Seclored: The Data Security News Blog

Seclore for Microsoft Sensitivity Labels: Give Meaning to Data Classification

Category: Data Classification, Partners & Integrations

The increasing instances of data protection regulations like GDPR, NIST, and NYDFS, have proven how vital data protection has become for everyone, consumers, and companies alike. Over the years, companies have attempted various techniques to provide effective and robust security to their enterprise data. One such method is “data classification” to identify the most sensitive information and where it resides.

Microsoft’s sensitivity labels do precisely that – labels your data into categories such as public, internal, confidential, and top secret. However, classifying data and labeling based on the sensitivity levels doesn’t provide any protection. On the contrary, sensitivity labels require user discretion, proving to be risky for data security if mishandled and leaving unanswered questions such as:

How does the user decide which information is sensitive or what level of sensitivity it should be labeled?
What if the classification label reflects the incorrect level of security?
What if an insider or a hacker steals your most sensitive classified files?
Is classification enough to be compliant with data regulations if you have a data breach?

All in all, marking the data as sensitive without actively protecting it is like closing your front door and leaving it unlocked for intruders to come in and look around for valuables.

Get ahead of the class by attaching Seclore data protection when a document or email is classified

Yes, Microsoft’s sensitivity labels offer a convenient way to identify which information is sensitive. The labels still come with many caveats besides a lack of data protection, such as difficulty retrieving classified data after being shared, especially if shared outside the organization with third parties or accidentally with bad actors. With Seclore for Microsoft Sensitivity Labels, sensitive labels are automatically protected with persistent, granular usage controls based on the label marked in the metatag.

Learn more about Seclore for Microsoft Sensitivity Labels

Let’s consider a few data classification scenarios with Seclore

Scenario 1: Jordan is a VP of Sales in his company and wants to share the Sales projections with his boss. He manually adds the “Confidential” sensitivity label to the email.

Question: Are the sensitivity labels active across all Microsoft products and applications protected by Seclore? Will his classified email be protected, or will the recipient have unrestricted access to the email content and attachments in the email?

Seclore Says: Seclore’s persistent, granular usage controls are automatically attached to emails and attachments based on the sensitivity label. The organization can be confident that the same protection level is applicable across all Microsoft applications. Therefore, even if Jordan applied the sensitivity label using Outlook, his Office files will retain the Seclore security policy associated with the sensitivity label applied by him. Jordan can also track his document and view all actions performed on it, regardless of where the document travels or resides.

Scenario 2: To err is human. And when it comes to sending sensitive information over email, the chances of erring are high. That’s what happened to Jordan when he shared a sensitive document with his colleague. He inadvertently forgot to apply a sensitivity label before sending the email.

Question: Will his email be unprotected and vulnerable to unauthorized access? What happens if he accidentally sends it to the wrong person?

Seclore Says: No worries! Microsoft automatically prompts Jordan to assign a suitable sensitivity label depending on the keywords in the email. Jordan selects the correct sensitivity label and sends the email. Thanks to Seclore’s Email Auto-Protector, data protection is automatically applied to the email and the attachments based on the level of sensitivity of the label. Only the intended recipients can access the email and the attachments according to the security policies mapped to the sensitivity label.

Scenario 3: Jordan is concerned about the email he just sent to one of his business partners. He wants to ensure that the sensitive information he sent isn’t shared with competitors.

Question: Can he track his email to view the activities performed on it?

Seclore Says: What’s better than attaching persistent, granular usage controls to sensitive emails and documents? Watching those controls work as the data travels across various touchpoints. Seclore’s security dashboard allows IT administrators and file owners like Jordan to track all activities performed on a protected document or email, including authorized and unauthorized attempts. Additionally, Jordan can revoke access from any of his emails or documents instantly whenever he deems necessary. He now has complete control over his sensitive information.

Seclore Wins Best Data Security for Microsoft 365 Two Years in a Row

Seclore Protects

Seclore integration with Microsoft’s sensitivity labels elevates the existing classification functionality to provide unparalleled data-centric security to all classified emails and documents across the organization. Seclore’s ability to automatically apply security permissions to classified data ensures sensitive information is consistently and accurately protected to meet compliance regulations. Additionally, Seclore’s integration with Discovery solutions allows Microsoft’s metadata tag to be scanned when classified and protected, permitting actions such as allow or block on emails and documents to ensure your data always remains safe.

For more information visit Seclore for Microsoft Sensitivity Labels or Seclore for Microsoft 365.

Dipen Shah

Dipen Shah is data-driven product manager, building innovative enterprise security products and applications. An analytical thinker who loves to work with various enterprise security products with an approach to provide the best of data security which customers are looking for.

Seclore Classification-Driven Data Protection Just Got Even Better

This October, we released Seclore 3.15 that significantly enhances Seclore Classification-Driven Data Protection, an integral component of the Seclore Data-Centric Security Platform.

One-Click Protection in Microsoft Office

One of the most critical assets essential to an organization is its proprietary data – data used to create a competitive advantage.

5 Significant Reasons to Use Seclore to Enhance Security in Your Microsoft 365 Subscription

Most likely, you are already using Microsoft 365 or have plans to migrate to Microsoft 365.

Cookie	Duration	Description
AWSALBCORS	7 days	This cookie is managed by Amazon Web Services and is used for load balancing.
connect.sid	2 hours	This cookie is used for authentication and for secure log-in. It registers the log-in information.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	6 hours	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.

Cookie	Duration	Description
ADRUM_BT1	past	This cookie is used to optimize the visitor experience on the website by detecting errors on the website and share the information to support staff.
ADRUM_BTa	past	This cookie is used to optimize the visitor experience on the website by detecting errors on the website and share the information to support staff.
dtCookie	session	This cookie is set by the provider Dynatrace. This is a session cookie used to collect information for Dynatrace. Its a system to track application performance and user errors.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_UA-60622713-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_uetsid	1 day	This cookies are used to collect analytical information about how visitors use the website. This information is used to compile report and improve site.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
pardot	past	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.