Year on year, workplace security has become an increasing concern and focus for global businesses.
According to Gartner, worldwide spending on information security products and services has been rising drastically, from $114 billion in 2018 to an expected $123.8 billion by the end of 2020.
Fuelling this exponential growth are the usual suspects – there’s the increasingly sophisticated nature of cyberattacks, with headline-grabbing data breaches involving the likes of Boeing, Facebook, and Yahoo, and the increasing costs of security hacks (IBM’s 2020 data security report estimates the global average cost of a data breach is $3.86 million).
Then this year, a new factor was added to the mix, as Jane Haapoja, Commercial Product Lead at Templafy, explains:
“Following COVID, we saw digital projects initially forecast for the next five years immediately fast-tracked. With an increase in people working from home and all communication moving online, enterprises were suddenly creating a lot more documents than usual.
This rise in document creation and management meant employee workflow security became a number one priority. Businesses had to examine each process in their new operating model in terms of infrastructure and human error issues.
Most companies quickly realized sending documents was an area that demanded attention. Employees were using various devices, different online channels, and handling sensitive information that previously existed solely within company walls or safeguarded workstreams.
That’s why we’ve seen a huge rush of interest around Microsoft’s Azure Information Protection and have been working with more and more clients to help them both understand the feature, and also demonstrate how Templafy works with the service to enhance document security further.”
In this article
What is Azure Information Protection?
Azure Information Protection (AIP) is a cloud-based solution that enables businesses to classify and protect their documents and emails.
The Microsoft solution is available within content creation applications such as Word and Outlook, and uses two key processes, data classification and rights management, to identify and safeguard a company’s sensitive information.
How does AIP use classification and labels?
AIP’s data classification process involves using labels to classify the sensitivity of information. When creating or saving documents, users are presented with labels such as Personal, Public, Internal, Draft, General, or Confidential, and they must select the option most suitable for the content they’re producing.
These labels can be applied manually by employees, automatically if set up by admins, or through using a mix of both approaches. For example, an admin can use the AIP portal to set up a rule which assigns a Confidential label to any document containing an email address, or specific keywords. Admins can also create custom labels (known as scoped policies) for particular groups of users.
Depending on the label selected, clear text metadata is then embedded in the document. This metadata permanently attaches to the document, following it throughout its lifecycle. Enterprises can track this information and control and analyze who accesses the file.
The document’s metadata also acts as a signal to additional classification features such as visual markings. Visual markings include document headers, footers, disclaimers, or watermarks, which are automatically generated based on the label selected. These visible classification markers help remind document creators and recipients of the nature of the information they are handling and prompt them to treat the information accordingly.
What is Azure Rights Management?
Once information is classified, another layer of protection kicks in through AIP’s integration with Azure Rights Management (Azure RMS).
Azure RMS uses encryption, identity, and authorization policies to control who can access a document’s information. These settings include restricting a user’s editing options, making the file read-only, and preventing a document’s printing.
Operating in a similar way as AIP’s labels, Azure RMS’ encryption stays with a document no matter where it goes or who it is sent to, maintaining the file’s security elements throughout its lifecycle.
When AIP classification and rights management combine
So what do AIP’s classification and rights management functions look like when combined? Imagine this scenario:
You want to create a quarterly sales report that contains highly confidential information and should be read by your colleagues only. Using Azure Information Protection, you’d choose the “Internal” label from the label ribbon in Word and save the document. Relevant metadata is then added to the file along with a header, footer, and watermark indicating the information’s sensitive nature.
Pre-configured by content admins, the Internal label and its metadata then trigger AIP’s rights management process. The document is encrypted with access settings, making the report read-only and preventing it from being printed.
Readily working with Azure’s suite of cloud-hosted services, AIP settings have also been pre-programmed to integrate with additional protection measures offered by Outlook. On receiving the metadata and encryption, Outlook blocks any emails sent to external email addresses or encrypts the email, so no third party information is circulated outside of your organization.
The end result? Greater control, protection, and oversight of enterprise-wide document security.
