The downside? Using multiple cloud platforms can create inconsistent infrastructures that don’t scale across environments. This can lead to teams working in silos—bringing increased complexity, additional costs, network security gaps, and risks to business-critical applications and data. It’s not unheard of for some organizations to own 80 to 100 different security tools stitched across hybrid and multicloud environments, while still wondering: are we secure? In this blog, we’ll help you answer that question by detailing four qualities a multicloud data-protection solution should provide and how Microsoft Purview can help unify security, compliance, and data protection across your enterprise.

Multiple clouds require unified data protection

Enabling multicloud integration and automation at scale is essential for fostering a robust partner ecosystem. Since 89 percent of enterprise customers have moved to a multicloud environment, maintaining security across your expanding data estate is necessary.¹ Patchwork solutions can create vulnerabilities; whereas, a comprehensive solution is able to deliver seamless data protection and data governance across your entire digital estate.

Look for a multicloud security and data-protection solution that:

1. Unifies auto-discovery and protection of sensitive data. Your multicloud data-protection solution should provide comprehensive security and compliance tools that span both first- and third-party apps and services to include Personally Identifiable Information (PII), such as home addresses, date of birth, and Social Security Numbers. Look for features such as built-in sensitivity labeling within applications and services, including popup user notifications that help guide users on security best practices. These features help ensure all sensitive data is correctly classified and labeled so that files can’t be exfiltrated without proper permissions.
   
   A data-protection solution with rights management and automatic encryption of emails (and attachments), as well as co-authoring of encrypted documents, will help to ensure secure collaboration. Your multicloud security tool should be flexible enough to allow manual labeling of some sensitive files for leadership-only access (like mergers and acquisitions projects), while also enabling admins to automatically label and protect business files stored in Microsoft SharePoint or Microsoft Teams (like Confidential labels for Finance or HR records). This tool should also be able to scan and classify on-premises file shares, as well as cloud applications and services.
2. Protects sensitive files and documents from being exfiltrated to third-party applications and services. More than 40 percent of corporate data is dark.² Meaning, it’s not classified, protected, or governed. This invites risk in the form of sensitive data leakage, which can harm your reputation and, in the case of leaked PII, lead to costly litigation. Your multicloud security solution should be able to classify files and documents, apply sensitivity labels, provide sharing controls and file governance, and use near real-time data loss prevention policies to prevent data leakage across third-party apps.
3. Uses automated data discovery across structured and unstructured data. Every organization needs to be able to securely share data both internally and with partners and customers. That’s why your data protection solution needs to provide data scanning and classification for all types of assets across multicloud and on-premises environments. Metadata and descriptions of data assets should be integrated into a holistic map of your data estate. Atop this map, purpose-built apps can create environments for data discovery, access management, and insights about your data landscape.
4. Applies Zero Trust principles to your entire digital estate. This includes strong multifactor authentication to verify user identities, as well as ensuring all endpoints are in compliance. Your data-protection solution should also ensure that governance and compliance policies are built in, and continuous risk assessment and forensics capabilities are implemented. Other key functions should include classifying, labeling, and encrypting emails and documents, as well as adaptive access to software as a service (SaaS) applications and on-premises applications.

Integrate for comprehensive protection

Overcoming the siloed approach in a multicloud environment can be a challenge. However, the risks are too great to make do with ad-hoc, patchwork security solutions. Beyond PII, also at stake is your business’s intellectual property (IP), financial statements, organizational structures, employee contacts, and other information that could be targeted with ransomware, phishing, and password attacks.

Microsoft Purview’s information protection and governance capabilities help your organization address potential data vulnerabilities across a multicloud environment by integrating information protection and data lifecycle management, along with data loss prevention, insider risk management, and eDiscovery. Microsoft Purview’s data governance portal helps manage your entire data landscape—on-premises, multicloud, and SaaS—allowing you to create a comprehensive, up-to-date map of your data wherever it resides. This unified governance enables data curators and security admins to keep your data secure; all while empowering users to find the trustworthy data they need.

