Currently, our interconnected world is creating 2.5 quintillion bytes of data every day.1 Every purchase made, every email sent, every contract signed: all of it gets shared, accessed, and stored. We take it on faith that organizations are doing all this safely; however, data loss is becoming a distressingly common occurrence. A data breach that affected a major cellular provider in 2021 ended up costing the company USD350 million—and that’s just the customer settlement.2 On top of risks to your finances and reputation, tighter regulatory requirements like General Data Protection Regulation3 (GDPR) and the Health Insurance Portability and Accountability Act of 19964 (HIPAA) demand updated processes and controls that show proof of compliance.
Your data protection strategy needs to be accurate, comprehensive, and scalable without hindering productivity. Traditional data protection solutions have typically taken a patchwork approach, often requiring resource-intensive custom integrations that don’t scale well. Worse, this kind of ad hoc solution can expose infrastructure gaps that attackers seek to exploit. In contrast, an integrated approach to data protection provides automated, customizable classification, as well as pre-built regulatory templates and flexible data loss prevention (DLP) policy controls. Microsoft Purview has the added benefit of being already integrated across many industry-standard applications and services, workloads, and digital estates—on-premises, software-as-a-service (SaaS), and in multicloud, multiplatform environments. In this blog post, we’ll hear from some of Microsoft’s customers about their experiences implementing Microsoft Purview Information Protection and Microsoft Purview Data Loss Prevention and how these cloud-based solutions streamlined their security. To experience what holistic data protection can do for your organization, you’re invited to sign up for a free trial.
Protecting data confidentiality for 8.9 million private and corporate customers worldwide is no easy task, but Netherlands-based Rabobank is committed to balancing data protection with customer privacy. To get there, the company’s small security team needed a DLP solution that could help secure the bank’s assets across 42,000 endpoints spread over 23 countries. Their previous solution was oriented to siloed rule sets, meaning it assessed data in terms of a given department. This made it difficult for a multinational organization like Rabobank to maintain rules across multiple areas. ”One of our significant issues is how to stay current with policies that change frequently across multiple regions,” says Edo Immink, IT Lead for Office 365, Rabobank. Without that global view, the security team was left dealing with a complicated rule set in aging infrastructure. “That meant people would have to drop other priorities and rush in to fix things,” Immink explains.
Rabobank was concerned about potential data leakage from USB drives, browsers, and printers. When it was first available in 2020, Microsoft Purview Data Loss Prevention offered a cloud-based solution with built-in controls for managing sensitive information across endpoints and applications—covering Microsoft 365, SharePoint Online, OneDrive for Business, Exchange Online, and Microsoft Teams. This built-in connection with Microsoft apps provided the bank’s security team with the advantage of managing all data policies from one place—the Microsoft Purview compliance portal. Seeing the benefits of pre-integration, Rabobank moved to get maximum value from its Microsoft 365 E5 license by rolling out Microsoft Purview Data Loss Prevention companywide.
Adopting Microsoft Purview Data Loss Prevention also helped Rabobank increase its agility by decreasing the overall number of DLP policies it had to manage. And having an encompassing view of apps and endpoints helped curtail inappropriate data sharing across the company’s global workforce of more than 40,000 employees, many of whom rely heavily on mobile devices. The bank’s security team worked with Rabobank regional security officers to deploy policies that protect data while making it easier for employees to access everything they need. In turn, this freed up time for Rabobank’s IT teams to focus on more high-value activities.
“We benefit from getting our business apps, security, and DLP tooling from the same source because they all work together seamlessly,” says Jacob Kralt, Product Owner for Office 365 Compliance, Rabobank. “And by combining Microsoft Sentinel with Microsoft Purview Data Loss Prevention and the Microsoft 365 platform, we have a holistic view of our ecosystem and can manage it more easily.”
As a leading source of financing in the housing market, Fannie Mae provided USD1.4 trillion in liquidity to the United States mortgage market in 2021. That success wouldn’t be possible without reliably securing millions of customers’ personally identifiable information (PII). And that requires understanding how data is used internally to help prevent exfiltration. Fannie Mae needed a data loss prevention solution that would enable productivity while complying with their strict security protocols and Federal Housing Administration (FHA) regulations. The company’s objective was to create a trust model that helps protect its data from both internal and external risks, all while keeping pace with evolving cybersecurity demands.
