Why labeling data is the way to go

Security is /has been booming for a while now. Everywhere you read about the amount of data being leaked. Now just yesterday a contractor named Deep Root Analytics put a database online with 198 million potential voters open to download for the public on an Amazon S3 storage server. Well that person will have the worst day of his or her life. 

 Is this an uncommon thing? Well no, people are leaving data everywhere. We are very sloppy with our or the data of someone else. USB sticks, phone or laptop stolen, e-mails with data, We dump data everywhere and it's scary. In this article I'm going to talk about what my solution would be to prevent any harm being done after a data breach.

Methods

Let's start by just going through some possible solutions. Not just talking about the data itself but also the identity and the devices that a company uses.

  1. Lost or stolen credentials
    2. Try using Multi factor authentication (MFA) to enhance the security of the identity. You could set it up for a certain area or if it is suspicious behavior. Do people hate MFA? Sure! But from an security perspective it's a quick win and enhances security by far. What is by far the weakest link in the security chain? Exactly PEOPLE!

  2. Software not allowed or intruder detected
    3. To manage the mobile devices in your company use Intune. To detect an intruder you can use the Office 365 Advanced Threat Protection (ATP).

  3. Lost or stolen device
    4. To manage the mobile devices in your company use Intune. To protect the content on the device you can encrypt the data on the phone using a tool like bitlocker.

  4. Protect BYOD (Bring your own device)
    5. A phone that has been introduced by an employee with the company knowing can be dangerous because you don't know what Apps are running on it and if it is using a secure e-mail client for example. To fix this issue you can use the Windows 10 AAD join or the Device registration feature in Intune

  5. Hacker attack network
    6. With Azure security center you can prevent attacks by using policies. Use OMS Security to monitor all the VM's you are running to see their security status (malware, system updates)

  6. Sharing data with internal and external users
    7. To prevent data going out into the world without enough protection you can use Azure Information Protection (AIP). I will talk why this is the way to go a little further on.

  7. Making users aware of the risks
    8. Use DLP (monitoring or notifications) to warn users of the security risks they are taking. Let them get a notification that they are sending credit card information or someone's personal files.

Labeling data

I don't like a data breach anymore than you do but I'm not going to be able to prevent Hackers from getting to my data so I rather take the standpoint of "I'm going to get breached". I know Hackers are going to find a way to my data one way or the other so why not encrypt the data so the hacker can't read it once it is obtained. Azure Information Protection (AIP) is the way to go here. Read my blog on AIP here

So AIP gives you the possibility to label going around on your Office 365 tenant. Are users going to put the labels on the data? Some. Most won't do it except if you make it required. An other way to make sure a document is labeled is by defining rules for when a document should be labeled and when not. Set this up as a rule in AIP and each document that follows those rules will get a label applied automatically. 

So once you have the labeling in place you can just relax for a moment. Sure you will still be attacked but at least you know that your documents are secured. Labeling documents or images can give a lot of control only when an identity is compromised you have a risk of the file being opened. 

Till then, relax your in good hands with AIP!

Comments

Post a Comment

Popular posts from this blog

Azure Information Protection (AIP)

Image
Let's start with one of my favorites (till now). Azure Information Protection (or AIP). Just imagine the following example: You are working on your Word document and you want to send this document to an external person. You e-mail that document as an attachment. The person opens this document, reads it and puts it on an USB stick to take with him. The USB stick get's lost! Now the document can have fallen into the wrong hands! Now what? OK this is a little bit of a roman but hey it could happen! Active Director Rights Management  First let us go back in time to when AIP didn't exist and there was  Active Directory Rights Management Services .  This was a server role that could be installed on Windows Server 2008 R2, it exists since Windows server 2003! Back then it was called RMS. The RMS client is available  from Windows 2000 and later. So what does RMS do? To explain in simple English: Information with RMS on it has certain policies with it  that ...
Read more

Tiles modern UI

Image
Back in SharePoint 2013 Microsoft introduced "Promoted links" a feature which enabled users to create tiles quick and easy without any custom code. Since then I've seen Promoted links being used a lot of ways, some better than others. However creating tiles with an image in the background was always a nasty thing to do. People would use the weirdest images as background to indicate what it was, totally not user friendly. Especially the choice of the color was very "weird" you would have tiles with all sort of colors and images (see image below as an example). Promoted links always had one big problem; Scaling! It's not responsive in a way you would want to have it. Since Microsoft introduced Modern UI they have also introduced the webpart "tiles". Tiles enables the user to create custom tiles within their SharePoint site, quick and easy. Cool features of the Tiles webpart. Tiles are responsive! They resize when the screen gets smalle...
Read more

Azure Active Directory (AAD)

Image
In my last post I talked about Azure Information Protection (AIP). It was a way of getting a good sense of security in the Cloud. Today I want to talk about a very important feature in Azure: Azure Active Directory (AAD). AAD is a good place to start with security. Users that are allowed or prevented from logging in is your first line of defense. In preview AAD is not something radically new. Microsoft created the Management portal om the new Azure Portal to make it look and feel like the new portal. At this moment the most users will have to use the old portal for AAD but once the new management portal is out of preview we are good to go! What has changed? So who cares? It's a new Mangement portal for AAD. To be honest nothing has really changed, Microsoft just changed the look & feel of the new portal. 3 versions There are 3 versions of the AAD: Free, Basis and Premium. See the link below to decide what versions of AAD you need. Overview AAD subscriptions F...
Read more