Data Governance is a critical component for any organization if they wish to secure, protect, and manage their data effectively. It is an on-going process of evaluation that always asks the same questions:
Spyglass systematically goes through these and other questions to come up with detailed governance plans that can be implemented using M365 technologies to find, label, classify, protect, and retain data for the appropriate amounts of time. Some of the controls that are deployed are outlined in more details below, but Spyglass has leveraged these and others to successfully implement governance controls that meets or exceeds an organization’s data protection needs and helps to mature their overall data governance posture.
DLP is essential for detecting when Sensitive Information Types (SITs) are being interacted with or created throughout the environment. They can then be used to associate specific actions when the appropriate conditions are triggered. These can be based on the hundreds of already created templates or off of custom policies.
Retention is used to accomplish making sure data is kept and is searchable for a certain amount of time and that the data is removed after that amount of time is reached. This can happen through either policies or by leveraging labels. Labels can be used to trigger things like disposition, power automate workflows, or other actions.
The ability to be able to add meta data to data to help search for and add additional protection like encryption to the file is crucial. Classifications and Sensitivity labelling allow for users to quickly add data governance while allowing administrators to automatically apply the correct level of permissions and protections necessary.
Insider Risk Management focuses on threats from internal users. It accomplishes this through machine learning and AI that creates baselines for users and helps to create normal patterns of behavior. Systems like HR and badging can also be integrated to provide more telemetry to make assessments of users and assign them an accurate risk score.
Defender for Cloud Apps helps to discovery potential threats based on the Saa applications used by accounts in the organization and helps to extend the protections that are deployed within the M365 environment to non-Microsoft SaaS products. This can include Conditional Access, DLP, Classification, file inspection, and alerting on activities tied to APIs.
This critical component helps to containerize corporate data on mobile devices so that it can be wiped when necessary and cannot leave the supported applications even if it is on an unmanaged device.
Once unstructured data sources like e-mail, SharePoint, OneDrive, Teams, and on-premises file shares are covered, the policies created should be extended to structured data sources like SQL, SAP, Salesforce, Cosmos, etc. through Purview Data Map. This also offers functionality around data lineage, glossary terms, collection hierarchies, and custom classifications.