Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:18 PM
Connect Directly

Microsoft Rolls Out New Data Classification And Security Service

Azure Information Protection the first-fruit of Microsoft's acquisition of Secure Islands.

Microsoft is set to offer a new cloud-based service that lets businesses classify, label, and protect data at the time of creation or modification. That protection then stays with the data at all times, regardless of where it is stored, with whom it is shared, or if the device is running iOS, Android, or Windows, according to Microsoft.

The new Microsoft Azure Information Protection builds on and integrates both Microsoft Azure Rights Management (Azure RMS) and data classification and labeling technology from Secure Islands, which Microsoft acquired last December. The new service is a component of Microsoft's Azure cloud computing platform.

The new service aims to address concerns over better protection of information that travels beyond the boundary of the corporate network and across many devices outside of a company’s control.

“At its core we are solving a central challenge for businesses and organizations around how they share sensitive information,” says Andrew Conway, senior director of enterprise mobility product marketing with Microsoft. “How do they do that in a way that they can be clear that the data is secure not just within their own organizations,” but also as the data is accessed by employees and business partners remotely.

Typically, in the past, organizations would establish point-to-point relationships with a particular partner to securely exchange information, but that was cumbersome to manage. “This is where identity is critically important,” Conway says. “Microsoft has made a huge investment in running a cloud directory service, a cloud identity system, at scale in the Azure cloud. That is enabling companies to connect to that cloud and share information securely.”

Under-Protecting or Over-Protecting

Organizations often wrestle with how to determine the level of security of specific data. “Organizations struggle with understanding which information is in need of protection – encryption, for instance -- versus what is just information that is personal to their employees or regular information for the business that they don’t need special controls around,” Conway says.

As a result, companies are either under-protecting things or encrypting everything. “So the ability to classify information before you encrypt it is super important,” Conway says.

Azure RMS basically encrypts data from the get-go. As a file or email is created, that data is encrypted and a set of permissions travel with that data. The encryption and permissions apply to the data no matter where it goes; if the data is sent to someone outside the organization or that person operates on it with a different application, the permissions still apply.

For example, a manager can classify data automatically based on what is included in a file, such as a credit number or social security number. Or they can let their employees classify data. The creator of the document can decide whether some data is personal, confidential or secret. “When that happens, there are a set of activities that happen on the back-end that will then watermark that data or encrypt it using the encryption technologies we have today,” Conway says.


Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016. Click for information on the conference schedule and to register.

Data Control in the Cloud

“Because this is a cloud service, we have visibility and control over that shared data,” he says.

Document owners can see where their documents go, and they can time-bomb a document if it is particularly sensitive, or remotely revoke access to the document. It also lets you track and log where the document has traveled, who has opened it or tried to, Conway says.

Identity-driven security is important because existing security perimeters are no long sufficient since today’s workforce is more mobile, as is data, says Mark Bowker, a senior analyst of mobility with the Enterprise Strategy Group.

“What is significant [about the Microsoft announcement] is users can do their own classification on their files. I think that it is interesting when you get the user doing self-administration of the data and the documents they are working on,” ESG’s Bowker says.

“I like the fact that it is not this classification of  ‘alright, we have terabytes of data in the company and now we have to classify it,’” he says. It’s more about recognizing that there are documents used in a business process on a daily basis and some are more important than others.

Other enterprise file-sharing providers are looking to offer similar capabilities. But Microsoft has the advantage of its integration with Microsoft Office, tools that users are used to operating in, he notes. “When you can enable the policy at the data level, suddenly that opens up the door where people can use different devices knowing that data is still protected,” Conway says.

Microsoft Azure Information Protection will be available for public review in July and generally available by the end of the year.

Related Content:


Rutrell Yasin has more than 30 years of experience writing about the application of information technology in business and government. View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-08
Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command.
PUBLISHED: 2020-07-07
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
PUBLISHED: 2020-07-07
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
PUBLISHED: 2020-07-07
A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
PUBLISHED: 2020-07-07
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.