It is time to shift your focus from managing devices to managing your data. The threat landscape changes quickly but the target remains the same, your data! Data is everywhere, and attempting to secure all the places it can be does not scale. Starting with a "data first" mindset will help secure you in a way that locking down devices does not. It certainly remains important to keep your devices properly secured and up-to-date, but this is only part of securing your IT infrastructure.
There are three data-centric practices you can put in place that will make your organization more secure and productive. If you are running Microsoft 365 services, all of these tools are available to you….but it does take experience to understand what specific services need to be enabled to make all this happen properly.
The amount of data we are generating is increasing exponentially. Email, documents, and video are the top three data types in today's business environment. It is tempting to keep everything, but that is not an approach that scales and it also leaves troves of information sitting around waiting to be stolen by the bad guys.
Setting up a way to automatically classify data is known as tagging. We "tag" an email each time we sort it into a specific folder. Based on where we put it we know that it was important, sensitive, or related to a specific customer. Taking that a step further you should have tagging that automatically classifies the sensitivity, and retention period of your data based on the content it contains. Once tagging has been properly setup you can implement archiving rules that will store your data in a efficient way, and eventually remove data that is no longer needed.
Every week we read about a data breach with millions of records. If you can minimize the number of records you have in the first place this will be a step in the right direction! A proper archiving strategy will remove data from your organization when it is no longer needed or useful. This does not mean it is deleted, but rather, it is stored in a way that minimizes access to the data and is more cost-effective than just creating a folder at the end of each year and dragging everything into it!
Proper setup of archiving rules for email in Office 365 can also be a huge productivity booster! No more wading through thousands of emails to find the one you want. You can also setup archiving for your file servers and document storage applications (SharePoint, ShareFile) to do the same thing.
The ability to control who can access your files is a key security function in today's IT world. Sharing documents via email is still one of the most prevalent, and dangerous, ways to share files. There are a number of ways to control what applications can do with your data and who can access it even after it "leaves" your organization. Microsoft has invested significant resources in these management tools, but most technology providers are not utilizing them.
Basic file sharing needs to be facilitated through an application meant for this purpose. The most common applications all have the ability to securely share files without having you lose control of it. OneDrive, SharePoint, and ShareFile all have controls that can work to keep your files secure when sharing with others.
Moving from a device to a data-centric approach will make your organization more secure and productive. If your data is protected properly your organization is one more step ahead of the bad guys!