Microsoft bakes data protection into Exchange Server
By Tony Bradley, PCWorldOct 1, 2012 12:12 pm PDT
The world of Microsoft messaging recently took over Orlando, Florida, for the Microsoft Exchange Conference 2012. MEC 2012 was the first conference Microsoft has hosted that’s completely dedicated to Exchange in 10 years, and it brought a lot of big news—especially around protecting and managing the sensitive data that passes through Exchange.
As a central hub of messaging, Exchange Server is the primary conduit of information for most companies. Data flows in and out in the form of email messages and file attachments. The challenge for businesses is to establish and enforce policies about what types of information can be sent via email, to have the tools in place to monitor data flowing out, and to ensure sensitive information isn’t intentionally compromised or inadvertently exposed.
While most computer and network security initiatives revolve around blocking unauthorized access and preventing attacks from third-party evil-doers, the vast majority of data breaches result from authorized users either intentionally or inadvertently sending out sensitive information. A report on the cost of data breachesfrom the Ponemon Institute earlier this year declared, “As we wrote about last year, insider threats are still huge and their negligence is still the root cause—and biggest cost—of many breaches.”
Microsoft has taken notice, and it’s stepping up the data protection features of Exchange Server to give IT admins the tools to keep sensitive data safe and secure. Companies need to have data protection policies in place, and users need to be educated in proper data handling procedures. But it also helps to have DLP (data loss prevention) tools in place to prevent sensitive information from falling through the cracks before it becomes a data breach.
IT admins can set DLP policies in Exchange. If a message with sensitive information is detected, the DLP protection can perform a variety of actions, including applying IRM (Information Rights Management) rules, appending a disclaimer to the message, flagging the message for moderation, or blocking it from going out. The Exchange DLP controls also work with the new Outlook Policy Tips feature to alert users of potential data policy violations before the message is even sent.
The enhanced data protection features of Exchange don’t stop there, either. Exchange also has new archiving, data retention, and eDiscovery features that make it easier to manage the massive volumes of messaging data, and to quickly find specific messages from deep in the archive.
Data loss prevention and eDiscovery are already established cottage industries of their own. As with any baked-in tools, you can probably find more robust, comprehensive third-party tools. Still, the data protection features of Exchange will probably suffice for many organizations.