Microsoft Priva adds another layer of protection with privacy risk management, helping to identify data-privacy risks and automate mitigation wherever the data lives. To accommodate individuals making requests to review or manage their personal data about themselves, Microsoft Priva Subject Rights Requests includes the Microsoft Graph subject rights requests API. This powerful API helps your organization do more with less by automating searches across Microsoft Exchange, Microsoft OneDrive, SharePoint, or Teams.

And to protect the business-critical apps you rely on, Microsoft Defender for Cloud Apps helps you classify sensitive information using real-time controls that monitor data accessed across your multicloud environment. As a cloud access security broker (CASB), Defender for Cloud Apps blocks attacks against your apps using automated identity governance, and it integrates seamlessly with Microsoft Entra Permissions Management to root out and remediate permission risks.

Look for a built-in data protection solution

Any data-protection solution needs to address the four areas discussed—unified discovery and protection, protection against data exfiltration, control of unstructured data, and a foundation of Zero Trust—across hybrid and multicloud environments. Both Microsoft 365 and Microsoft Azure are purpose-built with Zero Trust as a core architectural principle. And with comprehensive, integrated solutions for information protection, data governance, risk management, and compliance, Microsoft Purview builds on all four pillars—so you can move forward, fearless.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹How Many Companies Use Cloud Computing in 2022? All You Need To Know, Jacquelyn Bulao, Tech Jury, November 26, 2022.

²Unlocking the hidden value of dark data, Maria Korolov, CIO. August 11, 2022.

The post 4 things to look for in a multicloud data protection solution appeared first on Microsoft Security Blog.

Your data protection strategy needs to be accurate, comprehensive, and scalable without hindering productivity. Traditional data protection solutions have typically taken a patchwork approach, often requiring resource-intensive custom integrations that don’t scale well. Worse, this kind of ad hoc solution can expose infrastructure gaps that attackers seek to exploit. In contrast, an integrated approach to data protection provides automated, customizable classification, as well as pre-built regulatory templates and flexible data loss prevention (DLP) policy controls. Microsoft Purview has the added benefit of being already integrated across many industry-standard applications and services, workloads, and digital estates—on-premises, software-as-a-service (SaaS), and in multicloud, multiplatform environments. In this blog post, we’ll hear from some of Microsoft’s customers about their experiences implementing Microsoft Purview Information Protection and Microsoft Purview Data Loss Prevention and how these cloud-based solutions streamlined their security. To experience what holistic data protection can do for your organization, you’re invited to sign up for a free trial.

Rabobank balances data security with employee access

Protecting data confidentiality for 8.9 million private and corporate customers worldwide is no easy task, but Netherlands-based Rabobank is committed to balancing data protection with customer privacy. To get there, the company’s small security team needed a DLP solution that could help secure the bank’s assets across 42,000 endpoints spread over 23 countries. Their previous solution was oriented to siloed rule sets, meaning it assessed data in terms of a given department. This made it difficult for a multinational organization like Rabobank to maintain rules across multiple areas. ”One of our significant issues is how to stay current with policies that change frequently across multiple regions,” says Edo Immink, IT Lead for Office 365, Rabobank. Without that global view, the security team was left dealing with a complicated rule set in aging infrastructure. “That meant people would have to drop other priorities and rush in to fix things,” Immink explains.

Rabobank was concerned about potential data leakage from USB drives, browsers, and printers. When it was first available in 2020, Microsoft Purview Data Loss Prevention offered a cloud-based solution with built-in controls for managing sensitive information across endpoints and applications—covering Microsoft 365, SharePoint Online, OneDrive for Business, Exchange Online, and Microsoft Teams. This built-in connection with Microsoft apps provided the bank’s security team with the advantage of managing all data policies from one place—the Microsoft Purview compliance portal. Seeing the benefits of pre-integration, Rabobank moved to get maximum value from its Microsoft 365 E5 license by rolling out Microsoft Purview Data Loss Prevention companywide.

Adopting Microsoft Purview Data Loss Prevention also helped Rabobank increase its agility by decreasing the overall number of DLP policies it had to manage. And having an encompassing view of apps and endpoints helped curtail inappropriate data sharing across the company’s global workforce of more than 40,000 employees, many of whom rely heavily on mobile devices. The bank’s security team worked with Rabobank regional security officers to deploy policies that protect data while making it easier for employees to access everything they need. In turn, this freed up time for Rabobank’s IT teams to focus on more high-value activities.

