Archive | Information Governance RSS feed for this section

Office 365 Compliance Search for eMail and Content -Good but not Good Enough

According to our third annual Microsoft Survey, the use of Exchange is almost a given. So is the rise of data breaches, which is most likely caused by your own employees. Security in Exchange for the identification of potential exposure can be done through the use of Compliance Search. This will enable administrators to search for common strings such as social security number, credit card numbers, or account numbers. The searches can be saved and re-executed. Concept Searching adds value to the identification of data privacy or confidential information, regardless of where it resides because it is not limited to defined descriptors such as a social security number, but can contain any descriptor and verbiage that you want secured.

Most security products, including Office 365 Compliance Search will identify the most likely, and standard descriptors typically used by most organizations. Sometimes that doesn’t always work. Confidential information, For Official Use Only (FOUO), new product information, competitive information, intellectual property, patents, or specific customer information may all contain confidential information, but it’s not easy as each subject may not have a common denominator to use as a rule. What to do then?

Concept Searching lets the organization quickly define rules that contain descriptors (social security number) and/or associated verbiage. Since we generate multi-term metadata that forms a concept the organization has no limit or bottlenecks trying to secure specific information. Once found, using Office 365 or SharePoint tools the content can be redirected to a secure repository, removed from search, and portability is prevented. Pretty cool. The rules are easily added, deleted if no longer necessary, and can be changed as the content the organization considers confidential may also change. In SharePoint, taxonomies can be deployed and when a document is found to have a data breach, the content type is automatically changed and classified against the taxonomy. Works when content is created or ingested, and in real-time. It works with diverse repositories, SharePoint, Office 365, You name it, you’re totally covered.

Comments are closed

Keeping the Problem People Out of the System – Possible?

It’s widely documented that most security breaches are caused by internal staff, either by accident or on purpose. Training can help in the accidents, but what about a disgruntled employee who deliberately causes a data breach? Think it won’t happen to you? Think again.

In an article on ZDNet, ‘After OPM breach, Manning and Snowden are just the beginning’, the author, David Gewirtz commented on the basic problem of people and security, “It is impossible to separate individual decision-making and action from the national security apparatus of any nation. Sure, we can carefully vet individuals, subject them to background checks and psychological tests. We can interview friends and neighbors. We can examine financial records and elicit stories about what they were like in college. We can certainly weed out the obvious problem cases. But we can’t keep all the problem people out of the system.”

Ok, you may say well, that’s the government and the staff can deal with highly secure information that impacts the country. That’s true. According to Mr. Gewirtz, “While some very misguided individuals celebrate Snowden’s actions, I submit that any individual who harms the American economy to the tune of at least 47 billion dollars and costs nearly a million jobs is no hero.” I hardly think that most organizations are in the same position as the government.

But, what if a data breach happened in your organization? Chances are it isn’t going to jeopardize national security – but your organization is in for some hefty fines, potential loss of brand and customers.

How do you protect your organization from the enemy within?

Comments are closed