5 elements that help companies have stronger data protection and security while protecting user trust.

Why companies should think about insider risk as part of their data protection strategy with a holistic approach that includes the right people, processes, and training, in addition to the appropriate tools.

Report Foreword by Bret Arsenault, Chief Information Security Officer at Microsoft.

The risk landscape for organizations has changed significantly in the past few years, as the digital landscape continues to grow. The amount of data captured, copied, and consumed is expected to grow to more than 180 zettabytes through 20251. Traditional ways of identifying and mitigating risks simply don’t work. Historically, organizations have focused on external threats; however, risks from within the organization can be just as prevalent and harmful. These internal risks include unprotected and ungoverned data, accidental or intentional data oversharing, as well as the risks for failing to meet ever-changing regulations. Not to mention, with more than 300 million people working remotely, data is being created, accessed, shared, and stored outside of the traditional borders of business. Addressing security concerns must be balanced with taking a user privacy-centric approach to ensure a strong security culture
across your organization. Enterprises need to quickly move to a more holistic approach to data protection and reduce their overall risk. This means extending data protection across all aspects of a business: people, processes, training, and tools.
Initially, Microsoft’s own approach to insider risk was fragmented, with our security teams often siloed from other organizations and where end-user training on data protection strategy was less frequent or robust. From the role of a Chief Information Security Officer (CISO), who’s responsible for data protection and ensuring the security of your corporate assets, we recognized the importance of insider risk management and made internal changes that aimed to take a comprehensive approach to addressing potential insider risks like data theft, data leakage or unauthorized access of sensitive data.
We did this by shifting our mindset on insider risk from focusing solely on risk management to thinking about creating value and building a stronger security culture across our organization.
This included building an organization-wide cybersecurity culture through corporate trainings and a great emphasis on user stewardship of corporate data, ensuring that trust remains foundational to our company approach and our products, and building a solution that helps us to detect and respond to insider data security risks like data leakage and data exfiltration while protecting user privacy and leveraging strong security controls, which has since evolved into our Microsoft Purview Insider Risk Management solution.