Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

How Can You Protect Yourself from Data Leaks?

Published 11/03/2021

How Can You Protect Yourself from Data Leaks?

Written by Romain Coussement, Cloud security expert at Fortica

Leaks of sensitive data were prominent in the news in the summer of 2019 and the months that followed. One after the other, large companies saw their customers’ sensitive data exposed on the Internet. How can you mitigate the threat of data leakage? Solutions are specifically designed to ensure that data stays inside your organization.

If you’ve recently migrated to a cloud computing environment such as Office 365 to adapt to the new reality of remote work, you may be fearful that sensitive data could be disclosed outside your organization. This is when a data loss prevention (DLP) solution comes into play.

Data Loss Prevention (DLP)

There are various products for data loss prevention (DLP), some of which are more effective than others. On the other hand, an effective, properly configured DLP solution will allow you to identify sensitive data in your documents and prevent it from being copied, even on USB sticks. A DLP solution is integrated with Microsoft 365 and offers several features:

  • Labelling sensitive information
  • Preventing accidentally sharing confidential information
  • Monitoring and protecting information even on users’ workstations
  • Educating employees by notifying them that they have misused the information
  • Investigating potential data breaches

Azure Information Protection (DLP) for Microsoft 365

Azure Information Protection (AIP) is software that allows you to categorize information by using labels that are applied (automatically or manually) to your documents and emails. Before labelling the information in AIP, the administrator must define which information is sensitive and how sensitive it is. That way, documents that have a sensitivity label, for example, would only be accessible to the organization’s members, making it impossible for any other person to view them. Moreover, if an email containing confidential information leaves your cloud computing environment through Outlook, it could be automatically encrypted to prevent data leakage. Azure Information Protection also provides the ability to apply retention labels that will help you prevent important documents from being accidentally deleted. Documents that must be kept in archives for a number of years can thus avoid being deleted. Similarly, retention labels can block changes to documents that are considered final, such as signed contracts. This feature therefore guarantees your documents’ long-term integrity. If some documents do not need to be kept for the long term, AIP also makes it possible to delete them automatically when the retention period has expired. The Office 365 DLP solution is limited to Microsoft 365 apps. For an overview of all the information that users send over the Internet, it is necessary to acquire a solution such as a CASB (cloud access security broker).

The CASB

A cloud access security broker (CASB) is software located between cloud computing service users and cloud computing applications. It monitors all activities and applies security policies in the cloud. A CASB can offer various services, such as monitoring user activity, warning administrators of potentially dangerous actions, preventing data leaks, and preventing the operation of malware. Microsoft offers a CASB-type solution: Microsoft Cloud App Security (MCAS). This solution dovetails with Azure Information Protection and provides the following features:

  • Visibility: Detect all cloud services used by your organization; assign a risk level to each; identify all third-party users and applications that can log in to your environments.
  • Data security: Identify and control sensitive information (DLP); manage data based on classification labels.
  • Protection against threats: Provide access control that can be adapted to users and their context; provide an analysis of user and entity behaviour (UEBA); limit the risks of malware.
  • Compliance: Provide reports and dashboards to support cloud governance; support efforts to comply with data residency and regulatory compliance requirements.

By making proper use of data categorization and DLP and CASB features, you will achieve a high level of security for your cloud-hosted information.

Share this content on your favorite social network today!