How Microsoft Purview and Priva help simplify data protection
Credit to Author: Christine Barrett| Date: Tue, 18 Oct 2022 16:00:00 +0000
At Microsoft Security, we understand how challenging it is to protect your most important asset, your data, in today’s threat landscape. You’re faced with evolving challenges—from empowering employees for greater productivity to eliminating gaps in your infrastructure—all while trying to protect your data across a hybrid work environment. And in the current economic climate, getting maximum value from your existing security investments is paramount. That’s why, in the past year, we’ve further enhanced our data protection and data governance products to better fit your needs. The results include two integrated and powerful solutions: Microsoft Purview and Microsoft Priva.
At this year’s Microsoft Ignite event, I co-hosted a special presentation on how your security and compliance teams can better manage risk, govern your data (wherever it resides), and maintain compliance. We also shared new product updates and insights to help your team get the most from your Microsoft security investments, as well as announced an exciting new capability that integrates Microsoft Purview natively within Adobe Acrobat. This type of extensible, multicloud, and multiplatform protection allows you to get more from the tools you already have. In this blog post, we’ll look at some of those scenarios where Microsoft Purview and Priva can help simplify data governance across your enterprise today.
New Adobe and Microsoft Purview integration delivers seamless security
Microsoft Purview’s mission is to help customers protect their entire data estate: that includes non-Microsoft environments as well. At this year’s Ignite presentation, we demonstrated a new capability that integrates Microsoft Purview Information Protection natively within the desktop version of Adobe Acrobat—accessible directly from the Protect tool. That means users now have the ability to apply and edit information-protection labels and policies directly to PDF documents. This integration brings the same classification, labeling, and protection already available in Microsoft Office file formats to PDF.
Over the next few months, we’ll continue to add new features that enhance support for PDFs in Acrobat add-ins, as well as for Acrobat Export PDF and mobile versions.
Streamlining data protection
Data is the lifeblood of your organization. It provides crucial insights that give your business a competitive advantage and empowers your employees to do more. For that reason, it’s critical to protect your data at every stage—from creation to storage—both from external threats and internal risks. That requires creating a layered defense strategy.
The first layer of defense: Discover and understand the sensitive data within your organization. You need to know where your data is, who’s accessing it, how it’s being shared and stored, and where it’s traveling. Considering that data storage is forecast to increase at a compound annual growth rate of 19.2 percent from 2020 to 2025, gaining complete visibility over your data estate is crucial.1 At this first line of defense, Microsoft Purview Information Protection helps you classify and label your data across your entire data estate, both on-premises and in multicloud environments. By providing a single pane of glass to track and manage your data, Microsoft Purview helps to improve your team’s efficiency while tightening data protection.
Recent updates for Microsoft Purview Information Protection:
- Improvements in built-in features for Office that enhance visibility and encourage user adoption of sensitivity labels (such as the sensitivity label bar in Microsoft Word, Excel, PowerPoint, and Outlook; also, PDFs created in Office now inherit the source file’s sensitivity, encryption, and content marks).
- General availability: Co-authoring on documents protected with Microsoft Purview Information Protection is now generally available for Word, Excel, PowerPoint, and Office Mobile applications on Android and iOS devices.
- Preview: 42 new credentials for sensitive information that enable organizations to detect a wide range of digital authentication types (also known as “secrets”), such as user credentials, default passwords, and API and token access keys for Microsoft Azure, Amazon Web Services (AWS), and Google cloud resources.
- Preview: Server-side auto-labeling support for more than 24 new pre-trained, out-of-the-box classifiers that can be used to quickly discover and auto-classify more than 100 types of sensitive content in categories such as intellectual property (IP) and trade secrets, healthcare, operations, financial information, and HR-related information.
Lowering insider risk
Data breaches arising from insider actions are estimated to cost businesses an average of USD7.5 million annually. For that reason, it’s important to understand all data access and usage patterns within your organization. What does normal activity look like? Which types of activity should be flagged as risky? Understanding internal data usage can help protect against compliance violations and worse, including IP theft, insider trading, confidentiality violations, and other damaging outcomes.
