Data security: Start your journey with Microsoft Purview

In an era of rapid data growth and evolving regulations, managing and protecting your data effectively is paramount.

---

Organisations worldwide are generating vast volumes of data on a daily basis – and there’s no sign of a slowdown. In fact, according to research by Statista, global data creation is projected to grow to more than 180 zettabytes by 2025. To put this figure into perspective, remember that the average e-book is one megabyte: 180 zettabytes is thus equivalent to about 180 trillion e-books! Collectively, we’re creating a truly staggering amount of data – and it’s causing significant challenges in management and security.

For business organisations, in particular, this data explosion is a mixed blessing. On the one hand, data is a valuable asset that can be leveraged in myriad ways; on the other, it’s a resource that must be managed, organised and protected in line with strict national and international legislation. With laws like South Africa’s Protection of Personal Information Act (POPIA) and the European Union’s General Data Protection Regulation (GDPR), among others, governments and state entities are working to ensure that data privacy and data security are mandated as widely as possible. Today, it’s estimated that 75% of the global population has personal data covered under modern privacy and security rules.

To remain compliant with data regulations like POPIA and the GDPR, for example, you must be able to control and safeguard all data in your possession, no matter where that data lives or travels. You must also have full visibility across your data landscape and knowledge of the security risks around your data so that you can put robust defences in place. Data discovery, data classification and continuous monitoring are critical stages in this process.

The foundation of effective data management is data discovery: identifying and inventorying the data you’re collecting and storing across your entire data landscape (on-premises and in the cloud). When you know what kind of information you have in your possession – from personally identifiable information (PII) about your customers to financial information about your business – then it becomes easier to organise, manage and secure.

Using insights from data discovery, your next step is data classification. This process ensures your data is categorised based on sensitivity in order to facilitate the enforcement of protection controls, like data encryption and data loss prevention policies. Classification levels (eg, public, internal, confidential) have tailored protection controls and you can set specific rules, such as preventing external users from reading documents classified as internal, to control access to your data.

Continuous monitoring of your data landscape is vital to stay ahead of emerging risks and to maintain oversight of data usage by your employees. The sharp increase in the use of generative AI apps, for example, is a workplace trend that concerns IT leaders… it’s important to make sure that any such GenAI tool used in your organisation is secure – so you know your sensitive data is handled responsibly and in line with the data protection regulations you are bound by.

Quick tip | Microsoft lists more than 400 GenAI applications – and their risk score in terms of compliance – through the Microsoft Defender for Cloud Apps service. It’s a good place to start if you want to understand your potential exposure as a result of GenAI app usage by your teams.

To address the challenges of data management and protection, Microsoft offers Microsoft Purview, a comprehensive data governance and compliance solution with several key features and benefits, including:

Data discovery and data classification: Purview can scan and inventory data across your on-premises, multicloud and SaaS environments. It can also automatically classify your data based on sensitive information types such as PII, financial data, health records and more.

Data governance: Purview can create a centralised data catalogue to make it easier for your data custodians and users to discover, understand and consume data assets. It can also track data lineage to give you visibility into data origins, transformation and usage.

Data protection and compliance: Purview allows you to define and enforce data protection policies to ensure compliance with regional regulations such as the GDPR and industry regulations such as the Health Insurance Portability and Accountability Act. Purview can also help you identify and mitigate data risks by providing insights into data usage patterns and access controls.

Insights and reporting: Purview offers advanced analytics and reporting tools to help you monitor data usage, compliance status and policy effectiveness. Detailed audit logs track data access and modification activities, supporting forensic analysis and compliance reporting.

Integration and extensibility: Purview integrates seamlessly with Microsoft 365 applications like SharePoint, OneDrive and Teams, and supports third-party applications through APIs and pre-built connectors.

Data security is a critical part of overall organisational security, but the surge in data creation, the rise of GenAI technologies, the use of diverse cloud services and personal devices, and the globe’s evolving data laws have made it more difficult to manage digital information properly. Fortunately, with single-pane-of-glass solutions like Microsoft Purview, you can monitor, control and govern your business data to ensure security and compliance.

BUI Technical Consultant Kelvin Ngware specialises in cloud-based cyber security, identity, compliance and governance solutions for business and enterprise organisations.