Tools to Help Lasso Your Data
I recently wrote an article talking about the need to get a handle on your data—sooner rather than later. As I wrote the piece, I had one misgiving: I didn’t want to leave the reader in a lurch when it came to addressing the “how” question.
I was imagining someone saying, “All well and good, but how exactly do I go about finding my sensitive data?”
Happily, I’ve discovered some tools that will help. I’m still sifting through myriad linked documents that describe how to set these tools up. But here I want to highlight the tools and describe how they can help with discovery of sensitive information.
Azure Information Protection Scanner
The first tool is the Azure Information Protection Scanner. The key word here is “scanner.” We’re looking for something that can scan files, employ some pattern matching or other wizardry and serve up a list of files that have sensitive data worthy of classification and protection. The Azure Information Protection scanner runs as a service on Windows Server. It will discover, classify and protect files such as:
- Local folders that are resident on the Windows Server hosting the scanner
- UNC (Uniform Naming Convention) paths for network shares (e.g., \\server01\share) that use the Server Message Block protocol
- Site and libraries for SharePoint Server 2013 and 2016
So Azure Information Protection scanner is useful for finding (and classifying and protecting) data that is stored on your network. But what to do about the content that’s stored in the cloud? Aha! There’s a tool for that as well: Microsoft Cloud App Security and its cousin, Office 365 Cloud App Security. I’m going to talk about the latter, since a lot of our customers are using Office 365.
Office 365 Cloud App Security
If you’re wondering where Office 365 Cloud App Security came from, you’re not alone. In this case, the service is a re-branding of Office 365 Advanced Security Management. The service is included in the Office 365 Enterprise E5 subscription. You can also purchase a separate subscription, if you’re using another Office 365 Enterprise subscription (hello, E3!)
Office 365 Cloud App Security has a lot of valuable capabilities. I’m going to skip over two of those—policies and alerts—to get to cloud application usage. With Office 365 Cloud App Security, you can generate reports that capture usage in the organization of other cloud application services—ones that you may not have known were in use.
You generate Cloud App Security reports by grabbing the log files from your firewalls and web proxy servers. Next, you upload the log files to Cloud App Security. From here, Cloud App Security parses the information, analyzes the data, and generates a report for you to review.
You can see a “dashboard” style report that shows information such as top users of cloud applications, top IP addresses accessing those applications, and an assessment of their security risk. From that point, you can “drill down” to see more details on any of these report objects.
Good Progress, But More is Needed
These tools are a good step forward. Security professionals have to have automated methods to help them discover and act on sensitive content stored throughout the organization. After all, we’re paying these professionals for their expertise and decision-making; it’s a waste of resource to have them focused on collecting information.
These tools will help manage discovery in Windows Server environments. And given Microsoft’s share of the server Operating System (OS) market, that covers a lot of ground. But there are other server Operating Systems in the market, and we will need tools for those OS’s as well. Watch this space for more information on that topic.