Microsoft Uplevels Data Protection With Azure Information Classification and Labeling Features
In our KuppingerCole report “Exploring the Microsoft Azure Information Protection Landscape” (subscription required) we describe Microsoft’s Azure Information Protection and it’s industry impact.
Azure Information Protection Summary
Clients’ data protection challenges span multiple technologies, including data leakage prevention (DLP), encryption, access control, digital rights management (DRM), and security monitoring. Through Azure Information Protection (AIP), Microsoft has taken an integrated approach to the problem by offering a holistic set of Classification, Labeling, and Protection capabilities – albeit primarily for Office, Windows, Azure, and other Microsoft products at this point.
Microsoft’s information protection capabilities represent the merger of functionality acquired from a company called Secure Islands with Microsoft’s pre-existing Rights Management Services (RMS). Also, the Microsoft Cloud Application Security, a CASB product acquired from Adallom, is an important policy enforcement point for data protection. The figure below displays multiple Microsoft solutions working together.
Microsoft’s data protection products are a work in progress that increasingly delivers an effective user experience across Office documents, Office emails, and PDFs. According to Microsoft, those file types comprise an estimated 70%-80% of the unstructured data that enterprises use.
Together, the products create a viable user experience for data classification and labeling of supported documents and emails. They enable sensitive data discovery, integrate data protection capabilities throughout Microsoft’s environment, and are gaining third party support from Adobe and other vendors. Microsoft is working to improve core data protection solutions across all its products on supported platforms and versions as well as into 3rd party cloud environments.
Microsoft’s classification and labeling models are on their way to becoming a de facto industry standard. Although most enterprise clients will require additional enterprise DLP and other data protection solutions besides Microsoft’s, we recommend clients invested in Office365 and Azure consider adopting AIP as part of their data protection strategy.
For more information, see our other Security Architects Partners data protection posts, and Microsoft’s AIP landing page. Data protection is one of Security Architects Partners’ core subject matter areas, and we’ve helped many customers with security or identity assessments and architecture improvement programs in these areas. Please contact us with any questions and/or to explore opportunities.