Fear of the delete button – Microsoft and compliance – Stefanie Jacobs – Ep69

Compliance of data continues to trouble many business execs, whether IT focused or not, it is high on the agenda for most organisations. Anyone who has listened to this show in the past will know, while technology only plays a small part in a building an organisations compliance programme, it can play a significant part in their ability to execute it.

A few weeks ago I wrote an article as part of the “Building a modern data platform” series, this article Building a modern data platform “prevention” focussed on how Microsoft Office365 could aide an organisation in preventing the loss of data, either accidental or malicious. This article explains how Microsoft have some excellent, if not well known tools, inside Office365 including a number of predefined templates which when enabled allow us to deploy a range of governance and control capabilities quickly and easily, immediately improving an organisations ability to execute its compliance plans and reduce the risk of data leaks.

This got me to thinking, what else do Microsoft have in their portfolio that people don’t know about? What is their approach to business compliance and can that help organisations to more effectively deliver their compliance plans?

This episode of the podcast explores that exact topic, this is a show I’ve wanted to do for a while and finally have found the right person to help explore Microsoft’s approach and what tools are quickly and easily available to help us deliver robust compliance.

This week’s guest is Stefanie Jacobs, a Technology Solutions Professional at Microsoft, with 18 years’ experience in compliance. Stefanie, who has the fantastic twitter handle of @GDPRQueen, shares with fantastic enthusiasm the importance of compliance, Microsoft’s approach and how their technology is enabling organisations to make compliance a key part of their business strategy.

In this episode we explore all the compliance areas you’d ever want, including the dreaded “fear of the delete button”. Stefanie shares Microsoft’s view of compliance and how it took them a while to realise that security and compliance are different things.

We talk about people, the importance of education and shared responsibility. We also look at the triangle of compliance, people, process and technology. Stefanie explains the importance of terminology and understanding exactly what we mean when we discuss compliance.

We also discuss Microsoft’s 4 steps to developing a compliance strategy, before we delve into some of the technology they have available to help underpin your compliance strategy, especially the security and compliance section of Office365.

We wrap up with a chat on what a regulator looks for when you have had a data breach and also what Joan Collins has to do with compliance!

Finally, Stefanie provides some guidance on the first steps you can take as you develop your compliance strategy.

Stefanie is a great guest, with a real enthusiasm for compliance and how Microsoft can help you deliver your strategy.

To find out more about how Microsoft can help with compliance you can visit both their Service Trust and GDPR Assessment portals.

You can contact Stefanie via email Stefanie.jacobs@microsoft.com as well as follow her on twitter @GDPRQueen.

Thanks for listening

If you enjoyed the show, why not subscribe, you’ll find Techstringy Tech Interviews in all good homes of podcasts.

While you are here, why not check out a challenge I’m undertaking with Mrs Techstringy to raise money for the Marie Curie charity here in the UK, you can find the details here.

Advertisements

Simplify My Data Leak Prevention

data_theftA little while back I wrote a post about how important it is to stop making technology so hard (feel free to have a look back here) and that successful technology delivers what people need.

How do we do that? by giving them technology that just simply works, I’ve written a few times about the OAP Internet Virgins show on Sky, here in the UK, which gave older folk an iPad and taught them how this simple bit of well designed technology could work and how it truly changes lives in a host of these cases.

Well I also said i’d give some examples of where I’ve seen simplification of technology have real benefit, however since that promise, times have been hectic, traveling, presenting, doing press and video interviews, a podcast debut and my actual job, all that got in the way of my good blogging intentions!

Well in the midst of all that was a presentation I was asked to do by Microsoft to the Institute of Financial accountants, the topic of which was data security. The idea been to give these predominantly small business owners some tips on how to secure their most critical business asset, their data. Just because these where small businesses, it doesn’t make their data any less critical than the very largest enterprise. However these guys potentially have a much bigger problem, they are financial services people not IT people and the idea that they need complex technology solutions to stop them losing critical data would mean that, in reality, they never would have that option and that’s not the way it’s supposed to work, technology should be an enabler and help us do things better, smarter, easier and shouldn’t be bound by budget, or in-depth IT skills.