Templafy and AIP: making everyday security seamless
There is no doubt that AIP is a powerful and essential tool for any business that creates, manages, and sends important documents. However, as Jane Haapoja explains, there is one fundamental issue with the solution:
“The problem with AIP is the solution relies on busy employees to really care about the classification process. With people creating more and more documents each day, this regular implementation understandably doesn’t always take priority and can lead to issues of human error.
This volume and variety of enterprise content also mean admins can’t always predict the type of information that will be created and, therefore, can’t automate AIP’s security measures 100% of the time.”
At Templafy, we’ve worked with Microsoft’s classification features since day one. We work well with AIP functionality to address the services sticking points, embedding the protection process into everyday workflows.
Below, Jane takes us through three ways that Templafy’s advanced capabilities work with Azure Information Protection to optimize document creation security.
1. Building AIP into each document
“The way we’ve built Templafy means that, at a company’s request, every document an employee creates can contain a classification label.
When you start the document creation process using Templafy Dynamics, you’re asked to fill out a short questionnaire from within the application you’re using, such as Word or PowerPoint.
Submitting a few quick answers generates a dynamic template pre-populated with brand-compliant elements, including formatting, branding, and personal information.
The questionnaire also requires the user to select a classification label if they want to proceed to the next document creation stage. By simply selecting the classification option from within the questionnaire, Templafy populates all the metadata needed to protect the document.
This active prompt forces employees to give some thought to document classification, making Azure Information protection for Office 365 part of an employee’s workflow.”
2. Managing visual security markers
“Templafy’s dynamic templating technology is extremely effective at not just managing but enhancing security-related visual markers and content. Our solution goes much further than native Azure Information management and protection features to apply advanced and customized visual markers. These additional security assets are bespoke to each template and adhere to a company’s latest legal and brand guidelines.
With minimal or no IT involvement, admins can easily update brand assets and company information in the Templafy Admin Center and roll these changes out enterprise-wide for each template where the assets are used dynamically at the click of a button. This means a document will always contain up-to-date assets, such as logos, fonts, color palettes, and legal disclaimers.
Particularly in the case of legal disclaimers, this additional compliance feature adds an extra layer of security to each document, ruling out the possibility of employees circulating out-of-date information.”
3. Applying permission settings
“Applying the rights management part of AIP’s process is also possible with Templafy’s centralized dashboard. We are working on adding additional security features to the Templafy platform, so automating classifications based on employee information permission settings is a function that is easily applicable from within our solution.
Admins can access the interface to assign specific rights to different users and departments. Document templates will be assigned a default classification related to the user profile information of the creator. For example, documents created by senior management could be set as confidential, read-only or content produced by an IT department could be marked as internal-only.
We are also working on adding additional security features to the Templafy platform to make automating permission settings an easily applicable function from within our solution.”
Read next: Enterprise mobility management: ensure security in a digital age
Future-proofing document security
The way Templafy works together with AIP capabilities essentially acts as a sort of insurance. For example, preventing any internal documents from being sent to external recipients. By seamlessly integrating these aspects of document security into an employee’s workflow, we ensure document information is kept as safe as possible.
“It’s also important to note,” adds Jane, “that these document security solutions aren’t a one-size-fits-all model. Some enterprises require much more in-depth activity than others, for example, who mainly use AIP to classify drafts and live documents. Again, this is where Templafy can provide tailored support to ensure the right level of security is always in place.
Microsoft is continuously advancing its document security solutions, so our Product Team is continually reviewing our security features to deliver maximum compliance when it comes to everyday content creation.
Azure Information Protection is just one of the solutions that Templafy supports. If you’re not a Microsoft user, our platform can also integrate and enhance most other Data Loss Prevention systems, benefitting your company’s security measures in the same way.”
summary
Keeping documents safe with Azure Information Protection
Azure Information Protection (AIP) is a cloud-based solution that enables businesses to classify and protect documents and emails. Available within content creation applications such as Microsoft Word and Outlook, the Microsoft solution uses two key processes, data classification and rights management, to identify and safeguard a company’s sensitive information.