> Read this post in Dutch
Risks and opportunities
Since the World Health Organization (WHO) has declared the Corona outbreak a pandemic, working from home has become a standard practice for many people. More than ever before, employees depend on digital workplaces provided by their employer. The modern workplace provides various cloud services to equip employees with all the necessities to be productive and successful for the organization, even when they are not physically present. The pressure from this new situation falls on IT professionals. They need to ensure that everything runs smoothly, so that everyone can experience the same quality of service, when working from home. Hence the IT department is constantly looking for a balance between productivity and security.
Organizations that were hesitant to migrate to the cloud have now fully converted and are deploying Microsoft Teams to provide a modern and smart service so that employees can work together remotely. The adoption of Office 365 services has been forced by these special circumstances and the acceptance of, for example, Microsoft Teams seems to be enhanced as well. Unfortunately, in this situation, there is hardly any time left for a detailed planning for security agreements and rules for sharing sensitive information. Organizations run considerable risks when they do not properly implement information classification and security from scratch.
The importance of secure information
An important question that arises when using cloud services is whether sensitive information can be safely stored in the cloud: “Is the information also safe when employees download it or store it in other applications?” and “Are all employee devices managed by the organization so that stored company information remains secure at all times?” These questions are very important to security and compliance officers, because they are the ones responsible for the secure provision of information within the organizational network. In the Microsoft cloud, various security controls are available to take preventive measures, so that, when starting from a greenfield situation, all sensitive information is protected. However, it is unrealistic to think that all sensitive information flows in the cloud are immediately properly classified and encrypted.
Detect sensitive information with Cognni
Cognni is an information intelligence company based in Israel that has developed software to complement Office 365. Cognni uses smart technology to detect sensitive information within Office 365. Cognni provides added value for organizations that currently do not know where their sensitive information is stored or shared. To this end, Cognni’s solution can detect how sensitive information is shared within Office 365. The Cognni dashboard shows security and compliance officers what type of information is shared, both within the company and to sources outside the organization. This enables security officers to selectively protect information and implement appropriate security measures.
Figure 1: The Cognni radar which contains a high-level overview of the detected sensitive information.
“Cognni gives organizations instant insight into sensitive information flows. It detects where vulnerable information is stored and where this information is shared or moved to.”
Insights based on Machine Learning and Cognitive Intelligence
Cognni uses machine learning (cognitive intelligence) to scan the content of information and then divides it into recognizable subjects. Classification can also be influenced and expanded so that information can be labelled correctly. In organizations we often see that security and compliance officers spend a lot of time having conversations with the business users to discover where sensitive information is used and processed. Use cases need to be determined in order to apply final information classification as well as information security. With the deployment of Cognni they can save a lot of time, because they now access a dashboard with insights gathered autonomously, which they can see immediately. This enables security and compliance officers to act effectively and implement targeted security measures.
Figure 2: Cognni dashboard with detailed information about risky sharing.
“Security and compliance officers now have a tool in their hands to trace sensitive information and take targeted security measures. This saves an enormous amount of time in determining use cases for the deployment of Microsoft Information Protection”.
Conclusion
Would you like to know more about how Cognni can support your organization in making sensitive information transparent? Or would you like to use Cognni to generate an overview, in which your company data is mapped? Our security team at InSpark can participate and contribute in the thought process; we can help you. The onboarding of your Office 365 environment can be completed within half an hour. This way we offer your security and compliance officers a tool to detect sensitive information in the cloud and secure company information in a targeted way. Don’t hesitate to contact us! Rely on the security options in the cloud and use smart tools like Cognni to be in control. Know where your sensitive information is stored, and which information flows are vulnerable, to keep your information safe.
