The theme for our newsletter this month focuses in on the importance of data classification in helping to manage risk for sensitive data. With the proliferation of devices on the market today, many IT professionals I talk with struggle with how to manage sensitive data on end point devices. For some, data classification has already become a part of their culture and plays a role in managing their organization’s data. For others though, this is either a new concept or one that organizations struggle to implement.
Given the importance and relevance of this topic in today’s environment, we have published two papers that are recommended reading for any IT professional seeking to learn more about data classification and how it can help organizations better manage risk:
"Data Classification for Cloud Readiness" outlines the risks and issues that can be mitigated to ensure a smoother transition to a cloud service. The paper also discusses technologies such as encryption, rights management, and data loss prevention solutions and how their implementation has evolved in the cloud era. The paper’s appendix then identifies some of today’s top data classification regulations and compliance requirements.
"CISO Perspectives on Data Classification" provides insight from the chief information security officers (CISOs) of three organizations about key data classification issues and challenges, and how they have implemented data classification.
In addition to these materials, I would also suggest checking out the video from our Cloud Fundamentals Video Series titled " All Data is not Created Equal." If your organization has implemented a data classification process and believe others could benefit from your experiences, we want to hear from you. Please connect with us either through email or via Twitter @MSFTSecurity.
Best regards, Tim Rains, Director Microsoft Trustworthy Computing
Have feedback on how we can improve this newsletter? Email us at firstname.lastname@example.org share your ideas.
Now Available: EMET 5.0 Technical Preview Microsoft has released a new version of its Enhanced Mitigation Experience Toolkit (EMET), the EMET 5.0 Technical Preview. The new version offers new protections for enterprises that build on the 12 security mitigations included in version 4.1, for example, a new Attack Surface Reduction security mitigation and further refinements to Export Address Table Access Filtering (EAF). Learn how you can use the EMET 5.0 Technical Preview today to protect your software applications and better test and deploy security updates for applications that you run in your environment.
The NIST Cybersecurity Framework: A Significant Milestone towards Critical Infrastructure Resiliency Developed over the past year through collaboration between industry and government, the National Institute of Standards and Technology (NIST) Cybersecurity Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. Explore Microsoft’s involvement in the development of the framework, and learn how Microsoft’s approach to managing cybersecurity risks is consistent with the Cybersecurity Framework’s security and privacy guidance.
Dynamic Access Control with Windows Server 2012 Learn how you can apply data governance across your file servers to control who can access information and to audit who has accessed information with step-by-step guidance on how to plan for and deploy:
Microsoft Data Classification Toolkit If your organization is running Windows Server 2012 or Windows Server 2008 R2 Service Pack 1, the Data Classification Toolkit can help you identify, classify, and protect the data on your file servers. The out-of-the-box classification and rule examples included in the toolkit can also help you build and deploy policies to protect critical information on the file servers in your environment.
Plan for Automatic File Classification File Classification Infrastructure in Windows Server 2012 provides insight into your data by automating classification processes so that you can manage your data more effectively. Learn how to identify what information to classify in your environment, how to classify files, and how to export the configuration from a baseline computer to your file servers. Step-by-step deployment guidance is also available.
Microsoft Virtual Academy: Windows Azure Security Overview Familiarize yourself with the security mechanisms included with Windows Azure at the physical, network, host, application, and data layers, including the privacy, policies, infrastructure, and security mechanisms designed to protect customer data.
Overview of Office 365 for Government Wednesday, March 19, 2014 – 11:00AM Pacific Time Learn how Office 365 can help government employees collaborate and stay productive from anywhere with secure, cloud-based versions of familiar applications. Explore Office 365 and learn how Microsoft’s Government Community Cloud can help you increase productivity and reduce costs while keeping your data secure and compliant.
TechEd North America 2014 May 12-15, 2014 – Houston, Texas In 2014, Microsoft is bringing together the best of TechEd and the Microsoft Management Summit (MMS) to help skilled technology professionals increase their technical expertise, share best practices, and interaction with Microsoft and a variety of industry experts and their peers. Explore the security aspects of data platforms and business intelligence, datacenter and infrastructure management, people-centric IT, Windows (devices and Windows Phone), and much more. Register today.
This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.