In today’s world, it is very important to protect our data. Every day we can read some news over stolen information from companies. If we start the discussion about this topic, then in the first moment I hear things like: “We don’t have such problems, because we have a great virus scan, firewall and our proxy servers are blocking DropBox and other cloud storage providers.” But after a short while they start telling us some problems in their solution, like the mobile users can upload the documents in the guest WIFI or at home, because there is no proxy server there. Or the users are sending the files to their private mail account and share it from their home computer. The big problem is, that the data is moving around between their protected and external unprotected systems. They also agree, that they have no system to detect if an attacker is already in their network and is stealing data. Until now, their where only focused in protecting their systems and not their user identities and business data.
This means, that the old tools to secure the infrastructure with clear boundaries are no longer the only way to go and have to be extended with new security solutions. In this picture, you will see the situation like it is in many companies:
The security officer and the IT personal is aware of these problems but don’t know, how to respond to these new cyber threats’.
Start protecting your Environment
Now your question will be, how can I change this situation?
- Detect if an attacker is in your network
Start using Microsoft ATA. This is completely an on-premise product. My fellow Mirko has created a good video, which explains the usage of ATA. -
Protecting your data
Microsoft has created a framework, which will help you to improve this situation easily. An immense help is Azure Information protection, which can encrypt data on a per file basis. With this technology, the file will be protected in every location. Even better, you can also revoke the access to it, limit the permissions like printing or specify the people, which have access to it. In my next Blog post, I will show you how you start the journey to stop data theft. A normal implementation will follow these steps:
If you would like to read more about Azure Information Protection, then read my next blog post and follow me on twitter @ThomasKurth_CH.
- Microsoft Sentinel ASIM Parser demystified - March 31, 2024
- Enhancing Network Security Insights with IDS/IPS of Ubiquiti Dream Machine Pro and Microsoft Sentinel - March 10, 2024
- Ubiquiti Dream Machine Pro Logs to Microsoft Sentinel - February 6, 2024
5 Comments
Protect your Data – Stop losing control over it – Data Classification - Workplace Management Blog by baseVISION · May 2, 2017 at 18:31
[…] the Classify and Label Steps of our Information Protection Process. The process is explained in my previous blog post. The first thing if you would like to protect your documents, is to define which classification you […]
Protect your Data – Stop losing control over it – Protection - Workplace Management Blog by baseVISION · May 4, 2017 at 13:40
[…] the last posts, you saw how to start the implementation and how to classify and label your documents. This doesn’t protect the content of the […]
Protect your Data – Stop losing control over it – E-Mail Service - Workplace Management Blog by baseVISION · May 11, 2017 at 16:52
[…] Start the Information Protection Process […]
Protect your Data – Stop losing control over it – Monitor and Respond - Workplace Management Blog by baseVISION · May 15, 2017 at 06:49
[…] Start the Information Protection Process […]
Enterprise Remote Access Evolution with Microsoft EMS – Notes from the field - Workplace Management Blog by baseVISION · July 29, 2017 at 20:36
[…] Azure Information Protection – Protect Date wherever they are, not only on the encrypted notebooks.AIP allows you to encrypt and limit access your document based on Labels, which can automatically be applied or manually chosen by your users. The documents can be opened with all newer Office versions. Therefore, most of the external recipients don’t need an extra piece of software, like with other solutions. So, it is end user friendlier than most of the other solutions. Read more about it in one of my earlier blog posts. […]