“We benefit from getting our business apps, security, and DLP tooling from the same source because they all work together seamlessly,” says Jacob Kralt, Product Owner for Office 365 Compliance, Rabobank. “And by combining Microsoft Sentinel with Microsoft Purview Data Loss Prevention and the Microsoft 365 platform, we have a holistic view of our ecosystem and can manage it more easily.”

Fannie Mae protects privacy while boosting productivity

As a leading source of financing in the housing market, Fannie Mae provided USD1.4 trillion in liquidity to the United States mortgage market in 2021. That success wouldn’t be possible without reliably securing millions of customers’ personally identifiable information (PII). And that requires understanding how data is used internally to help prevent exfiltration. Fannie Mae needed a data loss prevention solution that would enable productivity while complying with their strict security protocols and Federal Housing Administration (FHA) regulations. The company’s objective was to create a trust model that helps protect its data from both internal and external risks, all while keeping pace with evolving cybersecurity demands.

As it turned out, the solution was already in their hands—the data protection and governance solutions in the company’s Microsoft 365 E5 license. “We adopted Microsoft Purview Data Loss Prevention because we’re hyper-focused on helping secure data end-to-end,“ says Kiran Ramineni, Vice President of Single-Family Architecture and Cloud, Data, AI/ML, and Infrastructure Architecture, Fannie Mae. Because the company also uses cloud-native Microsoft Azure and Microsoft Defender for Cloud, they gain a full suite of detection controls that prevent sensitive data from being exfiltrated. Fannie Mae’s on-premises environment is also connected to Defender for Cloud.

Ramineni praises the seamless interaction between Microsoft Purview Data Loss Prevention and Microsoft 365 productivity apps, such as OneDrive, noting that the seamless connectivity empowers Fannie Mae’s data scientists to access queries on OneDrive while automatically blocking PII from being moved back to the user’s OneDrive folders. Even better, the integration enhances productivity by allowing non-PII data to be saved back to employees’ shared folders. “Merging Microsoft Purview Data Loss Prevention and Defender for Cloud Apps with our Microsoft 365 apps gives us both sides of the coin,” says Ramineni. “We make it easy for data scientists to do their work, be more productive, and collaborate as necessary with those who are outside of the containment environment, and yet, we help keep data secure.”

Ramineni’s team is looking forward to deepening the company’s security infrastructure by adding Microsoft Purview Information Protection enterprise-wide—across cloud apps, on-premises data repositories, and infrastructure clouds. “We work to evolve as the threat landscape evolves, defending our environment from internal and external actors,” says Ramineni. “The best security is never done.”

Ernst & Young protects a global data estate by managing user permissions

Ernst & Young (EY) is one of the largest professional services networks in the world and is considered one of the “Big Four” accounting firms. Operating as a network of partner firms, EY has more than 300,000 employees in 700 offices spread across more than 150 countries. For that reason, the company decided to get the maximum benefit from their Microsoft 365 license by deploying Microsoft Purview Information Protection—safeguarding their worldwide data estate with automatic classification, sensitivity labels, and rights management.  

Microsoft Purview’s sensitivity labels include content and container types. Content labels are typically applied to data (such as files and emails) and include protections such as encryption and visual marking. Container labels are applied to repositories (such as SharePoint sites) and include protections such as multifactor authentication and privacy settings. Because Microsoft Purview Information Protection provides controls around the behavior of these labels—how they’re applied and changed, what the defaults are, and who can see them—admins can gain a complete picture of the company’s data using the Microsoft Purview compliance portal.

“Using a container label to differentiate permissions meant users could access a single document and prevent the same users from accidentally stumbling upon confidential documents; a key element of the Microsoft Purview Information Protection solution that we couldn’t get from any other solution on the market,” says Usman Abubakar, Assistant Director of Messaging Foundation Services, Ernst & Young.

