Blog Post

Security, Compliance, and Identity Blog
8 MIN READ

Strengthen your data security posture in the era of AI with Microsoft Purview

TalhahMir's avatar
TalhahMir
Icon for Microsoft rankMicrosoft
Nov 19, 2024

Explore how the new Microsoft Purview Data Security Posture Management can help you take your data security program to the next level

In today's complex digital landscape, organizations are often challenged with fragmented solutions, where visibility into sensitive data and its use may be siloed across different systems. Recent studies show that 21% of decision-makers cite the lack of consolidated and comprehensive visibility caused by disparate tools as their biggest challenge to an effective security posture[1]. This results in a lack of centralized understanding of risks when combined with an overwhelming volume of alerts, creates gaps in protective controls and inefficiencies in mitigating data security incidents. Ultimately, this hinders the organization’s ability to strengthen its data security posture.

Moreover, these challenges are only getting amplified with the rapid adoption of generative AI (GenAI) as organizations are racing to address data risks such as data leaks, data theft, data oversharing, and data compliance for GenAI use. 84% of organizations agree they need to do more to protect against the risky use of AI tools[2], making data security top of mind.

A key component of a strong data security posture is comprehensive and correlated visibility into type, location, and volume of sensitive data and user activities around the data. “By 2026, more than 20% of organizations will deploy DSPM technology, due to the urgent requirements to identify and locate previously unknown data repositories and to mitigate associated security and privacy risks".[3] Without this level of visibility and continuous risk assessment, businesses remain vulnerable to undetected data misuse, operational inefficiencies, and alert fatigue. ​

To meet this customer need, today we are excited to announce the public preview of Microsoft Purview Data Security Posture Management (DSPM) to provide visibility into data security risks and recommend controls to protect data. DSPM offers contextual insights into data, its usage, and continuous risk assessment of your evolving data landscape, helping to mitigate data risks and strengthen your data security posture.

DSPM is natively integrated with Microsoft 365 and Windows devices and does not require any additional agents or plugins, making it very easy to get started for both existing and new Purview customers. With DSPM, customers can discover risks, apply protections, as well as investigate and mitigate data security risks all within an integrated and seamlessly connected experience without having to stitch together multiple different products. And finally, DSPM leverages the power of generative AI through its deep integration with Security Copilot. With this integration, you can easily uncover risks that might not be immediately apparent and drive efficient and richer investigations - all in natural language. Data security admins can leverage DSPM as a starting point for a better understanding of their data security risks through:

  1. Centralized visibility: DSPM correlates signals from Information Protection (MIP), Insider Risk Management (IRM), and Data Loss Prevention (DLP) to provide top data security insights. Without DSPM, data security teams would have to spend time correlating insights across data and user context, which can lead to blind spots, inaccurate assessments, or different interpretations and prioritization of risks. With DSPM, your teams have a shared understanding of key risks provided through a series of analytics reports providing insights across location and type of sensitive data, risky user activities, and common exfiltration channels, as well as sensitive data detected in GenAI interactions. 
Figure 1: DSPM overview page provides centralized visibility across data, users, and activities, as well as access to reports
  1. Policy recommendations: In addition to providing insights, DSPM also provides actionable recommendations on policies that can make your data security program more effective. DSPM will provide scenario-based policy recommendations for Insider Risk Management and DLP, enabling teams to create integrated DLP and IRM policies with just a few clicks. For example,  DSPM can help you create an IRM policy that identifies risky behavior such as downgrading labels in documents followed by exfiltration, and a DLP policy to block that exfiltration at the same time. You can further fine-tune these policies through the existing policy experience in DLP and IRM.
Figure 2: IRM and DLP correlated policies being recommended by DSPM
  1. Continuous risk assessment and trends: DSPM also brings a view of historical trends and insights based on sensitivity labels applied, sensitive assets covered by at least one DLP policy, and potentially risky users. This supports the scale and continuous improvement of your data security program by helping your teams discover new data risks and understand if existing strategies and policies are being effective.

 

Figure 3: Trends on DSPM provide a historic view of how the efficiency of my data security posture

Supercharge DSPM with Security Copilot

With Security Copilot embedded in DSPM, organizations can gain more out of DSPM by accessing GenAI-powered insights in natural language. Data Security teams can conduct deeper investigations to better understand potential risks to their data. DSPM can help teams get started and prioritize their efforts through:

  1. Starting suggested prompts: These are contextually relevant insights for the top data risks in your organizations such as ‘Which sensitive files were shared outside the org from SharePoint last week?”. Right in the DSPM experience, your teams can see five categories such as ‘alerts to prioritize’, ‘sensitive data leaks detected’, ‘devices at risk’, and ‘risky sequenced activity’.
  2. Follow-up prompts: Building on the response to these starting prompts or user-entered open prompt, Copilot provides suggested prompts to guide you through a recommended path of investigation.
  3. Open prompts: You can further customize your analysis by using open prompts allowing you to explore investigations in many directions across data sets, alerts, users, and activities.