As it turned out, the solution was already in their hands—the data protection and governance solutions in the company’s Microsoft 365 E5 license. “We adopted Microsoft Purview Data Loss Prevention because we’re hyper-focused on helping secure data end-to-end,“ says Kiran Ramineni, Vice President of Single-Family Architecture and Cloud, Data, AI/ML, and Infrastructure Architecture, Fannie Mae. Because the company also uses cloud-native Microsoft Azure and Microsoft Defender for Cloud, they gain a full suite of detection controls that prevent sensitive data from being exfiltrated. Fannie Mae’s on-premises environment is also connected to Defender for Cloud.
Ramineni praises the seamless interaction between Microsoft Purview Data Loss Prevention and Microsoft 365 productivity apps, such as OneDrive, noting that the seamless connectivity empowers Fannie Mae’s data scientists to access queries on OneDrive while automatically blocking PII from being moved back to the user’s OneDrive folders. Even better, the integration enhances productivity by allowing non-PII data to be saved back to employees’ shared folders. “Merging Microsoft Purview Data Loss Prevention and Defender for Cloud Apps with our Microsoft 365 apps gives us both sides of the coin,” says Ramineni. “We make it easy for data scientists to do their work, be more productive, and collaborate as necessary with those who are outside of the containment environment, and yet, we help keep data secure.”
Ramineni’s team is looking forward to deepening the company’s security infrastructure by adding Microsoft Purview Information Protection enterprise-wide—across cloud apps, on-premises data repositories, and infrastructure clouds. “We work to evolve as the threat landscape evolves, defending our environment from internal and external actors,” says Ramineni. “The best security is never done.”
Ernst & Young (EY) is one of the largest professional services networks in the world and is considered one of the “Big Four” accounting firms. Operating as a network of partner firms, EY has more than 300,000 employees in 700 offices spread across more than 150 countries. For that reason, the company decided to get the maximum benefit from their Microsoft 365 license by deploying Microsoft Purview Information Protection—safeguarding their worldwide data estate with automatic classification, sensitivity labels, and rights management.
Microsoft Purview’s sensitivity labels include content and container types. Content labels are typically applied to data (such as files and emails) and include protections such as encryption and visual marking. Container labels are applied to repositories (such as SharePoint sites) and include protections such as multifactor authentication and privacy settings. Because Microsoft Purview Information Protection provides controls around the behavior of these labels—how they’re applied and changed, what the defaults are, and who can see them—admins can gain a complete picture of the company’s data using the Microsoft Purview compliance portal.
“Using a container label to differentiate permissions meant users could access a single document and prevent the same users from accidentally stumbling upon confidential documents; a key element of the Microsoft Purview Information Protection solution that we couldn’t get from any other solution on the market,” says Usman Abubakar, Assistant Director of Messaging Foundation Services, Ernst & Young.
Microsoft Purview Information Protection and Microsoft Purview Data Loss Protection provide holistic data protection as part of your Microsoft 365 E5 license, integrating seamlessly with Microsoft productivity apps as well as a broad third-party and partner ecosystem. When integrated with Microsoft Sentinel and Microsoft Defender for Cloud, your business can gain breadth and depth in controlling internal and external threats across your entire digital estate. To experience how Microsoft Purview can start protecting your organization’s precious data today, remember to sign up for a free trial.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
1How Much Data is Created Every Day in 2022? Jason Wise. October 12, 2022.
2T-Mobile reaches $350M settlement in 2021 cyberattack and data breach impacting 76M people, Todd Bishop. July 22, 2022.
3General Data Protection Regulation, Intersoft Consulting. May 25th, 2018.
4Health Insurance Portability and Accountability Act of 1996 (HIPAA), Centers for Disease Control.
The post How businesses are gaining integrated data protection with Microsoft Purview appeared first on Microsoft Security Blog.
Source: Microsoft Security
