Securing Your Organization's Sensitive Data: Why Knowing What You Have is Key

Protecting organizational data is important for compliance requirements and keeping the bad guys out, especially with the recent increase in data breaches. However, we cannot protect what we don't know. Hence, the importance of having tools that will enable you to know and understand the data in your organization, whether there is sensitive information and where it is stored. Employees frequently share sensitive data, with some storing this data in their personal storage and the organization's central storage location. It is important to understand what type of data is stored in these different locations, who has access, and what they are doing with this data.

Using a combination of Microsoft Purview Content Explorer, Information Protection Scanner and Insider Risk manager will provide more understanding on how sensitive data is used within the organization and where exactly this data is located. The content explorer continuously scans your Microsoft 365 environment and gives you a list of locations containing sensitive information or specific sensitive information types in Exchange Online, SharePoint, OneDrive, and Teams and thus getting to know the over exposed sensitive data. This service can be accessed by navigating to Compliance portal(compliance.microsoft.co.) then under data classification you select content explorer to explore the location results presented there.

Microsoft Purview Content Explorer can only scan the data stored in your online environment. In most cases, we might be having some on-premises file shares that is also used within the organization to store data. In this case, Microsoft Purview Information Protection Scanner can be used to discover the data sitting in your on-premises repositories, unlike the agentless scanning for the cloud environment, discovering sensitive data in your on-premises environment will require installing the scanner agent in one of your domain joined servers. This will enable you to scan all the on-premises repositories and identify where sensitive data is located. This can also be helpful when you have to understand your data landscape in situations where you want to migrate your data from your on-premises repositories to cloud considering cross border data transfer and privacy regulations.

Having understood your data, Microsoft Purview provides tools to enable you understand what your users are doing with the sensitive data. The Activity Explorer service gives you an overview of what your users are doing with your sensitive data, this can be activities like copying sensitive data to cloud to printing sensitive data. The activity explorer acts as central reporting venue to observe all these different types of activities.

Microsoft Purview Insider Risk Management also comes in handy in understanding what your users are doing with organization data. The Insider Risk analytics service runs in your environment and analyzes potential malicious activities from how your users are interacting with organization data. This is essential in assessing potential data exfiltration vulnerabilities within the organisation.

You can setup the service to continuously monitor your environment, identify risk based on the user activities and recommended policies to mitigate the identified risk.

With these insights about your organization data, your gain in-depth understanding of your data and how users are interacting with this data. This forms a basis for the next step in your data protection journey as with this understanding we can now come up with proper protective measures such as encrypting sensitive data and creating policies to prevent data loss.