The second layer of defense: Manage data security risks within your organization. Working in tandem with a holistic approach to managing internal risk, Microsoft Purview Insider Risk Management identifies potential risks and enables security teams to quickly take action. By bringing together the right people, processes, training, and tools, organizations that approach insider risk holistically are more likely to emphasize user privacy, foster collaboration, and use positive deterrents such as training and feedback loops as part of their data-protection strategy. The one-click analytics report allows you to generate aggregated, de-identified insights on risky activity over the past 48 hours—before you’ve even set up your first policy. Insights include the percentage of users who have performed exfiltration activities, such as downloading sensitive data, with an additional breakdown by activity type. To learn more about potential risks within your own organization, view the new Microsoft insider risk report.
All names in insider risk alerts are pseudonymized by default. This helps your data security team take a privacy-first approach. By clicking on a specific alert, you’ll be able to see a summary of all of the risk factors. Sequencing allows you to correlate across activities that involve the same files. This correlation can help your security team understand the possible intent behind the activities so you can reduce time to action. For example, you might see that just before a user submitted their resignation, they downloaded and exfiltrated confidential files, then deleted the files from their device to cover their tracks. Understanding this sequence of activities helps your security team decide when and how to take action.
Using sequences as triggers for your policies improves the signal quality of your alerts and focuses policy detection on users who have performed multiple-stage sequences. Priority Content Only Scoring, configurable in the policy wizard, empowers your team to focus policy detection on the most sensitive content. All of these insights help you better understand potential risks, so you can set up policies that meet the unique needs of your organization. With this information, analysts in your organization can take appropriate actions to help make sure users remain in compliance.
Recent updates for Microsoft Purview Insider Risk Management:
- Preview: Enhancements to triage and detection capabilities, including new abilities to customize a security trigger in the “data leaks” policy to surface when a user performs a sequence, to create policies with sequences without any other required underlying policy indicator selections, and fine-tune security policies directly from the alert review experience.
- Preview: Information type and trainable classifier exclusions, which means that actions related to file activities on the endpoint, SharePoint, Microsoft Teams, OneDrive, or Exchange will not generate alerts if the excluded sensitive information type or trainable classifier is matched with the content of the activity performed by the user.
- Preview: Ability to prioritize alerts for potential high-impact users with new risk booster score capabilities. Alerts for users found to have a potentially higher impact will have a higher priority alert in the dashboard, based on the frequency of accessing higher sensitivity content, like sensitive information types, labels, or priority content, compared with others in the organization, and if they are a leader in the organization based on Microsoft Azure Active Directory (Azure AD) configurations.
Protecting against data loss
The third layer of defense: Incorporate an integrated, in-depth approach to prevent data loss or unauthorized use. Among business leaders who responded to a 2021 survey, 62 percent felt that their companies should do more to protect customer data.2 Microsoft Purview Data Loss Prevention (DLP) provides a balance between protection and productivity, ensuring the proper access controls are in place and policies are set to prevent actions such as improperly saving, storing, or printing sensitive data.
Recent updates for Microsoft Purview Data Loss Prevention:
- Preview: Ability to create groups of printers, removable storage, network share path, and sensitive sites, as well as assign different restrictive actions to each group. As an example, you will be able to block the printing of sensitive information on all printer groups and allow printing on your corporate printers.
- Preview: Ability to configure complex policy rules using “AND/OR/NOT” associations and create nested groups.
- Preview: Visibility into contextual evidence, including sensitive content, surrounding characters, and other metadata on a DLP policy match on endpoint devices.
- Preview: Improvements in the speed of detecting and classifying sensitive content shared on Teams chat and channel messages to enforce DLP policies.
- General availability: Ability to detect the presence of password-protected files on endpoint devices and configure specific restrictions for these files.
These three components—Information Protection, Insider Risk Management, and Data Loss Prevention—form an integrated, holistic data-protection strategy that helps keep your organization’s data safe, wherever it lives.
Automating privacy
As more countries enact modern General Data Protection Regulation (GDPR) type regulations, consumers are demanding better controls over their data. This has spurred more organizations to move from a compliance-driven approach to privacy toward a more human-centric one. Toward that goal, Microsoft Priva currently offers two products to help manage privacy:
Privacy Risk Management helps organizations identify personal data and critical privacy risks and empowers employees to make smart data-handling decisions. With Priva, admins can configure a data minimization policy—automatically triggering an email to the data owner—so the person can review and delete unused files right from their Outlook inbox.
