The Importance of Digital Masonry

During a recent call, participants were asked icebreakers by my coworkers Mara Batinica and Peter Ojum. The one I found the most fun was how we would describe our jobs to a five-year-old. After some brief contemplation of my time at Edgile and the work I've done as part of their Information Protection practice, I decided my job could be best summed up as: "I build walls".

Now, I don't build walls in the traditional sense. There hasn't been a mason in my family in generations. I build digital walls. Walls that protect sensitive information within an organization. I build Microsoft Purview Data Loss Prevention policies.

The importance of building walls around who is and isn't allowed to view sensitive data and where sensitive data is allowed to flow in an organization cannot be overstated. In July 2022 alone, there was 8 HIPAA unauthorized access/disclosure incidents reported involving 59,784 records, and 55 hacking/IT related incidents involving 5,195,024 records. At the most conservative, that's a total of $667,360,616 in fines. Obviously these companies will not be fined that amount, but there can be incredibly heavy penalties for these violations. Beyond the financial, do we not also have a moral obligation to do our best to protect people's sensitive data like their medical records?

Detecting Data and Building Walls

Microsoft Purview's Sensitive Information Types (SITs) are the atoms that build up the Purview toolset. SITs are regex patterns, keyword lists, dictionaries, and in special cases, spreadsheets, that allow an organization to detect sensitive information in documents, emails, and files. SITs can be used across multiple different platforms like SharePoint, OneDrive, Teams, Devices, and on-premise repositories. Purview comes pre-equipped with 305 SITs with new SITs being added nearly monthly. These out-of-the-box SITs include everything an organization needs to start detecting HIPAA data within their organization and track its movement across the business, as well as prevent the sharing of HIPAA externally.

Detecting HIPAA data with Purview Data Loss Prevention (DLP) policies is incredibly simple. Why? Microsoft already knows that this is a key use case, and they provide a DLP policy template for it out-of-the-box.

By using this template, you are using Microsoft's own finely tuned logic around detecting HIPAA data in your organization. You may choose which locations to apply it to and in which contexts to notify admins and preform actions. In many cases, I find that clients wish to edit the default rule, and restrict access if the content is shared outside of the organization.

This is a simple wall but a meaningful one. It would take a company with the proper licenses no more than 15 minutes to set up, even if they've never deployed a Microsoft Purview DLP policy before. Even in a world where this DLP policy is only accurate at detecting HIPAA data 10% of the time (in reality, I find these to be much more accurate, around 70%+), that is $66,736,061 less in fines. The walls an organization must build to get secure can get much, much more complex and nuanced (thankfully so, this is why I have a job) and require many rounds of refinements before they produce the desired results. Again though, in cybersecurity, we must look beyond the financials and look at the real human impact of what we do. Detecting and preventing 10% of the records from leaving the organizations mentioned in the introduction would stop 525,480 records from being leaked. This is a vast amount of people who would not have been affected by the breaches. Even a simple wall like this can vastly alter the trajectory of a company's financials, public relations, and overall security posture, as well as the lives of the people using their products. This is the importance of digital masonry.

Disclaimer: The opinions and content are my own and do not necessarily represent Edgile’s position or opinion.