By Erin Miyake

Recent research highlights a concerning trend: insider risks are surging. A majority of organizations encountered data breaches in the past year, with 63% of these breaches stemming from inadvertent or malicious insiders who had access to sensitive information. These internal threats pose a significant challenge to enterprise security.

Traditionally, organizations have struggled to handle the fragmented tooling landscape and one-size-fits-all controls they many times rely on to safeguard their data. However, this approach presents many challenges. The employment of multiple disconnected solutions complicates integration and efficacy of investigations, while standardized controls may either hinder legitimate business operations with their stringency or increase the risk of data breaches with looser restrictions. Striking the right balance is crucial. Enterprises are now seeking an automated approach that dynamically adjusts data security controls based on constantly evolving insider risk levels. Customers want a solution that adapts seamlessly, dialing up protection when needed and easing restrictions to enable legitimate business operations.

That’s where Adaptive Protection in Microsoft Purview comes in. Adaptive Protection helps you protect your organization’s data by integrating dynamic insider risk levels, determined by data related activities, with various policy engines to automatically move users in and out of policies as their risk levels change over time.

Back in March, we announced Adaptive Protection is now integrated with Conditional Access. This enables organizations to create Conditional Access polices to automatically add users to policies in response to insider risks levels.

Today, we are excited to announce the general availability of Adaptive Protection integration with Data Loss Prevention, which enables users to be automatically included in the scope of certain data loss policies based on insider risk levels.

Additionally, we are announcing the public preview of Adaptive Protection integration with Data Lifecycle Management, to protect against data sabotage scenarios by preserving deleted emails and files based on a user’s insider risk level.

Adaptive Protection integrated with Data Loss Prevention

Data security risk is dynamic and complex to manage in today's modern workplace with various constantly changing factors, including types of content, the people who interact with data, and the activities surrounding the data. Often, attempting to find the sweet spot between data protection and productivity can be a tedious balancing act. If controls are too strict, it could overload the security teams with an overwhelming number of DLP alerts and block legitimate business activities. Security teams that prefer less restrictive controls to minimize impact on productivity may leave themselves susceptible to the risk of data loss. And finetuning broad and static policies can often become a never-ending project that overwhelms security teams.

Leveraging Adaptive Protection and a user’s insider risk levels, Microsoft Purview DLP can automatically apply the right level of preventative controls as configured by admins – such as block, block with override, or audit with a warning. Admins, who are granted access to change, create, update and/or delete policies, can create more sophisticated and adaptive DLP policies across Exchange, Teams, and endpoints. For example, with Adaptive Protection, DLP can allow users in the minor or moderate risk level to receive policy tips for handling sensitive data, influencing positive behavior changes over time to reduce organizational data risks. For users in the elevated risk level, admins can use the stricter protection controls, such as blocking users from saving or sharing sensitive data, to minimize the impact of potential data incidents. By integrating Adaptive Protection with Data Loss Prevention, you can implement scalable, intelligent, and adaptable DLP policies without significant manual overhead and policy fine tuning.

Figure 1: Configure a DLP policy with ‘insider risk level’ in Adaptive Protection

Read the full post here: A new era in data security with dynamic controls to manage data access and mitigate risks