We’ve started using Azure Information Protection (AIP) here and I thought it would be worthwhile to share our experiences with you.
This will be a multi-part series exploring what AIP is, how it works, and how Kraft Kennedy is deploying it. If you’re interested in trying AIP at your firm, or have any questions about it, don’t hesitate to comment below or write to us.
What is Azure Information Protection?
You can read about the full feature set on Azure here. Simply stated, Azure is a security tool that lets you control who can access specific emails and documents regardless of where they are.
Imagine, for instance, that you are about to send a shareholder financial report to your partners. Today, in a typical document management system, you can put security on the profile, but the file itself is not protected. A step up in protection from this would be to password-protect the document. While this improves the security of the document itself, the password will need to be communicated (which adds to the risk) and there are plenty of tools available (Google it) to crack password-protected documents.
With AIP, you can protect the document and the email message being sent. This protection could prevent forwarding the email, printing it, editing, etc. This protection follows the content no matter where it goes. For example, if I protect a document and share it with “Pretend User A” and they share the document with “Pretend User B,” the B user will not be able to view the contents until I add them to the security list. And I can do this even after the document has been sent (twice in this example). So if “Pretend User A” were to ask me to allow “Pretend User B” to view the document, I could add them to the security list now and then they could access it without downloading or getting a new copy.
AIP is best used as a tool to protect information you are sharing with other people. AIP is not—at least today—meant as a solution to protect your documents in a Document Management System proactively. Integrating AIP into modern Document Management Systems is challenging and hopefully someday this will be possible.
There are two smaller versions of AIP available as well:
- If all you need to do is protect email, Office 365 Message Encryption is an included feature with Office 365 E3 and above.
- If you want to protect email and workloads across SharePoint, Exchange and Office documents, you can buy AIP for Office 365.
This chart shows the differences between the products above.
Now that we have an idea of what it does, the next post in this series will focus on how Azure Information Protection actually works.
Read part 2 of the AIP series: How to Use Azure Information Protection (AIP)