Found 1 bookmarks
Custom sorting
Strengthen your data security posture in the era of AI with Microsoft Purview
Strengthen your data security posture in the era of AI with Microsoft Purview
In today's complex digital landscape, organizations are often challenged with fragmented solutions, where visibility into sensitive data and its use may be siloed across different systems. Recent studies show that 21% of decision-makers cite the lack of consolidated and comprehensive visibility caused by disparate tools as their biggest challenge to an effective security posture[1]. This results in a lack of centralized understanding of risks when combined with an overwhelming volume of alerts, creates gaps in protective controls and inefficiencies in mitigating data security incidents. Ultimately, this hinders the organization’s ability to strengthen its data security posture. Moreover, these challenges are only getting amplified with the rapid adoption of generative AI (GenAI) as organizations are racing to address data risks such as data leaks, data theft, data oversharing, and data compliance for GenAI use. 84% of organizations agree they need to do more to protect against the risky use of AI tools[2], making data security top of mind. A key component of a strong data security posture is comprehensive and correlated visibility into type, location, and volume of sensitive data and user activities around the data. “By 2026, more than 20% of organizations will deploy DSPM technology, due to the urgent requirements to identify and locate previously unknown data repositories and to mitigate associated security and privacy risks".[3] Without this level of visibility and continuous risk assessment, businesses remain vulnerable to undetected data misuse, operational inefficiencies, and alert fatigue. ​ To meet this customer need, today we are excited to announce the public preview of Microsoft Purview Data Security Posture Management (DSPM) to provide visibility into data security risks and recommend controls to protect data. DSPM offers contextual insights into data, its usage, and continuous risk assessment of your evolving data landscape, helping to mitigate data risks and strengthen your data security posture. DSPM is natively integrated with Microsoft 365 and Windows devices and does not require any additional agents or plugins, making it very easy to get started for both existing and new Purview customers. With DSPM, customers can discover risks, apply protections, as well as investigate and mitigate data security risks all within an integrated and seamlessly connected experience without having to stitch together multiple different products. And finally, DSPM leverages the power of generative AI through its deep integration with Security Copilot. With this integration, you can easily uncover risks that might not be immediately apparent and drive efficient and richer investigations - all in natural language. Data security admins can leverage DSPM as a starting point for a better understanding of their data security risks through: Centralized visibility: DSPM correlates signals from Information Protection (MIP), Insider Risk Management (IRM), and Data Loss Prevention (DLP) to provide top data security insights. Without DSPM, data security teams would have to spend time correlating insights across data and user context, which can lead to blind spots, inaccurate assessments, or different interpretations and prioritization of risks. With DSPM, your teams have a shared understanding of key risks provided through a series of analytics reports providing insights across location and type of sensitive data, risky user activities, and common exfiltration channels, as well as sensitive data detected in GenAI interactions.  Figure 1: DSPM overview page provides centralized visibility across data, users, and activities, as well as access to reports Policy recommendations: In addition to providing insights, DSPM also provides actionable recommendations on policies that can make your data security program more effective. DSPM will provide scenario-based policy recommendations for Insider Risk Management and DLP, enabling teams to create integrated DLP and IRM policies with just a few clicks. For example,  DSPM can help you create an IRM policy that identifies risky behavior such as downgrading labels in documents followed by exfiltration, and a DLP policy to block that exfiltration at the same time. You can further fine-tune these policies through the existing policy experience in DLP and IRM. Figure 2: IRM and DLP correlated policies being recommended by DSPM Continuous risk assessment and trends: DSPM also brings a view of historical trends and insights based on sensitivity labels applied, sensitive assets covered by at least one DLP policy, and potentially risky users. This supports the scale and continuous improvement of your data security program by helping your teams discover new data risks and understand if existing strategies and policies are being effective.   