Table of Contents Hide
- Why Information Protection Is So Important For Organizations
- When Information Leakage May Occur
- Information Under Control – Azure Information Protection
- How Information Classification works
- How Information Protection Works
- Why To Implement Azure Information Protection
Why Information Protection Is So Important For Organizations
The basis for the existence of every company is Data that its employees process. The data carries information that, if used incorrectly, poses a threat to the company’s interests.
Information that falls into the wrong hands poses a threat on business grounds – these can be: trade secrets, information on the solutions or technologies used, financial information about the company’s condition or simply information about contractors.
Information that falls into the wrong hands as a result of our negligence creates a threat under legal liability – it may be personal data of our employees, business partners, customers or patients. Data on stock market reports or public orders constitute a separate category.
In the era of information technology and technologies that allow you to easily copy and transfer data, it is so important to correctly classify and protect information.
When Information Leakage May Occur
The most common reasons for data security breaches and information leaks are not only cyber attacks but also the prosaic activities and errors of our employees.
Here are some scenarios in which we may lose control over Information that is relevant to us
Flash drive with company data
Copying data to a portable memory for archiving or finishing work from home – is a potential threat if it is lost. The least problem is media loss. But what if we don’t know whose hands the data stored on it got into and how it will be used?
A computer used by a bystander
Lending the computer to a family member may not seem to be the height of recklessness, but what if it is a child, unaware of the importance of information written on it? Installing or running potentially dangerous applications can threaten our data. If a computer or mobile device is made available to a third party (it may be a sharing that we do not know about), we do not know its intentions and we are not able to check whether and to which data it has gained access.
Potentially dangerous applications
The use of unapproved applications is one of the scenarios in which we can become a source of information for a cybercriminal in a completely unconscious way.
An e-mail sent erroneously
One of the most common mistakes. Mechanisms prompting e-mail addresses in e-mail programs have more than once become the reason for sending a message not to the person we meant. What if the message contained a commercial offer or financial data of the company.
What if the e-mail contained a document with planned layoffs sent by mistake to the address of employer @ instead of employees@
Unapproved data backup mechanisms, unauthorized access to archived backups or software of unknown origin are treated as an increasingly serious source of security threats.
According to the analytical company Gartner, by 2020, every third cyber attack on an enterprise will be carried out in the area of unapproved IT resources.
Information Under Control – Azure Information Protection
Education of users, patching potential loopholes in the security system are not everything. We can only get certainty when our information is under constant surveillance and is properly protected against accidental disclosure.
The solid technological basis provided by Microsoft technology allows us to classify the data we have, build flexible information access policies, and protect and monitor our data regardless of where they are.
How Information Classification works
To protect data, we need to know what types we are dealing with. We will deal with publicly available data differently, data for internal use and data strictly confidential.
The classification of information allows us to divide our data in terms of their importance and the degree of protection expected.
Manual, automatic and recommended classification
Classification of information can be done manually – the user, based on his knowledge, decides which class of information should be used.
Information Classification can also take place automatically on the basis of information contained e.g. in a file or e-mail.
The user can also receive suggestions for classifying the document he is currently working on.
A label is assigned to each information class. It is a name and visual marking (usually color) by means of which users can easily identify what type of information it concerns.
The labels are visible in the Office programs and in external tools supporting the AiP mechanism.
Thanks to labels, the classification of information and identification of the class of information contained in the received document or message becomes natural and does not create any problems. Over time, the use of labels and classification of information becomes a natural element of organizational culture.
How Information Protection Works
The fact that a document is marked with a particular class of information makes the user aware that he is dealing with sensitive data. Additional visual markings, such as automatically added watermarks, information in the footer or header, create awareness in the organization of working with documents that require special protection.
Marking information with additional visual elements also gives the user a sense of responsibility for actions performed with a properly classified document.
Marking information is purely psychological and increases alertness and awareness when working with protected information.
Each class of information, and, as a result, also the document assigned to it, in addition to visual marking, can be protected against unauthorized access.
The Information protection function causes:
Access to the information contained in the document or message is impossible for persons for whom the Information is not intended
Information is protected regardless of where it is located. It can be copied, sent, publicly disclosed without risk
The medium we send the message and the level of its security does not matter. Random people cannot access the information
We are informed about every access or attempt to access a protected document
We can remotely revoke permissions for a document to which we no longer have physical access
Why To Implement Azure Information Protection
|We have an ordered classification of information processed in the organization|
|We have a model of rights and responsibility|
|We control the information contained in documents and correspondence|
|We control the flow of classified information inside and outside the organization|
|We freely manage access to information regardless of its location|
|Information becomes independent of the medium and place, we know who, where and when it accesses it|
|In the event of an information leak, we can easily identify the source|