrosoftdata loss prevention (DLP)Windowsdata protectionCSO Australia

More about ARMDLPMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place