Microsoft Readies Azure Information Protection Service
- By Kurt Mackie
- June 22, 2016
A new security service for Microsoft's Azure platform will hit preview next month and become generally available later this year, Microsoft announced Wednesday.
Microsoft described the forthcoming "Azure Information Protection" solution as "a new service that builds on both Microsoft Azure Rights Management (Azure RMS) and our recent acquisition of Secure Islands."
Microsoft closed its Secure Islands acquisition back in December, but Azure RMS has been commercially available since late 2013. Secure Islands was a Microsoft partner that built an information categorization service that worked with the Azure RMS service. Secure Islands' IQProtector technology classifies files when they are "saved to an end-point or server, downloaded from an application, uploaded to the cloud or sent to peers and partners," according to its product description. The IQProtector service then uses the Microsoft RMS service to apply "persistent protection to files and e-mails."
Information Protection Capabilities
The new Azure Information Protection service appears to blend the two service capabilities. Microsoft's announcement listed the "key capabilities" as follows:
- Classify, label and protect data at the time of creation or modification
- Persistent protection that travels with your data
- Enable safe sharing with customers and partners
- Simple, intuitive controls help users make the right decisions and stay productive
- Visibility and control over shared data
- Deployment and management flexibility
The protection happens for data stored on the customer's premises or in a service provider's datacenter facilities. The data are encrypted and organizations get a "bring your own key" option. IT has the ability to "monitor, analyze and reason over shared data," according to Microsoft's announcement.
Data can get automatically classified or end users can select the classification. "If a user is using Word and creating a document, there's a tool bar where users can classify information," a Microsoft spokesperson explained, via e-mail. It's possible for "document owners" to track document activities and revoke document access. The controls for classifying and protecting data are integrated into various applications, including Office apps.
"Azure Information Protection can protect Office docs today and other file types like PDFs," the spokesperson indicated. "Even for file types the service doesn't protect natively today, users can create a wrapper. More info here."
Microsoft has a "generic protection" scheme for the non-supported file types. It provides "file encapsulation and authentication to verify if a user is authorized to open the file."
The service will automatically flag sensitive information in a file, such as credit card numbers. It'll automatically classify such documents. In addition, it will automatically "require it to be encrypted, or recommend to the user that it be encrypted," the spokesperson clarified.
Plans for Azure RMS
There's no word yet from Microsoft about its plans for the current Azure RMS service, given its plans to roll out this new Azure Information Protection service sometime this year. However, it seems that existing Azure RMS subscribers will be getting the new capabilities.
"Current Azure RMS customers will continue to use the same capabilities with no change to their service until the General Availability of Azure Information Protection later this calendar year, when they will begin to receive expanded capabilities," Microsoft's announcement indicated.
Microsoft currently sells its Azure RMS service as part of various Office 365 subscription plans (E1, E3 and E4; K1 [kiosk]; and government and academic plans). Azure RMS is also part of the Enterprise Mobility Suite. In addition, Microsoft sells Azure RMS to individuals and as a premium offering. The capabilities vary a bit, especially on the Office 365 subscriber side, as shown here. Microsoft lists compliance info at this page.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.