Prepare for GDPR – Protect Your Most Sensitive Data with Azure Information Protection

Leave a comment

The main objective of General Data Protection Regulation (GDPR) is to protect all European Union (EU) citizens from privacy and data breaches. This regulation impacts every organization located in the EU and it also applies to organizations located outside of the EU if they offer goods or services to EU data subjects. To ensure that there is proper security of such data, you should consider implementing solutions and processes that enable you to identify, classify, and protect data regardless of where it resides.

My most recent work has provided me with an opportunity to work with Microsoft Azure Information Protection (AIP) in Office 365. This technology provides persistent data protection, by classifying, labeling, and protecting documents and emails. In my previous posts, Classifying Data with Azure Information (AIP) – Introduction and Classifying and Protecting Data in Office 365, I provided an overview of AIP including descriptions of labels, how they are created, and how to classify your documents and emails. Additionally, Azure Rights Management (Azure RMS), the protection technology used by AIP, allows for encryption and authorization, ensuring users must successfully authenticate to access the documents and emails.

What are labels?

In AIP, a classification label is used to identify data based on its level of sensitivity and the impact to your business.  Most common sensitivity levels are categorized as restricted, confidential, official use, and public.

Unified Labeling and Protection

If you’ve worked with Office 365 and Azure Information Protection in the past, you may have noticed that there are two different technologies where labels can be created in Security and Compliance Center and Azure portal; this caused quite a bit of confusion of when to use which technology. Microsoft has been working towards providing a more consistent classification, labeling, and protection model that will be used across Office 365 and AIP.

The consistent protection model Private Preview will start soon, no announcement has been made as to when this will be generally available. The consistent labeling model will help ensure that sensitivity labels are recognized across Azure Information Protection, Office 365 Advanced Data Governance, Office 365 DLP and Microsoft Cloud App Security.

The following images show one central location where a label can be created, protection can be configured, and a retention policy can be applied.

Automatic Labeling (Classification)

The ability to automatically classify data is a critical part of helping organizations achieve GDPR goals. Azure Information Protection has 80+ built-in sensitive information types that can be used to detect and classify your data. Microsoft is working on releasing a GDPR template which will include additional information types such as addresses, telephone numbers, and medical information to help detect and classify personal data relevant to GDPR. This new sensitive information template will make it simpler to detect, classify, and protect GDPR related personal data.

Closing

The European Union’s General Data Protection Regulation (GDPR) will be enforced on May 25, 2018. Organizations can be fined up to 4% of annual global turnover or €20 million for breaching GDPR. If your organization collects, hosts, or analyzes personal data of EU residents, you should not delay in implementing solutions to ensure compliance with GDPR.

Advertisements

Microsoft Information Protection (MIP)

Leave a comment

While I’m at Microsoft Ignite in Orlando this week, many new announcements were made including AI integration, mixed reality, and of course, cloud technology across Office 365. My area of focus today is Security and Compliance.

With the current version of Azure Information Protection, you can create an AIP label and apply Rights Management to classify and protect data. In order to apply retention to data, you would need to access Security and Compliance Center, create label and a retention policy.

Microsoft announced a new product called Microsoft Information Protection (MIP). This new product consolidates Azure Information Protection (AIP) and Security Retention Labels into one.

Here are a couple of screenshots I took during the sessions I attended.

MIPProtection

MIPVisualMarkings

As you can see from these screenshots that you can apply protection and visual markings to documents from Security and Compliance Center where these features are only available in Azure Information Protection Portal today. For those who have already created labels in Azure Information Protection, no worries, they will automatically synchronize to MIP, so you do not need to recreate them.

Other new features include event based retention where you can associate specific events, e.g. employee termination, contract expiration, etc. when configuring the retention settings.

This screenshot shows the roadmap of what will be available this year and next.

MIPRoadmap

I will continue to share as I learn more about Microsoft Information Protection product.