Torsion Information Security Blog

Exploring the business and technical implications of information security.

Microsoft Interview Series: #2 What recommendations do you have when it comes to governing data access?

In the second edition of our Microsoft series, we asked Stefanie Jacobs of Microsoft 'What recommendations do you have when it comes to governing data access?'

Stef said: "There's a number of things that you can do. Originally it was all about keeping the bad stuff out and keeping the good stuff in. But for me, it is a little bit beyond that. It's not just about managing access to data and making sure that threats do not come into the perimeter of your information silos. It's about a number of technologies, a number of things that we need to worry about."

"I personally call this information control. A combination of encryption and rights management services in combination with data loss prevention technologies and also cloud application security. So making sure that even if something is not in the office 365 cloud, and if you move items into Google, into Amazon, into Dropbox or any of the other good cloud providers, that the data is protected, and that we have an audit trail of who's got access to what and who has permission to do things with the data as well. These are the key areas that I would advise customers to look at."

Watch Stef's answer in full:

I want to know more
close slider

Sounds interesting, send me a bit more info...