Understanding an Azure Information Protection Plan: Which Is Right for Your Business?

Posted by Gary Utley on May 7, 2019

You already know that your organization can benefit from Microsoft Azure Information Protection – but which plan is right for your business? Microsoft AIP comes with several different features and solutions, depending on the tier of service that you intend on purchasing. To figure out the right solutions for your business, you need to take an in-depth look at the features offered and whether your business needs them. 

Here are some major determining factors when choosing an Azure Information Protection plan.

HYOK Support

HYOK Support stands for "Hold Your Own Key," a powerful encryption setting that ensures that your organization can only encrypt and decrypt documents on-site. HYOK Support means that your data will be thoroughly protected even if it's potentially compromised: Even data that is taken off your site is not going to be able to be decrypted, and therefore your data will always be protected.

However, HYOK also comes with some downsides, which makes it only suitable for organizations that truly need that data protection. Due to the high levels of data protection, some features of Microsoft Office 365 may not work, as the data has to be decrypted to be used. If the key is ever lost, the data will be lost permanently; there is no way to recover HYOK data if the data key is lost, which could mean that an organization could be in for intense disruption if the key itself is not kept safe. This feature is best for organizations dealing with highly secret or regulated data. 

Automatic S/MIME Protection in Outlook

For organizations with highly confidential or classified data, this lets you automatically apply pre-configured S/MIME protection through Outlook. If your organization is often transmitting important data through Outlook, S/MIME protection will help both in terms of security and compliance. This is especially useful for organizations in the healthcare or finance industry, or organizations with government contracts.

Government contracts come hand-in-hand with high levels of regulatory and security compliance standards, some of which can be met through this implementation of automatic S/MIME email protection and email encryption.

AIP Software Developer Kit (SDK)

If your organization needs some advanced tools, it needs a software development kit. At its most basic, the AIP software development kit lets you apply labels and protections to emails and files for all platforms, including iOS, Android, Mac, and Linux. For an advanced developer, the AI software development kit will let your organization further integrate AIP protection into a multitude of different platforms for your own proprietary document management systems, thereby allowing you to tailor your information protection for your own organization's infrastructure and needs.

Not many organizations will require the AIP software development kit, but larger enterprises and enterprises that rely upon proprietary systems and multi-platform solutions will find it worthwhile to have. 

AIP Content Consumption with Work & School Accounts

Even basic plans provide AIP content consumption for work and school accounts, providing basic protection for data and identifying whether data is appropriately classified to be used by an individual. This is the most basic type of Microsoft Azure Information protection.

Azure Information and Protection Scanner for On-Premise Files

Many organizations have on-premise solutions that involve a hybrid of cloud-based document systems and on-premise systems. With the Microsoft Azure Information and Protection Scanner, on-premise files can also be classified and protected, thereby improving upon the overall security of the system. Hybrid systems can often be difficult to manage due to the complexity of their infrastructure and the on-demand use of data. AIP can help protect information regardless of where it's being held.

Document Tracking and Revocation Services

For organizations that need advanced controls over their documents and data, AIP offers the ability to track documents in real-time – and revoke access to these documents at any time. For particularly sensitive information, proprietary information, and confidential information, document tracking and revocation services are worthwhile, as they allow you to track and maintain control over the data throughout its existence.

Key Takeaways

Your business will need to explore its personal security, compliance, and document management needs to determine which Azure Information Protection plan is ideal. Depending on the Azure Information Protection plan used, different services and features will be available to your organization. But you don't need to make these determinations alone. 

At CWPS, we can review your organization's existing solutions and infrastructure to make the right product suggestions for you. It’s time to safeguard your business’ sensitive data. Contact CWPS today to learn more about our Azure Information Protection offerings.

Free Ebook: How Microsoft's AIP Can Protect Your Organization

Topics: Azure Information Protection