Data Security

InLigo’s Cybersecurity Framework: Microsoft 365 Identity and Data Security for Enhanced Cybersecurity Posture.

InLigo understands that effective security policies must be implemented consistently across the enterprise to protect information ecosystems and customers. Security policies must also account for variations in business functions and information systems to be universally applicable. To meet these requirements, InLigo implements a comprehensive security governance program as a part of the Microsoft Policy Framework.

InLigo can help guild you through best practices in building a proper data security plan.

WHAT IS YOUR SECURITY SCORE?

Identity Management and Access Control 

Access to assets and associated facilities is limited to authorized activities and transactions.

InLigo’s Discovery Questions

  1. Can a user access corporate data on their personal device?  
  2. Can a user save corporate data to their personal storage?  
  3. How do you prevent data leakage on a lost or stolen device?  
  4. How do you prevent data loss when an employee leaves the company or is fired?  
  5. Do users send documents and emails with sensitive company info to external users without you knowing?  
  6. How do you know if data is being accessed on a device with malware?  
  7. Are there certain sensitive documents you would not want shared between internal departments or groups? 

Microsoft 365 Solution 

  1. Azure Information Protection, Bitlocker, App Protection Policies, Data Loss Prevention Policies. 
  2. Identify, classify, protect. and monitor data access the organization. 
  3. Device encryption for Windows 10 and 11 devices. 
  4. Prevent data loss to personal cell phones.
  5. Automatically detect sensitive data.

Business Case 

A customer wants to ensure that all corporate documents are saved in a managed application like OneDrive. For these documents, they want to protect artifacts that have their customers credit card information. Currently users can save documents to any location like their personal Google Drive and copy corporate information to unmanaged Word documents. As the IT Pro, you can configure a Windows app protection policy for all applications in this customer’s environment that contain corporate data. Additionally, you can configure an Azure Information Protection label to apply to documents with credit card information. The policy you set for this label will prevent users from sending documents to users outside the organization. 

Action Items 

  1. Understand what device types you will support from a Mobile Device Management standpoint (Windows, macOS, iOS, Android). 
  2. Create a Compliance Policy for each Device type you defined above. For Windows 10 Devices, include requiring Bitlocker encryption as part of the compliance policy.
  3. Enroll Devices into MDM.
  4. Mobile application management creates an app protection policy for Windows, iOS, and Android devices.
  5. Create AIP Labels custom to the business needs.