Micrsoft Purview - Insider Risk Management
With the emerge and vast acceptable of digitalization and as the digital landscape continues to grow, the risk landscape for organizations has been changed significantly. Earlier days, insider risk management team are part of the security team who make sure some kind of end-user training on data protection is in place and ensuring the security of corporate assets are in place.
Due to digitalization and as industry shift totally towards cloud era, the data size is keep growing and growing in exponential manner. More apps, more application organization is demanding and hence more monitoring and required tight control is required to be in place. Personally, I believe due to Covid, the work from home culture demands more the role of Chief Information Security Officer (responsible for data protection and manage the insider risk threats).
Controlling the security/threats/damages now is not limited to some modules/check points/assessments, it is now altogether a new era and hence Microsoft Purview evolves and comes to drive this journey. Organizations around the globe facing the challenges and it come from outside the organization as well as from inside the organization.
A product born on business demands. Continuing and growing threats, loss, degrade reputations, financial loss and many such negative impact of the organizations make them have something which can easily able to detect, analyze, and control the upcoming damages. Organization needs to protect their trust and a great culture inside in their organization to move upwards, and so Organizations demand a smart product and experience skilled people to accomplish this.
Microsoft Purview – A perfect well-defined solutions which know what needs to check, where needs to check, thresholds metrics, how to check, what are the policies to define, where to define, how to track, and more importantly how to minimize the risk or damages using a couple of clicks.
Now, lets discuss about insider risk – what is it?
Let’s define this as a simple way. The risk which is coming from inside a company. For example, someone who is going to leave the organization or planning to leave the organization. Employee do have some plan which directly impact the organization in negative way. As the employee is presence in the organization, so that person has access authorization to the organization’s information and assets. Employee can share the information outside the information, stole assets, publish some important insider content of the organization which not supposed to be seen by the rest of the worlds, or can give anyone outside the organization an access.
Insider Rick Management help us to define some policies, metrics, track some intelligence way who is doing what in respect of what circumstances, and the system should intelligent to take the control and stop doing the damages in real time.
Below are some reports published by Microsoft while they vigorously analyze and collect the data from different organization about the loss of data and in this respect.
Holistic Insider Risk Management Index - Measures how holistic an insider risk management program is based on measurements related to the integration of the following four categories: people, process, tools, and training. The more people focused on and addressed these four elements, the more holistically they were approaching insider risk.
Below are five key characteristics of holistic insider risk management:
1. Prioritize employee trust, productivity, and privacy controls
2. Attain program buy-in and involvement across the organization
3. Attest that effective training and education are vital
4. Use positive deterrents more often
5. Integrate tool usage
There are many points which we can discuss about the above five key elements, and I'll create a new post on this. However, just to remond this is just the begging and I'm sure lots of things will comes in and place their right to transform this jouerney.
Be safe and be Happy!
Comments
Post a Comment