Data Security: Why so much noise around it?
The Internet has converted the entire world into a small village. For years now, organizations have been operating across geographies, exchanging information across and beyond organizational perimeters. However, the New Normal is causing a sea change in how data is exchanged while bringing a latent problem to the forefront – Data Security.
Since the dawn of technology, Microsoft has been along with all the organizations, supporting them with innovative productivity and collaboration solutions. Microsoft has been so integral to so many organizations worldwide that it is natural and intuitive for people to expect them to deliver on data security.
However, the security solution from Microsoft comes as a part of large-scale bundled offerings with Microsoft 365. But, the rising number of data breaches makes one wonder if we are really willing to settle for Microsoft's “by the way” security offering, or is it time to look for a data security specialist?
Let's examine some of the myths surrounding Microsoft's data security offering called the Microsoft Information Protection (MIP)
Myth #1: Microsoft Information Protection (MIP) protects data – all kinds of data
While Microsoft does offer security to data, it has been observed not to be strong enough and easily bypass-able. For example, suppose you send Office documents and PDFs via email using the Outlook application and apply sensitivity labels on them. In that case, MIP protects only the Office documents and not the PDFs.
Additionally, when it comes to cloud security, data protected on desktops and laptops loses all its protection when uploaded to MS Cloud. This leaves the data unprotected and vulnerable to misuse and theft in case the cloud is breached.
Myth #2: MIP is easy to use
Microsoft products have been known for their user-friendliness and interactive UI. However, MIP is a different story because it has been known for not being user-friendly. One of the primary reasons is that MIP is not compatible with all the Microsoft products, let alone non-Microsoft. For example, it is possible to add watermarks (static ones) to Word documents, but one cannot view them if the same documents are accessed via office online.
One of the most significant flaws with MIP is that data owner cannot track their protected email and documents. Even if they want to revoke access for somebody, they cannot do so. They have to reach out to the administrator every time they need to make any changes to the security policies and user access list, which is a considerable bottleneck.
Myth #3: MIP allows secure internal and external collaboration
Cloud collaboration is the most trending technology as of now. Therefore, ensuring that sensitive information remains secure on the cloud, whether shared or at rest, should be the primary responsibility of any data security environment. With MIP, it is possible to protect sensitive information as long as it is on the device (laptop/computer). However, the security controls lapse when the data is uploaded to the cloud. This leaves the information unprotected and vulnerable to any attack on the cloud. Furthermore, one cannot secure sensitive information if the cloud is compromised during a data breach.
The biggest myth that MIP operates under, is that all the users use Microsoft products by default. But that's not wholly true. While a majority of the computer users across the world use Microsoft, there are also other equally competent productivity tools in play. This assumption often denies MIP a fair share of users.
Myth #4: MIP is free!
True. MIP is free because it comes as a part of many bundled offerings. But careful exploration reveals that there are no free lunches with MIP! The implementation of MIP begins with central administrators defining specific sensitivity labels and protection policies. This model alone brings in a lot of overheads in terms of policy creation and management. Additionally, there is too much dependence on end-user discretion to decide the label and apply it. This also requires substantial user awareness and training leading to administration and user overheads.
Furthermore, predefined policies do not account for business dynamics and ad-hoc collaboration needs, thus increasing the support and helpdesk needs. Last but not least, any friction introduced in the user experience in the process presents frustration and leads to lower user productivity. Putting a dollar ($) value to all of this adds up to a massive cost that the enterprise has to bear.
For years, Microsoft has consistently provided users with a seamless experience for better productivity and enhanced collaboration. However, when it comes to security, the flaws could cause MIP to potentially become a liability, instead of an asset, on the data security infrastructure of an organization.
About the author
Abhijit Tannu is Founder and CTO of Seclore, building innovative products and applications for enterprise security.
A technology architect at heart and entrepreneur by profession, he has served as the head of technology and product management for the past eight years. A fitness enthusiast, you can find Abhijit trekking or hiking when he is not working.