In the hybrid work era, data security and compliance must meet employees where they are
Data governance issues raised by today’s new world of work demand a unified solution that spans all locations and devices.
By WP Creative Group
Maintaining data security and compliance for remote and field workers has long been a challenge for organizations, but now that millions of employees are rotating between home, the office and the road as corporate America embraces hybrid work, issues around data governance have become exponentially more complex.
Given this level of disruption, solutions must start with rethinking security and compliance in ways that align with the future of work. “The fix isn’t to bring people back inside a safe environment, but to make the environment safer wherever they go,” said Rob Enderle, a technology analyst and consultant based in Oregon.
This requires software that can meet users where they are and can automate functions that were typically carried out by in-house teams in close proximity to users. “It’s a big digital world out there for any organization to try and manage,” said Alym Rayani, General Manager of Compliance and Privacy Marketing for Microsoft. “It really calls for a comprehensive and unified solution, one that applies machine learning and artificial intelligence on the back end and enables users to do the right thing on the front end.”
With these requirements in mind, Microsoft recently launched Microsoft Purview—which combines Azure Purview and Microsoft 365 into a comprehensive set of solutions. Microsoft Purview works across all systems and networks regardless of location to classify data automatically and flag it accordingly. For example, Microsoft has pre-trained machine learning models that recognize sensitive material like résumés, source code or discriminatory language. Users can also create custom machine learning models to classify data specific to their organization by feeding in dozens of examples and then refining the algorithm over time. Microsoft calls these trainable classifiers.
Microsoft’s security algorithms can analyze network traffic across environments, detecting sensitive data and protecting it in real time. For instance, they can prevent data from being sent outside the organization or shared with unauthorized colleagues. This approach works across multiple communications platforms, for example when the system identifies a potential discussion of insider trading on a chat. This is a must at a time when workers are using more platforms than ever, from the video conferencing and instant messaging apps that gained popularity during the early days of the pandemic to cloud-based collaboration tools.
Empowering the user
A key aspect of good compliance and security software is that it “empowers the users” and meets them where they are, Rayani said. Most people don’t intend to violate policies—they’re just trying to get their jobs done. So, instead of simply blocking a user’s problematic communication, the software might instead issue a warning and suggest a safer course such as sharing a document through a secure SharePoint site rather than an email attachment.
This approach can help even the most dispersed organizations safeguard precious trade secrets, confidential business data, and customers’ personal information. And it can be complemented by moving the whole concept of security and governance to a “zero-trust” posture, which eliminates the inherent trust assumed inside the traditional corporate network. With zero-trust, each identity, device, service and access point is continuously secured or monitored, and the internet treated as the default network.
But even zero-trust can’t prevent data leaks or inappropriate behavior in communications. Nor can it help companies manage data to comply with regulations or legal action. In the world of hybrid work, successful data governance requires that “the controls follow where the data is flowing,” Rayani said.
And empowering “good” workers only goes so far, as every big organization is bound to host a few bad apples and they can be harder to spot in a hybrid work environment. To counter that, security professionals can use a tool like Microsoft Purview to identify patterns of suspicious behavior (like removing files) or inappropriate activity (like demeaning language) and flag them for investigation. Microsoft Purview can even recognize anomalous text that might be code for illegal activity: Why do those traders keep talking about buying fruit or baseball plays during work discussions?
At large organizations, managing the “data estate” is also a problem of scale and location. So many people, so much data, so many rules to follow. One traditional way of managing the problem is through training in areas like compliance, harassment, or cybersecurity. Training is important, but its effectiveness tends to wear off as policies change or people get caught up in the day to day. Couple that with the “Great Reshuffle” and it means that more people are joining a company with scant understanding of its specific culture and rules.
To solve this, experts suggest using a tool like Microsoft Purview to make “inline” training possible when the relevant policy is top-of-mind. For example, if Outlook blocks an email because it contains personal customer information, Microsoft Purview might also provide a link to more information about the underlying regulation, such as Europe’s GDPR.
One solution to rule them all
Having a unified solution to manage all this offers numerous benefits, said Enderle, the consultant. “When different divisions or subsidiaries operate different tools, it’s harder to ensure policies are complied with.” That’s because when organizations juggle multiple tools to handle data governance and compliance, they’ll have to write each new policy change into each tool—or even hire developers to integrate the tools. Microsoft Purview is a comprehensive set of solutions which allow organizations to apply a single set of policies and label classifications throughout the organization. Similarly, it’s easier to protect users, documents, and communications as they move across an organization while maintaining privacy safeguards.
In today’s hybrid workplace, people and data move around constantly and unpredictably. Organizations that succeed in this world are those that can “create a simple and consistent experience,” said Rayani, “and to create a balance between security and productivity.” This is crucial, as remote employees still need to access and share sensitive data with colleagues, but customers and business partners expect that data to be carefully protected. Meanwhile, organizations must protect against abuses including harassment and insider threats and numerous departments need data access to meet regulatory and legal requirements.
There’s no sign of hybrid work slowing. If anything, it’s gaining steam. More than half of employees are considering going hybrid or remote in the year ahead, according to a recent Microsoft Work Trend Index study. Security and compliance tools and processes need to keep up.
Click here to learn more about why hybrid work demands a unified solution for compliance and security.
The content is paid for and supplied by advertiser. The Washington Post newsroom was not involved in the creation of this content.
Content From