Figure 3: Trends on DSPM provide a historic view of how the efficiency of my data security posture Supercharge DSPM with Security Copilot With Security Copilot embedded in DSPM, organizations can gain more out of DSPM by accessing GenAI-powered insights in natural language. Data Security teams can conduct deeper investigations to better understand potential risks to their data. DSPM can help teams get started and prioritize their efforts through: Starting suggested prompts: These are contextually relevant insights for the top data risks in your organizations such as ‘Which sensitive files were shared outside the org from SharePoint last week?”. Right in the DSPM experience, your teams can see five categories such as ‘alerts to prioritize’, ‘sensitive data leaks detected’, ‘devices at risk’, and ‘risky sequenced activity’. Follow-up prompts: Building on the response to these starting prompts or user-entered open prompt, Copilot provides suggested prompts to guide you through a recommended path of investigation. Open prompts: You can further customize your analysis by using open prompts allowing you to explore investigations in many directions across data sets, alerts, users, and activities. Security Copilot in DSPM enables teams to discover previously unseen risks and accelerate data security by suggesting scenarios and prompts that can help triage and prioritize risks. Through these guided investigations, Copilot makes it easy to onboard newer team members and drive greater efficiency for experienced team members. Figure 4: Security Copilot supercharging and guiding investigation with starting suggested insights and follow-up prompt, and enabling open prompt Let’s walk through a scenario to make DSPM real. We know that a data security admin receives around 60 alerts per day and can address only 50% of those alerts the same day. With so much to do, admins often don’t have time to assess which alerts to prioritize or to proactively identify improvements that would strengthen the organization’s data security posture. In this scenario, Anna is data security admin in an organization working on the very confidential project Obsidian, and she is focused on checking if there are data exfiltration risks to that project’s sensitive information. On the DSPM reports, she can verify locations with unprotected files classified as ‘Project Obsidian,’ as well as the top risky user activities involving this project. These insights will help Anna fine-tune policies and identify abnormal behavior, such as departing users performing exfiltration activities with Project Obsidian data that exceed the organization’s average. To go deeper into the risks she identified, she can ask Security Copilot ‘Which sensitive files were shared outside the org last week classified as Project Obsidian?’ to understand what specific data was impacted, and she can continue the investigation with suggested or open prompts. And to then take quick actions to improve protections on Project Obsidian, Anna will find at the top of DSPM overview page an integrated recommendation for IRM and DLP policies to prevent sequential activities that might leak sensitive data, triggered by risks on this project. Figure 5: Analytics report showing top risky activities on unprotected sensitive data, where I can see specific data involved This is just the start! Currently, DSPM provides insights across your Microsoft 365 workloads and Windows devices. In the future, you will see us continue to add additional value to help you better understand and strengthen your data security posture across your data estate. Learn more about DSPM in our documentation and deep dive video. This capability will be available in public preview within the coming weeks. Enhancing data security posture for Generative AI usage As the adoption of GenAI grows, so is the need and urgency to protect data in GenAI. To do so,  organizations can use DSPM for AI (previously known as Microsoft Purview AI Hub), now in general availability. DSPM for AI is designed to help organizations secure, govern, and identify risks in the use of AI applications, including Microsoft's Copilot and other third-party AI tools. DSPM for AI offers ready-to-use policies to prevent data loss in AI prompts and it integrates with Microsoft's broader Purview features like sensitivity labeling, auditing, and data classification. Today, we are also announcing the public preview of the new oversharing assessment for Microsoft 365 Copilot in DSPM for AI, to help customers discover sensitive information and locations with potential oversharing risk based on existing patterns. This report will also provide recommendations on how to protect sensitive data with labeling or permissions, and actionable alerts to monitor drift away from these policies and permissions, and it will reflect the new risky GenAI usage detection from IRM and Communication Compliance. Learn about our announcement for IRM in this blog. Figure 6: New Oversharing report on DSPM for AI This view leverages new Purview capabilities that aim to enable better data permission and prot
·techcommunity.microsoft.com·
Strengthen your data security posture in the era of AI with Microsoft Purview