Microsoft Relaunches Uncovering Hidden Risks Podcast

Microsoft Uncovering Hidden Risks podcast

Uncovering Hidden Risks is a new monthly podcast from the Microsoft Security team that looks at taking the data security conversation beyond compliance and classifications.

How do you protect data but still make sure people are productive? Host Erica Toelle talks to Microsoft and industry experts about reducing the risk of data breaches by taking a holistic approach to data governance and protection.

As organizations face increased cybersecurity risk due to employees working remotely, internal and external threats, and increasingly sophisticated malware, Erica and guests explore the end-to-end data protection story across organizations. People, places, processes, and products all need to be part of the conversation.

Uncovering Hidden Risks podcast
Uncovering Hidden Risks podcast

While IT organizations might have tools like Microsoft Purview and others, understanding how to use them for effectively reducing risk can be challenging. And the complexity of the task at hand can be overwhelming. Issues like:

  • unprotected and ungoverned data
  • insiders saying or doing things that they shouldn’t
  • changing compliance regulations

…require IT to develop an effective strategy for data protection and governance with the limited financial and human resources at their disposal.

Transitioning to a holistic approach to data protection

In the first episode, Talhah Mir – Principal PM at Microsoft for Insider Risk, who was involved in the first incarnation of Uncovering Hidden Risks, joins Erica in a conversation with Bret Arsenault, CVP, CISO at Microsoft.

Bret Arsenault
Bret Arsenault

Bret outlines three steps that IT should take in developing a holistic approach to securing data:

  1. Use tooling to understand your dataset
  2. Identify the crown jewels and protect them first
  3. Manage the risk and compliance

Understanding what data your organization has and then tiering it is the most difficult but important step. You can’t protect what you don’t know. And once you have mapped out what data your organization owns and tiered it, it makes sense to protect what’s most important first. Or as Arsenault refers to it, protecting the crown jewels.

Arsenault also mentions that sometimes the best way to protect the data is not to have the data at all. And there’s little point implementing controls on public data.

Talhah Mir
Talhah Mir (Image Credit: Microsoft)

Whatever controls you decide to implement, they should be on the data itself. Any other strategy becomes difficult to scale. Mapping data to the applications, people, and processes that use it helps IT demonstrate the business value of data protection efforts. It shouldn’t be seen as just a cost.

And mapping in the other direction, i.e. from apps, people, and processes back to the data can help you cover all bases by surfacing connections that might otherwise be missed.

Uncovering Hidden Risks host Erica Toelle
Uncovering Hidden Risks host Erica Toelle

Arsenault also shared tips on baselining systems and behavior, ensuring data isn’t overshared, how automation can help protect data at scale, and why data protection should be seen as a business enabler and differentiator as opposed to only a cost.

Listen to the first episode: Transitioning to a holistic approach to data protection

Experts weigh in on data protection

Arsenault gets the relaunch off to a great start, providing lots of value. At the time of writing, there are already five episodes in the can. Microsoft and industry experts share their wealth of experience and knowledge to help you use the tools at your disposal to develop an effective data protection strategy.

Guests include:

  • Jeff Teper, Corporate Vice President of Microsoft 365 Collaboration
  • Igor Tsyganskiy, President and CTO of Bridgewater Associates
  • Alym Rayani, General Manager, Compliance and Privacy Marketing at Microsoft
  • Randyll Newman, Supervisor of Student Data and Information Security for Prince William County Public Schools in Virginia

Subscribe to the podcast on the Uncovering Hidden Risks website.