[vc_row content_placement=”middle”][vc_column width=”2/3″][vc_wp_text]
[/vc_wp_text][/vc_column][vc_column width=”1/3″][vc_wp_text][xyz-ips snippet=”metadatatime”]
[/vc_wp_text][/vc_column][/vc_row][vc_row content_placement=”middle”][vc_column width=”2/3″][vc_column_text]
Nowadays (and usually) the biggest challenge in Cybersecurity is not just to protect the organization from outsider threats, but to protect them from themselves. Internal threats can come in many shapes and sizes, from bypassing internal protection elements for browsing prohibited content, to deliberately sabotaging systems and leaking data. In this post, I will talk a bit about measures against data leakage.
The 50 shades of data leaks
Usually there are two root causes of data leaks: intentional, when an employee leaking and/or stealing data from the organization (to competitors or for whistleblowing) on purpose or unintentional, when the employee doesn’t know the potential risks of sharing or copying data, but doing it anyway. To fight against these leaks, organizations can implement data security policies (like prohibiting USB devices and Social sharing) and Data Leak Protection/Prevention systems. Usually the thing to do is to combine these two worlds and also use encryption for the data.
DLP tools within Azure
As Azure is not just another cloud provider, but provides tools for both traditional office tasks and collaboration, it has to also provide security measures to protect both the employees and the organization’s data. To do this, Microsoft introduced AIP (Azure Information Protection) and sensitivity labels for data classification (MS also introduced volatility, so when you are reading this, there is a slight chance, that they are called different names) and also MCAS (Microsoft Cloud App Security), what is a cloud security broker.
What happens when a Cloud App Security Broker marries with a DLP?
Security improves. As the Security Broker constantly monitors and understands cloud applications, it can be a very efficient tool regarding data leaks to different cloud sharing vectors (At the moment, it supports Box, Sharepoint, Dropbox and Onedrive, for the up-to-date list of app connectors, go to: https://docs.microsoft.com/en-us/cloud-app-security/enable-instant-visibility-protection-and-governance-actions-for-your-apps), by enabling the administrators to create automated policies regarding the sharing of the files with different label and confidentiality settings. It also enables to do cyclic searches on these platforms, to find files, which are already shared, with the same labels (basically threat hunting, but with DLP).
How to enable it?
If you have both MCAS and AIP licenses and your labels are set, then just go into MCAS, select settings and within setting, slick on “Azure Information Protection”. After it’s opened, just click on the checkbox according to the below screenshot and you are ready to go. Yes, it’s that simple.
[/vc_column_text][vc_empty_space][vc_single_image image=”30566″ img_size=”full”][vc_empty_space][vc_column_text]After it’s enabled, you can see the discovered labels and files under “investigate/files” and advanced filtering, where you can create various queries regarding these.[/vc_column_text][vc_empty_space][vc_single_image image=”30567″ img_size=”full”][vc_empty_space][vc_column_text]
This is for the investigation and reporting, but if you want to create real time alerts regarding shares, you can create a policy from these labels.
To do this, create a new file policy, where you can set up the different AIP labels and the actions in the connected applications.
[/vc_column_text][vc_empty_space][vc_single_image image=”30568″ img_size=”full”][vc_empty_space][vc_column_text]
As you can see from the above, it’s really easy to have another layer of protection around your organization, especially if you have AIP already set up and running. Just tick a box and new features are coming.
It’s a really nice and easy set up, but it’s a lot harder fight to ensure that, the employees are using these labels as intended and marking the documents as they are needed. It’s wise to create some trainings and supervise the users carefully in the first time, as every chain is as strong as its weakest link.