My Take on O365’s Insider Risk Management

Categories:   News, Syndicated Posts
Article By:  

The headline got me excited that this new MSFT O365 package might enable my clients to better monitor policy and data management compliance. The reality seems pretty weak. Agentless monitoring of desktop and MS Edge actions such as downloads, forwards to banned domains, etc. We have been able to see those in logs for years and to create custom log based alerts. The new Insider Risk Management alerts and templates sound great to corporate data security, HR and compliance teams. But the ‘policy indicator’ actions are still pretty simplistic. All the better templates require use of the new HR connector configured to track employee status changes (departure, demotions, performance improvement assessments and priority status lists). In the past, my clients have managed these same kinds of rules with role/user groups updated by MIS/HR ticket workflows. So how do you or your clients monitor security/data policy compliance? Do they actively monitor compliance or run periodic checks?

Written by Greg Buckles

Independent consultant focused on eDiscovery and IG solutions.

All author posts   |