Avoiding Data Leaks – Prep Your Cloud

When it leaks, it pours.

It’s not about beating records on this one, but when it comes to data breach, last year was known as the year of; but didn’t come close to the 2013’s incident, which included Yahoo’s exposing of some three billion credentials. In an on-premise or cloud-based ecosystem, having to remedy these accidental leaks could be costly (eh, about $3 million). And as data leaks (or loss) eventually results to breach – detection & prevention grows as a severe practice, especially in mid-market businesses. So, if you’ve got a business to run, consider the practical perspectives (but not the obvious) and take a good look at how you’re distributing permissions, technology features, & time spent on awareness & training.

User Permissions: Setting the rule!

Sensitive information travels everyday – and if you’re the gatekeeper of someone’s information, financial activity, etc.. – it’s essential to identify data that needs to be protected & what key restrictions are used when the deploying such information. Employers should seek ways to assign certain application privileges (or features) to their employees. Setting role-based permissions & capabilities are imperative on levels of read/write access, encryption, & sharing. A quick example of this, would be the limited access feature on SharePoint & OneDrive – where the Azure platform plays a fitting role around conditional access. Restrictions are done by granting browser-only access to the user when downloading, printing, & disabling sync. With no loss in productivity, rest assured that when they sign off, no other data travels thereafter.

Another data leakage prevention tool that employers may not be aware of, is the Windows feature known as, The Windows Information Protection (WIP). Built right into Office 365, it has various types of protecting organizations from leaks; like carefully monitoring or preventing: drag/drop, copy/paste, removable storage (like USB drives, etc.) & blocking unrecognized applications (like “non-work” cloud services.) It works hand in hand with Azure’s Information Protection, ensuring that conditional access (on managed devices) work in the background to obtain & releases data securely.

Minimize Cost: Beating the inevitable

“If backing up is wrong, we don’t want to be right!” Cloud services are proven to be more cost-effective & efficient when it comes to backing up – as data can be restored promptly. Using high encryption methods like Bitlocker, DM-Crypt, & Azure Storage Encryption to name a few – safeguards the infrastructure whether the data stays static or in-flight. But beyond the firewalls, monitoring & secure backups, one should consider some other major layers of data protection. Strategy solutions like Data Loss Prevention (DLP) or Cloud Access Security Broker (CASB), are strong layers that aim to defend content from accidental leaks and/or malicious sharing. An example of DLP, would be if an employee attempts to forward any business emails outside a business’ domain or even upload a work file to other cloud services that’s not recognized by the company’s environment – permission, denied. And CASB works like a liaison between an organization’s “on-premise” & cloud infrastructure; where it allows the business to further their security procedures beyond the ground.

Another to consider, the Enterprise Rights Management (ERM), synergizes encryption and uses permissions directly into a file, instead of the systems working around it. Whether these files are in flight or at rest – ERM protects the information from inappropriate use. Resulting in protecting emails, documents, & allowing secure collaboration with any device. Sounds intricate and all, but a smart avenue to think about when tuning-up your infrastructure, or it’s $2,500 per day – that’s if you’re lucky to find the best recovery engineers (tough love).

It also Starts with Training

Employees should periodically be trained & educated regarding their roles, better yet their responsibilities in protecting data. This involves establishing clear practices and regulations that encourages data protection; and making employees aware of damages helps identify & avoid these risks. So, can your employees spot various phishing emails? Are they still using Excel to store passwords & other information? There’s no such thing as too much education – and awareness on how to prevent leaks is about setting rules & guidelines when it comes to releasing sensitive data; more importantly, knowing the consequences when a breach happens.

Inquiring about data leak/recovery, data information protection? Have our FSi (Office 365 & Microsoft Azure) Cloud Experts assist in building a safer, more optimal business environment for you.