Microsoft's new service to help enterprises secure data

Microsoft has announced a service that will help enterprises protect and secure data when it is in transit between servers and devices. Being termed as The Azure Information Protection Service combines the technology of Secure Islands, which Microsoft acquired six months ago, and Microsoft Azure rights Management (Azure RMS). Secure Islands provided data classification, protection and loss prevention technologies to allow customers to apply data protection to more applications and protect data at each stage of the information lifecycle – from creation to sharing. At that time the technology enhanced the data protection capabilities available with Azure Rights Management Service, Microsoft’s cloud-based information protection solution. During the acquisition, Microsoft had stated that Secure Islands will accelerate its ability to help customers secure their business data no matter where it is stored across on-premises systems, Microsoft cloud services like Azure and Office 365, third-party services, and any Windows, iOS or Android device.

Core capabilities

According to the company, Microsoft Azure Information Protection will use policies to classify and label data in intuitive ways based on the source, context and content of the data. Classification can be fully automatic, user-driven or based on a recommendation. Once data is classified and labeled, protection can be applied automatically on that basis.

Protection and sharing

The classification and protection information will travel with the data, ensuring that data is protected at all times, regardless of where it is stored, with whom it is shared, or if the device is running iOS, Android or Windows. It will help enterprises share data safely with users within the organization as well as with external customers and partners. Document owners will be able to define who can access data and what they can do with it; for example, recipients can view and edit files, but they cannot print or forward.

Control and visibility

The company claims that data classification and protection controls are integrated into Office and common applications and will provide simple one-click options to secure data that users are working on. In-product notifications will provide recommendations to help users make the right decisions. Document owners will be able to track activities on shared data and revoke access when necessary and IT can use logging and reporting to monitor, analyze and reason over shared data. The service will also protect data whether it is stored in the cloud or on-premises, and users will be enabled to choose how the encryption keys are managed with Bring Your Own Key options. Dan Plastina, Group Manager, Microsoft Rights Management, Microsoft, says:
“As our customers continue to digitally transform their businesses, and as the mobile- and cloud-first world continues to evolve, Microsoft has led the way with significant new innovations to enable secure productivity in the enterprise, notably with our market-leading Enterprise Mobility Suite (EMS). This new approach delivers data protection, as well as innovative and intelligent new detection capabilities for security teams, while retaining great productivity experiences for people at work.”
Plastina further adds that protecting employee identity is the foundation of how Microsoft on-premises products and cloud services help you secure and manage devices, apps and data. EMS is a great example of this, and Azure Information Protection is yet another example of this identity-driven approach to security. The announcement comes in the wake of organizations realizing that data protection is imperative in an environment where information travels beyond the boundary of the corporate network and potentially across many devices outside of company control. With this solution, Microsoft claims that, enterprises can prevent data loss and track information at the file level regardless of where data resides or with whom it is shared. Scheduled for public preview next month, Microsoft has also stated that the current Azure RMS customers will continue to use the same capabilities with no change to their service until the General Availability of Azure Information Protection later this calendar year, when they will begin to receive expanded capabilities.