How does AIP fit in your CyberSecurity strategy?
First of all, you cannot protect sensitive data if you cannot identify it.
Azure Information Protection (AIP) aims to identify sensitive data and classify documents. With AIP, this can be accomplished manually, or automatically using pre-defined rules that will scan the contents of files on different storage locations.
Some companies will say that sensitive data is only stored in their CRM or ERP system, but how many users are able to export this data into Excel files and save it to their local computer, a shared drive, Cloud storage, or send them to their personal email address to work from home?
With AIP, once you will have identified and classified your documents, you can automatically apply protection to them. The permissions will be embedded in the encrypted files and will not disappear when these files are copied.
With the labels (metadata) that are applied by AIP, you can easily identify where your data is and apply DLP policies.
Many companies will define standards on how to store corporate documents (e.g. SharePoint and OneDrive), but there is no way to ensure employees will stop using third party tools completely.
With monitoring, e-mail transport rules, or DLP solutions, you will have better visibility to where your documents are being shared, and you will gain the ability to define rules to alert or block specific actions.
Using AIP for discovering and labeling your documents is a good start and will provide some visibility on what you have to protect!
Encrypting documents could require time and be a challenge for companies, but applying a label to a file is easy and does not require a lot of change management. Most of companies are starting by labeling documents in order to identify their data and gain visibility, apply specific measures (e.g. DLP), and gain in maturity before starting to encrypt.
For customers having an E5 license who have E5 licenses, labeling files could even be easier as AIP can look for specific content (e.g. PII, Credit Card) to classify a document.
Avaleris has assisted many organizations to deploy information protection and security strategies to cover various information protection use case scenarios. Our highly qualified consultants will be happy to help you on your security journey and help you to start discovering your data.
Avaleris can help you plan the implementation of data classification & protection strategy, and recommend the best way to migrate from AIP to unified labels.
Practice Lead, Cybersecurity & Information Protection
Avaleris focuses exclusively on hybrid identity, enterprise mobility, and cloud security, enabling businesses to improve their agility and security while enabling employee productivity and collaboration.
Reach out to us to discuss your project objectives.
1-844-996-9695 • firstname.lastname@example.org • www.avaleris.com