Uncovering Hidden Risks is a new monthly podcast from the Microsoft Security team that looks at taking the data security conversation beyond compliance and classifications.
How do you protect data but still make sure people are productive? Host Erica Toelle talks to Microsoft and industry experts about reducing the risk of data breaches by taking a holistic approach to data governance and protection.
As organizations face increased cybersecurity risk due to employees working remotely, internal and external threats, and increasingly sophisticated malware, Erica and guests explore the end-to-end data protection story across organizations. People, places, processes, and products all need to be part of the conversation.
While IT organizations might have tools like Microsoft Purview and others, understanding how to use them for effectively reducing risk can be challenging. And the complexity of the task at hand can be overwhelming. Issues like:
…require IT to develop an effective strategy for data protection and governance with the limited financial and human resources at their disposal.
In the first episode, Talhah Mir – Principal PM at Microsoft for Insider Risk, who was involved in the first incarnation of Uncovering Hidden Risks, joins Erica in a conversation with Bret Arsenault, CVP, CISO at Microsoft.
Bret outlines three steps that IT should take in developing a holistic approach to securing data:
Understanding what data your organization has and then tiering it is the most difficult but important step. You can’t protect what you don’t know. And once you have mapped out what data your organization owns and tiered it, it makes sense to protect what’s most important first. Or as Arsenault refers to it, protecting the crown jewels.
Arsenault also mentions that sometimes the best way to protect the data is not to have the data at all. And there’s little point implementing controls on public data.
Whatever controls you decide to implement, they should be on the data itself. Any other strategy becomes difficult to scale. Mapping data to the applications, people, and processes that use it helps IT demonstrate the business value of data protection efforts. It shouldn’t be seen as just a cost.
And mapping in the other direction, i.e. from apps, people, and processes back to the data can help you cover all bases by surfacing connections that might otherwise be missed.
Arsenault also shared tips on baselining systems and behavior, ensuring data isn’t overshared, how automation can help protect data at scale, and why data protection should be seen as a business enabler and differentiator as opposed to only a cost.
Listen to the first episode: Transitioning to a holistic approach to data protection
Arsenault gets the relaunch off to a great start, providing lots of value. At the time of writing, there are already five episodes in the can. Microsoft and industry experts share their wealth of experience and knowledge to help you use the tools at your disposal to develop an effective data protection strategy.
Subscribe to the podcast on the Uncovering Hidden Risks website.