Author: Paul Robichaux / Source: Petri
In the security world, the saying that locks keep honest people honest is a hoary old saying. The saying lingers because it is true. One time-tested way to reduce the risk that someone will accidentally or purposefully leak sensitive information is to lock it up. In this article, I will talk about two “locks” that Microsoft provides for helping to reduce information leakage, Azure Information Protection (AIP) and Windows Information Protection (WIP). They are related but different. I will explain when to use each one.
The Disclosure Problem
Information leakage is a real and growing problem for organizations of all sizes. A 2017 Ponemon Institute Study that was funded by IBM estimates the average cost of a data breach worldwide is $3.6 million. The breaches we hear about in the news mostly involve two things, intentional attacks that steal financial data and insiders who leak sensational data about politically sensitive matters. However, many organizations have suffered lower-level breaches when someone forwarded, lost, or leaked a sensitive document or message to someone else who was not supposed to have it. Sometimes, these breaches are accidental and sometimes they are on purpose. Either way, preventing them requires adding more security controls but those controls carry baggage. This baggage can make it harder for users to work and be productive. It can restrict legitimate sharing and make it more difficult to support BYOD. It also requires extra infrastructure. A useful solution for leakage protection has to:
- Allow users and organizations to keep work and personal data on the same devices without mixing them
- Keep unauthorized people from seeing or modifying data
- Protect data when it is stored, in transit, or shared
- Not get in the way when users are trying to work
Of course, besides these problems, we still have the need to protect against other threats such as malware and device theft.
You can break these protection requirements up into four categories, as shown below. AIP and WIP play multiple roles in protecting against these threats.
Azure Information Protection
AIP is a cloud-based set of tools that lets you label, classify, and protect documents and messages. Think of it as a superset of the Rights Management System (RMS) functionality offered both on-premises (Active Directory RMS) and as part of Office 365 (Office 365 RMS). The naming is a little confusing because until recently, AIP…
Click here to read more
