Secure information sharing is always a challenge, and Microsoft thinks it has the right solution for organizations in highly regulated industries (e.g., financial services, healthcare).
“Double Key Encryption (…) uses two keys to protect your data—one key in your control, and a second key is stored securely in Microsoft Azure. Viewing data protected with Double Key Encryption requires access to both keys. Since Microsoft can access only one of these keys, your protected data remains inaccessible to Microsoft, ensuring that you have full control over its privacy and security,” the company explained.
“You can host the Double Key Encryption service used to request your key, in a location of your choice (on-premises key management server or in the cloud) and maintain it as you would any other application.”
This Microsoft enterprise security solution allows organizations to migrate sensitive data to the cloud or share it via a cloud platform without relying solely on the provider’s encryption. Also, it makes sure that the cloud provider or collaborating third parties can’t have access to the sensitive data.
Microsoft Endpoint Data Loss Prevention
“Data Loss Prevention solutions help prevent data leaks and provide context-based policy enforcement for data at rest, in use, and in motion on-premises and in the cloud,” Alym Rayani, Senior Director, Microsoft 365, noted.
“Built into Windows 10, Microsoft Edge, and the Office apps, Endpoint DLP provides data-centric protection for sensitive information without the need for an additional agent, enabling you to prevent risky or inappropriate sharing, transfer, or use of sensitive data in accordance with your organization’s policies.”
Organizations can use it to prevent copying sensitive content to USB drives, printing of sensitive documents, uploading a sensitive file to a cloud service, an unallowed app accessing a sensitive file, etc.
When users attempt to do a risky action, they are alerted to the dangers and provided with a helpful explanation and guidance.
Insider Risk Management and Communication Compliance
Insider Risk Management is not a new offering from Microsoft, but has been augmented by new features that deliver new, quality insights related to the obfuscation, exfiltration, or infiltration of sensitive information.
“For those using Microsoft Defender Advanced Threat Protection (MDATP), we can now provide insights into whether someone is trying to evade security controls by disabling multi-factor authentication or installing unwanted software, which may indicate potentially malicious behavior,” explained Talhar Mir, Principal PM at Microsoft.
“Finally, one of the key early indicators as to whether someone may choose to participate in malicious activities is disgruntlement. In this release, we are further enhancing our native HR connector to allow organizations to choose whether they want to use additional HR insights that might indicate disgruntlement to initiate a policy.”
Communication Compliance has also been introduced earlier this year, but now offers enhanced insights and improved actions to help foster a culture of inclusion and safety within the organization.