Subject Rights Requests help organizations manage requests at scale and respond with confidence. With the new pre-configured templates, admins can quickly create a data export request for a former employee. Once the data is collected, Priva can automatically detect files containing co-mingled personal data or confidential information; then admins can review and redact the data to avoid leakage. With the latest update, admins can now import files outside of Microsoft 365 to leverage this powerful review experience. Learn more about these new updates in this Priva Tech Community post.
Additional product updates
We’re also adding new features and capabilities within other product areas in our Microsoft Purview portfolio. These new features and enhancements will benefit your organization through granular eDiscovery, comprehensive audit controls, more effective data lifecycle management, and easier compliance.
Enhanced eDiscovery for the cloud
- Helping organizations meet their regulatory obligations for discovery, Microsoft Purview eDiscovery (Premium) now supports the ability to discover the exact version of a needed document, even when originally shared as a cloud attachment. This feature is currently available in preview.
- Drive efficiency across eDiscovery processes with improved usability and workflows. To learn more, read the eDiscovery blog post.
New search experience and security controls for Microsoft Purview Audit
- Improved search experience for Microsoft Purview Audit is now generally available and provides the following key improvements:
- Search jobs continue to run, even if you close the browser.
- Completed search jobs are now stored for 30 days, giving organizations the ability to reference and re-use historical audit searches.
- Export up to half a million records in each search.
- Each Purview Audit user can perform up to 10 concurrent search jobs at the same time.
- Given the sensitivity of Audit log data, many organizations want to add additional layers of protection to their data. Customer Key, coming soon to preview, allows organizations to use their own data encryption keys, giving them complete control over access to their data. To learn more, read the Advanced Audit blog post.
Microsoft Graph APIs and Power Automate workflows for Data Lifecycle Management
Microsoft Purview Data Lifecycle Management helps organizations manage the lifecycle of data. You can automatically retain, delete, and store data and records in a compliant manner. This solution delivers on our vision to protect and govern data wherever it lives. We have four exciting releases to tell you about:
- Power Automate integration helps you to customize lifecycle management workflows to meet your organization’s unique requirements. Now in preview. To learn more, read the Data Lifecycle Management blog.
- The ability to apply retention labels to files in Microsoft Teams enables users to apply retention and deletion settings where they do their work—in the Files tab of a Teams channel. Now generally available.
- Our new feature to find and retain cloud attachments helps admins undertaking investigations, as well as helping to meet financial services industry regulations. This feature keeps and associates the version of a file shared in a Teams message or email for later retrieval through eDiscovery (Premium). Now in preview.
- Microsoft Graph APIs for Records Management help organizations create new retention labels and manage event-based retention (now in beta). This release is our first round of APIs, with more coming in 2023.
Enhanced compliance and data residency
Microsoft Purview Compliance Manager helps organizations simplify compliance and reduce risk. It translates complex regulatory requirements into specific controls, allowing organizations to constantly assess, monitor, and improve their compliance posture—all while saving time and money. So, what’s new in Compliance Manager?
- New templates: Easily translate more than 350 regulations into tangible actions for your organization to improve its compliance posture.
- Continuous assessments: Last year we announced the ability to eliminate blind spots by adding continuous testing for technical controls. Today, we’re excited to share that we’ve added Microsoft Priva and App Governance as our newest first-party solutions.
More to come
I’d be remiss to not talk to you about some of the exciting capabilities we have coming up. For Microsoft Purview, you will start to see integrations across Microsoft 365 and Microsoft Azure to help increase the visibility of your data and easily automate data classification. For Microsoft Priva, you’ll soon see more multicloud privacy management capabilities that help you automate privacy controls and strengthen your privacy program. To learn more about potential risks within your own organization, read the new Microsoft insider risk report. Also, be sure to read Microsoft Security Corporate Vice President of Compliance, Identity, and Management Vasu Jakkal’s blog with highlights from her keynote address and insights into her vision for the Microsoft Security family of products and beyond.
Learn more
Learn more about Microsoft Purview and Microsoft Priva.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
1Volume of data/information created, captured, copied, and consumed worldwide from 2010 to 2020, with forecasts from 2021 to 2025, Statista. September 8, 2022.
2Data privacy is a growing concern for more consumers, Lance Whitney. August 17, 2021.
The post How Microsoft Purview and Priva help simplify data protection appeared first on Microsoft Security Blog.