Classify and protect sensitive data: focus on MIPLire l'article
19 February 2021
2020 will be remembered in particular for the explosion of home-working and, as a result, the use of communication and collaboration tools such as Teams, Zoom and Slack. How to maintain and control the accuracy of sharings and accesses to data.
A recent survey reporting on data compromises in 2020(1) shows that 67% of compromises are attributable to three types of attack: identity theft, human error and social engineering attacks. One thing is certain: users, through their digital tools, are becoming increasingly autonomous in managing company data, whether they are in the office or at home.
New uses of Office 365, Teams, and SharePoint are among the companies' central preoccupations. A strategic subject that concerns and involves several skills: digital workplace, support teams, IT, infra, application project managers, user managers, data protection managers (DPO, compliance), cyber or risk managers and, of course, the security teams… Not forgetting the employees who create and share data without always being able to control its impact.
Improving control over access, sharing and configurations on Office 365 means meeting two challenges:
The objective is, therefore, to reduce the vulnerabilities linked to this open environment and the facilitated use of collaboration tools.
The volume of data to be processed in this collaborative and mobile context is gigantic, and the changes are numerous and permanent.
users x applications x sharing x access + TIME
Finally, it is difficult for a user to know what is happening to their resources and data and to correct it. It also involves taking the time to visit each application (Teams, OneDrive, SharePoint, their email) to check who has rights or update those rights.
"In the context of collaboration, it is not the IT team or the Security team that is in charge; it is the user.» Marc Tournier, Eramet.
This demands a new paradigm . Users need to be part of the administration and security of data.
Indeed, if users adopt good practices in terms of security hygiene and rights management for their data, data security can be optimised.
We are asking users to be more involved, more aware, but they do not have the means to control and monitor what is happening.
For Jeremie Melato, Cybersecurity Expert, L'Oréal, an effective strategy is "educating the user by giving them the power to control, to be in command of their data"
And as F. Petrus Faurecia stresses, "It is easy to give access, but how can the user limit or withdraw access, particularly over time?".
Communicating effectively with users and empowering them is a crucial factor in engaging users in data security: their data’s security. To achieve this, an agile security system must be able to integrate the user at the heart of the security process.
Compared to traditional security systems, IDECSI offers a detection platform that is connected to its users. An approach capable of getting users involved in controlling access and sharing and giving them the visibility and the means to manage their own security. Each employee has a personal dashboard of their resources, all brought together in a user-friendly interface for a successful and engaging experience.
IDECSI technology collects and analyses operations in the Office 365 environment and its SharePoint, OneDrive, Teams applications and detects sensitive actions (new external sharing, synchronisation of an app, a new device, a new inbox rule and so on). As a result, these events can be communicated directly to their owner and corrected if necessary.
IDECSI goes beyond a technical solution and brings about significant development in the company's security, a strategic and cultural dimension that favours the adoption of digital tools, increases users' confidence in its tools and helps maintain a healthy environment over time.
(1) The Verizon 2020 study
Subscribe to our newsletter and receive new contents every month