A business used to have an easily recognised security boundary. But, with employees becoming ever more mobile it’s harder to protect confidential data, particularly outside the confines of the company walls. Mobile device management solutions, such as Microsoft Intune, address this issue – but organisations still need to send sensitive data outside the business.
Microsoft’s Azure Information Protection (AIP) is a new key component of the Enterprise Mobility plus Security suite (EM+S). Building on Microsoft Azure Rights Management (RMS), AIP helps with the classification, labelling and protection of documents and emails shared outside an organisation.
A business categorises its documents according to sensitivity and labels the classification so that it’s available to other systems to see, and thereby making it easier to protect the data within the document and monitor for potential abuse.
Classification can be done manually by individual users, or on an automatic basis following the creation of rules and conditions defined by nominated administrators – or via a combination of the two with users given suggested recommendations to follow. (Controls are integrated into Microsoft Office applications – including in-product notifications – so users can secure the data on which they’re working with a single click.)
This means that businesses can share data safely not only with co-workers but also with customers, partners and any third parties they choose.
The business determines who has access to the data, and what those who access the data can do with it. For example, restrictions could be defined to allow a document to be viewed and edited, but not printed or forwarded.
In addition, the business’s IT team can monitor and track actions applied to shared data, via a powerful logging and reporting tool, analyse activities and remove access rights if necessary.
“Mobile working, or working across multiple sites, combined with the enterprise’s increasing use of cloud-based applications, such as Office 365 and Salesforce.com, and public cloud platforms such as Amazon AWS or Microsoft Azure, means that company documents can be freely accessed from almost any device, on any network,” said Vuzion’s managing director, Michael Frisby.
“Azure Information Protection helps organisations keep their data protected at all times, regardless of where it is stored, with whom it is shared, and how it is accessed. It is a vital part of Microsoft’s Enterprise Mobility plus Security suite, which puts security first in this ‘mobile-first, cloud-first’ era.”
The AIP client is available for Office 2010/13/16 on Windows 7/8/10. Microsoft has also introduced new AIP apps for iOS and Android to enable businesses to protect email and PDFs. These replace the existing RMS Sharing apps that are in the store, and users will receive an automatic update.