Well what have all these things go to do with making things simpler?

Take a bow Office365, Microsoft do lots of really good stuff on their cloud platforms, across 365 and Azure, it’s what you’d expect from a hyperscale cloud provider. One of the things that cloud does is help to greatly simplify IT deployment, need a new server, go to the portal click go and up it comes, need storage, select what you need and like technology magic these things appear, the behind the scenes technology is very complex, but to you the user, it looks a doddle and that is exactly how it should be.

How does that relate back to our our finance friends?

During our event we focussed on a number of areas that you should look at as part of a data leak prevention strategy.

data protection areas

Now some of those things are practical things you can do, sole trader or huge corporate, but some of these areas are more tricky.

If we wind back 5 years or so, how many businesses of all sizes, found some or all of the above areas a real challenge, both technically and commercially.

Technology to address all of these things of course has been around for ages, but let’s just pick on one area and show how cloud and Office365 specifically has made something so much simpler, both technically and commercially.

I remember sitting in a presentation a few years ago showing the power of information rights management (IRM) in a Microsoft infrastructure, for those not familiar, this is a really powerful ability, where you can start building rules into your document work flows and applications to stop important and sensitive information being shared in ways it shouldn’t.

Let’s give an example, how many of us have accidentally emailed the wrong person thanks to auto addresses? I know i have, now normally you are emailing something relatively harmless, but a few months back, I was accidentally sent someone’s personal financial information, as I shared the first name of their financial adviser.

How do we stop that? Well that’s what IRM is there for, IRM would either have rules in the document or rules in exchange that would stop information leaving the safety of your internal systems by mistake.

Brilliant, so why don’t lots of people do it? Because it’s to hard, it’s complex and expensive to set up on-prem.

“But I’d love that kind of capability” I hear you shout, well step forward the bright world of cloud based service, specifically in this case Office365 and Azure.

As we look in our 365 management portal, what’s this handy little option?

rights management

When we click into manage, we get the opportunity to activate rights management, if it’s not already running, and when you click activate – that’s kind of it, your organisation now has rights management enabled for it’s Office365 estate.

What does that mean?

We can now add data security policies to a whole range of documents and emails, so yes, there is a bit of configuration (don’t be afraid to ask for some skilled advice here) but to get you started there is a range of preconfigured templates ready to roll.

ILM Templates

Once enabled, then you have ILM implemented and usable in your business productivity applications.

ILM in Word

There it is, now sat as an option in Word, where you can simply add rights management controls and apply protection templates to your sensitive company info.

Enabling this in your organisation also opens up capabilities into tools like Exchange and SharePoint Online.

For me this is a great example of how cloud technology can hugely simplify, what in reality, is a complex bit of technology too setup.

That is the power of well built cloud (whether that’s private, public or hybrid), making technology deployment quick and easy to deliver and in many businesses allowing you to enable technology that, in a more traditional model, would be too complex or expensive.

It is this kind of approach that is revolutionising the IT industry at the minute, and for all of us in the industry we need to understand this, whether we create applications, architect them or even consult on them. To meet the challenges in the modern business regardless of how complex and challenging it may be behind the scenes.

There’s the challenge for us all!

Like I said at the beginning of this, when working with our financial services friends, their data is just as important as everyone else’s and they shouldn’t be excluded from solutions to their business challenges by complexity and cost, now should they!

If you’re looking for Information Rights Management as part of your data leak prevention strategy, hopefully this post has given you some ideas of how this is not out of your reach either technically or commercially by utilising cloud services where appropriate.

Any questions, feel free to give me a shout on Twitter, LinkedIn or via the comments section here and we can swap some ideas.

Thanks for reading.

Want to know more – try these

What is Azure Rights Management (Technet Article)

What is Azure Rights Management Overview (Short Video)