It’s Aidan Finn from MicroWarehouse again, and this time I’m going to talk about securing a critical asset – your data. One of the reasons that GDPR exists is because companies weren’t doing a good job at securing personally identifiable information (personal data). There was (and still is) a constant run of stories about unencrypted laptops being lost/stolen or unencrypted credit card details being hacked – and thousands of people are being affected. What is happening is that modern threats are completely bypassing security approaches from the 1990s.
For example, a disk in a laptop might or might not be a company asset, but what the company should care about is the data that might be stored on the disk. If an employee uses their personal laptop to download and use company data, then there’s a probability that the disk is not encrypted. You can have all the rules in the world, and have policies documented in company handbooks, but data is like water; water always finds a way to leak, and data will too. But what if the only people who could open/read the file or email were those who were authorised to, no matter where that file or email went?
Azure Information Protection (AIP), which used to be called Azure Rights Management Services, provides a solution where you can encrypt your files or emails, and you control who can open them and what they could do with them. For example, a pharmaceuticals company could secure prices files so only their sales people could open them. If a sales person handed in their notice, they might be able to send the price files to their email address with the new employer, but once their user account with the old employer is disabled, they will no longer be able to open the files. Or perhaps a sales person could email a price estimate to a customer and put a control on the email, so it could not be printed or forwarded to a competitor. AIP allows you to do these kinds of things using policy templates that can be applied to a document or an email and share the information with any recipient inside or outside of the company – even people that aren’t cloud customers of Microsoft. You can see why interest in AIP has spiked since GDPR came into force last May.
To explain Azure Information Protection and what it can do to secure your data, we have Alexander Solaat Rødland, a Microsoft Valuable Professional, who speaks at many events in Europe and further afield.
Alexander Solaat Rødland
ITpro, MVP, MODE and Technology advisor
The way out of trouble is never as simple as the way in
Schrödinger’s Code – Code that has been written, but not tested, and is in a state of neither working nor failing until it is observed.
Besides my activity for ten years as a journalist and product manager for the Norwegian IT- Magazine ITpro.no, I have also managed to acquired two certificate of completed apprenticeship within electronics and ICT.
As of fall 2015 I have completed a bachelor degree in information science (BASV-INFO), and spring 2018 I completed my degree in Work- and organizational psychology at the University of Bergen, combined they focus on software development and motivational- and organization psychology. In my daytime job at Innofactor I focus on user experience and the interrelationship of humans, computers and implementation of new technology to peoples life.
I have been awarded with the MVP since 2014 and MODE (Microsoft OneDrive Expert) since 2017.
I have been a frequent speaker at various local seminars, TechDays Sweden, at Nordic Infrastructure Conference (NIC) and Ignite.
It’s critical that IT pros and IT security officers reconsider how they secure data. Disk encryption just isn’t the way – the data itself must be secured. If you attend this session at Cloud Camp 2018 you will learn how Azure Information Protection provides this level of granular security for files and emails on the device and server.