The best data-protection tools you already own

Microsoft Purview Information Protection and Microsoft Purview Data Loss Protection provide holistic data protection as part of your Microsoft 365 E5 license, integrating seamlessly with Microsoft productivity apps as well as a broad third-party and partner ecosystem. When integrated with Microsoft Sentinel and Microsoft Defender for Cloud, your business can gain breadth and depth in controlling internal and external threats across your entire digital estate. To experience how Microsoft Purview can start protecting your organization’s precious data today, remember to sign up for a free trial.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹How Much Data is Created Every Day in 2022? Jason Wise. October 12, 2022.

²T-Mobile reaches $350M settlement in 2021 cyberattack and data breach impacting 76M people, Todd Bishop. July 22, 2022.

³General Data Protection Regulation, Intersoft Consulting. May 25th, 2018.

⁴Health Insurance Portability and Accountability Act of 1996 (HIPAA), Centers for Disease Control.

The post How businesses are gaining integrated data protection with Microsoft Purview appeared first on Microsoft Security Blog.

Microsoft Purview is a portfolio of solutions for information protection, data governance, risk management, and compliance that enables organizations to effectively manage their data all from one place. It provides enhanced visibility that organizations can leverage across their environment to help close gaps that can lead to data exposure, simplify tasks through automation, stay up-to-date with regulatory requirements, and keep their most important asset—their data—secured. Partners play a critical role in helping customers manage their entire data estate. We’ve invested in connectors, APIs, and extensibility to support partners and help customers manage their data. 

Microsoft Purview product announcements

Today, we are excited to announce the general availability of the new Microsoft Graph APIs for Microsoft Purview eDiscovery. With the new Microsoft Purview eDiscovery APIs, organizations can leverage automation to streamline common, repetitive workflows that require a lot of manual effort in the product experience.

Customers and partners find automation and extensibility of eDiscovery workflows critically important because of the ability to reduce the potential for human error in highly sensitive workflows. For example, efficiently managing repeatable, defensible processes is critical to managing risk for organizations that have significant requirements for litigation and investigation.

Here are some of the ways partners are building value-added solutions and services using our Microsoft Purview eDiscovery APIs:

Relativity integrates with Microsoft Purview eDiscovery (Premium)

Relativity, Microsoft’s Security ISV of the Year for 2022, shared that “using the right tools to put business’s data into action is essential for many eDiscovery and compliance use cases. RelativityOne integration with Microsoft Purview eDiscovery significantly expedites the eDiscovery review process, minimizes data copies across multiple platforms, facilitates third-party collaboration, and ultimately reduces costs while the data remains secure within the Microsoft cloud. Now is the time to benefit from RelativityOne’s integration with Microsoft’s Purview’s eDiscovery platform,” said Chris Izsak, Strategic Partnerships GTM Manager, Relativity.

BDO’s Athenagy integrates with Microsoft Purview eDiscovery

BDO’s Athenagy creates dashboards using both Microsoft Purview eDiscovery and RelativityOne. Their “patent-pending business intelligence dashboards now provide legal, IT, and compliance professionals a whole new level of data transparency and cost containment by surfacing up critical insights inside both Microsoft Purview eDiscovery—using the newly released Microsoft Purview eDiscovery APIs—and RelativityOne tied to legal hold, collect, preservation, processing, and review for every investigation, compliance, and litigation matter,” said Daniel Gold, inventor of Athenagy and managing director of E-Discovery Managed Services, BDO.

Epiq Global integrates with Microsoft Purview eDiscovery

Epiq leverages Microsoft Purview eDiscovery APIs to create an end-to-end eDiscovery workflow. “Utilizing the Microsoft Purview eDiscovery APIs allows us to automate within Microsoft Purview to use inputs from our customer’s existing legal hold system of record to seamlessly orchestrate an end-to-end workflow including sending hold notices, preserving data in place, and performing searches, collections, and exports. When updates are made in the system of record, the changes are propagated directly to the appropriate piece of eDiscovery to ensure parity. An automated solution eliminates human error, reduces administrative costs, and ensures that eDiscovery processes are in sync with your issuance of legal holds,” said Jon Kessler, Vice President of Information Governance Services, Epiq.

