Stop the sprawl

Data has been busy developing a reputation as many positive things.  It is, variously, capable of creating wealth out of thin air, endlessly refining legacy processes and a big part of artificial intelligence.

Not data sprawl.

What is data sprawl?

Data sprawl is the little talked about problem child, created when organisations have spent too long gradually losing control of enterprise information.

It is what happens to the overwhelming masses of typically unmonitored, yet potentially sensitive, data your organisation generates every day.  Data sprawl is the amalgamation of all the emails, documents, files and folders created, and shared as part of modern business and has been estimated to make up around 80% of all information in an organisation.

At best, it adds storage cost and drives down efficiency. At worst, it’s a security hazard.

Amplification 24/7, 365

Cloud-native applications like Microsoft 365 amplify this issue. Falling foul of the endless tug of war between UX and security, their underlying ethos is to make it easy for users to create and share data but, conversely, this only leads to more risk for security teams.

Consider the separate elements of Microsoft 365 which are, broadly, tools for capturing organisational IP in some form or another and then mechanisms for storing, collaborating or sharing this with one another.

While this clearly brings flexibility, it also means data can start unintentionally making its way across a variety of different and unwarranted channels and is a key challenge for any organisation looking to migrate to Microsoft 365.

The creation of policies is the best way of mitigating this risk, allowing security teams to define the; who, what, when, and where of your data.  A simple example might be defining who can create SharePoint instances or what actions users can take in OneDrive.

Care should be taken here to not be overly restrictive; Microsoft 365 is obviously a powerful productivity tool, so it is important to configure policies which don’t throttle this.

How to protect your business from data sprawl

Once these policies have been configured, suitable security products should be selected to ensure they are effectively enforced.

This is where CASB technologies are highly effective, providing insight into users and their activity on a granular level, they allow security teams to manage standard and privileged user access and actions across all business applications.

Deployed using agents on endpoints, gateways, or both, CASB can be implemented in a variety of configurations to match organisational need, while providing deep interrogation and analysis of individual user actions. With agent-based deployments organisations can accelerate the performance of Microsoft 365 and support Microsoft’s best practice advice to use direct-to-internet connections.

To ensure policies decrease exposure while also enabling productivity, application and activity risk can be categorised and managed according to individual users or groups as binary block all/allow all decisions are highly likely to be overly restrictive.

Want to give internal project teams a special level of access for a short period? Set up a new group with defined actions.  Have consultants on short term contracts? Assign only a low level of access to the specific files, folders and tools that let them get the job done.

Beyond just this, advanced CASB solutions also apply traditional security countermeasures such as content analysis for data loss prevention and protection from harmful content, as well as the ability to scan uploaded data for malware.

CASB is not only a powerful tool for stopping data sprawl in Microsoft 365, but for the entire catalogue of SaaS applications utilised in today’s cloud-heavy workspace, protecting everything from collaborative workplaces to cloud storage apps.

For more information on how to use CASB to address data sprawl in your organisation, visit the Defence365 hub.

Defence365 Vlog: How to deal with data sprawl in Microsoft 365