Security Copilot in DSPM enables teams to discover previously unseen risks and accelerate data security by suggesting scenarios and prompts that can help triage and prioritize risks. Through these guided investigations, Copilot makes it easy to onboard newer team members and drive greater efficiency for experienced team members.

Figure 4: Security Copilot supercharging and guiding investigation with starting suggested insights and follow-up prompt, and enabling open prompt

Let’s walk through a scenario to make DSPM real. We know that a data security admin receives around 60 alerts per day and can address only 50% of those alerts the same day. With so much to do, admins often don’t have time to assess which alerts to prioritize or to proactively identify improvements that would strengthen the organization’s data security posture. In this scenario, Anna is data security admin in an organization working on the very confidential project Obsidian, and she is focused on checking if there are data exfiltration risks to that project’s sensitive information.

  • On the DSPM reports, she can verify locations with unprotected files classified as ‘Project Obsidian,’ as well as the top risky user activities involving this project. These insights will help Anna fine-tune policies and identify abnormal behavior, such as departing users performing exfiltration activities with Project Obsidian data that exceed the organization’s average.
  • To go deeper into the risks she identified, she can ask Security Copilot ‘Which sensitive files were shared outside the org last week classified as Project Obsidian?’ to understand what specific data was impacted, and she can continue the investigation with suggested or open prompts.
  • And to then take quick actions to improve protections on Project Obsidian, Anna will find at the top of DSPM overview page an integrated recommendation for IRM and DLP policies to prevent sequential activities that might leak sensitive data, triggered by risks on this project.
Figure 5: Analytics report showing top risky activities on unprotected sensitive data, where I can see specific data involved

This is just the start! Currently, DSPM provides insights across your Microsoft 365 workloads and Windows devices. In the future, you will see us continue to add additional value to help you better understand and strengthen your data security posture across your data estate. Learn more about DSPM in our documentation and deep dive video. This capability will be available in public preview within the coming weeks.

Enhancing data security posture for Generative AI usage

As the adoption of GenAI grows, so is the need and urgency to protect data in GenAI. To do so,  organizations can use DSPM for AI (previously known as Microsoft Purview AI Hub), now in general availability. DSPM for AI is designed to help organizations secure, govern, and identify risks in the use of AI applications, including Microsoft's Copilot and other third-party AI tools. DSPM for AI offers ready-to-use policies to prevent data loss in AI prompts and it integrates with Microsoft's broader Purview features like sensitivity labeling, auditing, and data classification.

Today, we are also announcing the public preview of the new oversharing assessment for Microsoft 365 Copilot in DSPM for AI, to help customers discover sensitive information and locations with potential oversharing risk based on existing patterns. This report will also provide recommendations on how to protect sensitive data with labeling or permissions, and actionable alerts to monitor drift away from these policies and permissions, and it will reflect the new risky GenAI usage detection from IRM and Communication Compliance. Learn about our announcement for IRM in this blog.

Figure 6: New Oversharing report on DSPM for AI

This view leverages new Purview capabilities that aim to enable better data permission and protection configurations that will strongly impact data security around GenAI usage. Today we are announcing Purview DLP for Microsoft 365 Copilot, a new capability that provides data security admins with enhanced control over sensitive information shared with and by M365 Copilot, preventing it from processing files based on their sensitivity label and reducing risk of accidental oversharing of sensitive information. Learn more about this capability and our other DLP announcements in this blog.

Streamlining data security across solutions  

Protecting your organization’s crucial data and ensuring stronger data security is a practice that permeates other focus areas of your organization’s cybersecurity, such as cloud-native application protection. Microsoft Defender for Cloud is a Cloud Native Application Protection Platform (CNAPP) that leverages sensitive data insights from Microsoft Purview to provide capabilities that help you reduce risks for moving and interacting with sensitive data across hybrid and multi-cloud applications, improving threat detection and accelerating incident response. These capabilities include risk-based recommendations to strengthen data workload configurations, as well as identification and remediation of data risks in cloud environments with attack path analysis, allowing businesses to better prioritize vulnerabilities on their cloud applications and minimize operational inefficiencies.

In conclusion, DSPM and the other capabilities discussed in this blog represent a step forward in empowering organizations to securely unlock the potential of their data and make it easier than ever to navigate the complexities of data protection with confidence. Stay tuned for more updates, and don’t hesitate to explore these new features to see how they can enhance your organization’s data security posture.

Getting Started

You can get started with DSPM by visiting the Microsoft Purview portal. Microsoft 365 E5 customers will see DSPM in the tenants in the next couple of weeks. If you don’t have Microsoft 365 E5 subscription, you can activate your free trial, Microsoft 365 E3 subscription is required.  

To leverage the Security Copilot capabilities, contact your sales team to purchase SCUs (Security Copilot Units) and start exploring them in DSPM.

Additional Resources:

 

[1] Microsoft Data Security Index annual report highlights evolving generative AI security needs | Microsoft Security Blog

[2] Data security as a foundation for secure AI adoption – Microsoft Security (August 2024)

[3] Gartner®, Innovation Insight: Data Security Posture Management (March 2023). GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Updated Nov 22, 2024
Version 4.0
No CommentsBe the first to comment