Lighthouse integrates with Microsoft Purview eDiscovery

Lighthouse uses Microsoft Purview eDiscovery APIs to create “a rich and intuitive user experience, taking advantage of custodian data mapping, in-place preservation, modern attachment retrieval, and advanced culling. Our automation and orchestration solution is designed to improve user efficacy with job failure oversight, completion notification, and automatic provisioning and management of Azure storage containers. Clients embracing this solution benefit from automation and orchestration to fully leverage Purview Premium eDiscovery’s apps securely and at scale,” said John Collins, Director of Advisory Services, Lighthouse (winner of the Compliance and Privacy Trailblazer award for 2022).

Growth opportunities for partners

The opportunity for our partners who invest in the Microsoft compliance ecosystem continues to grow. Our partners are finding success by building value-added solutions and services around Microsoft’s solutions at an increasing rate. For example, partners are creating solutions that connect disparate information repositories for enterprise-wide compliance initiatives.

Microsoft partners continue to have the ability to participate in our successful go-to-market program, the partner build-intent workshops. These workshops cover the Microsoft Security portfolio and help drive customer success with Microsoft products and partner services through prescriptive scenarios that address the top pain points of our customers. These workshops have been updated to give partners the ability to uncover additional opportunities leveraging the most up-to-date tools and solutions. Discover all our partner workshops and get started with unlocking opportunities and value with your customers.

How Microsoft supports the partner ecosystem

The Microsoft Purview platform enables our customers and partners to adapt, extend, integrate, and automate information protection, data governance, risk management, and compliance scenarios. These capabilities are enabled through our investments in these key building blocks:

Microsoft Purview APIs: We are constantly expanding our API surface area. With our investments in Microsoft Graph APIs we currently enabling extensibility scenarios across Purview Information Protection, Purview Data Lifecycle Management, Purview eDiscovery, Purview Audit, and more. Partners are using these APIs to build value-added services and solve unique customer scenarios.

Microsoft Purview Data Connectors: To enable high-fidelity data ingestion—including sources such as Slack, Zoom, and WhatsApp, we have partnered with Veritas, TeleMessage, 17a-4, and CellTrust to deliver more than 70 ready-to-use connectors. Our extensibility push provides more opportunities for partners to join this connector ecosystem.

Microsoft Purview Data Catalog: Microsoft Purview’s unified data governance capabilities help with managing on-premises, multicloud, and software as a service (SaaS) data. Microsoft Purview Data Catalog supports multicloud data classification and covers data repositories such as Azure Cosmos DB and Amazon Web Services (AWS) S3 buckets. There is also an Atlas Kafka API that facilitates extensibility scenarios for our partners and customers.

Microsoft Purview Compliance Manager: With universal templates, we help partners and customers extend compliance management capabilities to non-Microsoft environments.

Power Automate integrations: Microsoft Purview solutions including Microsoft Purview Data Lifecycle Management, Insider Risk Management, and Communication Compliance have built-in Power Automate integrations. This offers unique opportunities for our partners and customers to streamline and automate workflows and business scenarios.

Another way Microsoft supports the ecosystem is through the Microsoft Intelligent Security Association (MISA). MISA is an ecosystem of independent software vendors and managed service providers that have integrated their products and services with Microsoft’s security technology. Over the last year, MISA has extended its qualifying products to include a broad range of Microsoft Purview and Microsoft Priva products. MISA offers members co-marketing benefits and the opportunity to deepen their technology integrations and relationship within the Microsoft security ecosystem. MISA offers members co-marketing benefits and the opportunity to deepen their technology integrations and relationship within the Microsoft security ecosystem.

Partner with Microsoft Purview

Here are a few ways that partners can join the Microsoft Purview ecosystem:

• For more information, check out the Microsoft Purview partner transform page.
• Explore the many opportunities for the partner ecosystem with Microsoft Purview.
• Reach out to our partners and explore their solutions.
• Check out our Microsoft Security Inspire blog post to learn more about how partners can help customers on the Microsoft platform.
• Get started with unlocking opportunities and value with your customers at our Partner Network.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post How Microsoft Purview and Priva support the partner ecosystem appeared first on Microsoft Security Blog.