What is our primary use case?
We use Purview mainly for our internal risk management. Our main objective was to classify and categorize the information and we use the data protection feature in Purview.
In the cyber security threat landscape, people were initially concerned about outside threats, but now most companies are trying to use Zero Trust. They consider insider threats as a major vector too because there could be a chance of a phishing attack or other vulnerabilities. A hacker could enter the environment within your own systems and create a data breach by connecting your service to the external world.
We use Purview for our Microsoft SharePoint and OneDrive. I work for a biotech lab and we have a field team in place that visits medical doctors and pharmaceutical companies. That team uploads reports to all these shared drives in the cloud. We need to make sure that whatever information they upload has a proper sensitivity label attached to it so that it's not available to everybody. For our company, confidentiality is an issue.
How has it helped my organization?
Because our people use Microsoft Office products globally, like Word and Excel, it's easy to classify not only the data that is in the system but even the other documents, like Microsoft Word and Excel files in different departments, whether it's finance or HR—all of our services. Purview has helped us in doing that.
And when it comes to internal risk management, it has been helpful because sometimes, when people leave the company, they take documents from the company which could be intellectual property. Or they could be uploading sensitive documents to SharePoint. Even though that is a private cloud, uploading sensitive documents to it is not allowed because there could be implications if there is a data breach or that kind of incident.
For example, we have already had a case that is being investigated by our internal auditing and security risk committee, wherein an employee was trying to upload some documents to a personal OneDrive account when he was about to leave the company. Fortunately, they were not sensitive documents and it's up to management now to decide how to move forward. That's the main benefit.
It has helped to reduce our time to action on insider threats, whether something is done on purpose or not. Most of the incidents are done accidentally, like when someone is leaving and is in their notice period and wants to transfer some documents that they think would be helpful for employment or other personal use. People try to download those documents and upload them to OneDrive, because nowadays most companies don't allow printing or USBs. Purview makes our life easier because alerts of that sort are integrated into our ticketing solution. We just need to sort those tickets and show them to the compliance and regulatory auditors so that they can see that this is how we classify data. And if there is any incident, we have logging and monitoring processes in place.
With Purview, it's easier to present things to the auditors, the external regulatory bodies, to show that we have risk management, as well as internal risk management processes, and how we manage them. Compliance and regulations keep changing and Purview has those policies in place and is updated regularly. We don't need to worry about it.
The solution has reduced the manual effort of looking for what kind of data is being taken from the organization. It gives you a list of files or folders that have been transferred. That kind of auditing becomes easy. Before having the solution in place, we would have to manually check by logging into a particular person's folder or going through his email, doing an audit, and seeing what kinds of documents had been shared. This is much easier. It removes all the manual effort. With one click of a button, it gives you the entire information. It saves human time. Also, when it's done manually, you don't know the accuracy level of the discovery of the kinds of documents being shared.
The amount of money saved would be a very high number. Nowadays, data classification and data privacy are at the top of the list when it comes to cyber security, breaches, and data leakage. Now, if we need to resolve an incident, we already have the process in place. We don't need to reinvent the wheel. We can follow the workflow and get the things sorted out pretty quickly.
Another benefit of DLP is that not every individual understands cyber security and what kinds of data, whether it's a PII or PHI, or PCI is sensitive. There are occasions when they unintentionally send out this information but it could still cause a problem.
In addition, with Purview, we are able to view compliance in real-time. In my organization, we are using SOX, but even if you use SOC 2 or ISO, data governance is a part of it. That part is easily covered by using Purview. Tomorrow, for instance, if I have to present evidence for an audit, I can easily show the activities I have performed using Purview. The reports can be presented to the external auditor. That's true even for data classification and for data privacy purposes, like GDPR. It makes life much easier.
What is most valuable?
The best thing about Purview is that it's easy to integrate with our day-to-day environment. We have Active Directory, Word, and Excel. Using a third-party vendor and trying to integrate with our existing environment would be much more challenging.
There are predefined categories, and policies, that are created and they make implementation easy. The roles are well-defined. If a certain incident or an event is created, how should it be forwarded? What would be the process of managing that incident? Everything has been pretty well defined.
Purview is a self-contained environment. With other tools I've used, there is a DLP solution in place or something like a Defender solution in place. They just show you the log. But with Purview, there is a ticketing system, making it an independent environment. For example, if there is an incident tomorrow, you can create rules to create a ticket and automatically assign it to the help desk so that they can work on it. There is a workflow already in the picture, so you don't need a separate ticketing system if you don't have one. And you can always integrate it with your main ticketing system.
One of the features we have used is the connectors to interface with Workday, which is our HR tool. Whenever a person is in a probation period, when he is going to leave the company, it automatically starts monitoring any information being carried out from the company for his private use or in his future employment. We have configured those rules and it makes our lives easier because we don't need to ask HR or finance for a list of people who are going to leave the company at a particular point in time. The connectors do that entire work seamlessly.
What needs improvement?
For certain things, you need to install an agent. I understand it's for integrity, but if there could be a clientless solution for certain aspects, it would make life easier.
For example, you need to install a Microsoft agent on your endpoints for certain features to work for insider risk management. In the future, if they could enhance the technology to make it a seamless solution, that would be helpful, like the endpoint EDR solutions we have these days. Installing an agent on the client workstation is a headache. Whenever a new client comes in, you need to install an agent on it. It's an added task for IT. If they could eliminate that by integrating with AD or some other solution, that would make life easier.
It becomes an issue because sometimes people are working from home. They're using their own laptops or workstations and it becomes a problem because you cannot install the agents on their home laptops.
For how long have I used the solution?
We have been using Microsoft Purview for seven to eight months.
What do I think about the stability of the solution?
Having one solution is important. Microsoft is in place for the entire organization, so using a Microsoft solution makes life easier in terms of stability. If you use a third-party vendor and there is a system upgrade or an architecture change in the software itself, then interoperability and stability become issues. This is the best solution on that front.
What do I think about the scalability of the solution?
In terms of scalability, it has the features we are looking for and we are pretty happy with it. We are getting the required results. We don't need to do anything manually. It is all automated, and the processes are already in place in the solution itself.
We use Purview in multiple departments as well as multiple locations. We have our headquarters in the U.S., but we have another office in London. We provide global IT support. On average, it covers 1,300 to 1,500 endpoints.
How are customer service and support?
We have not had to escalate major issues. In the seven to eight months we have been using it, we have not explored all the functions, only a limited part of it. But for whatever requests we have made to their technical team, we have received proper answers and solutions. In the future, if we need assistance, we would definitely get in contact with Microsoft support.
How would you rate customer service and support?
How was the initial setup?
The deployment was simple because it already has different policies in it. But we need to have our own baseline for our company. Before this was implemented, we didn't have a solution to tell us how many files had been uploaded to OneDrive or shared through email. After a month or so, we got our own baseline and we were able to tune the policies. It was easy.
We were the ones who did the data categorization, classification, and implementation of the policies and workflows. For example, if there is an incident, who would be looking at the logs and how would it be escalated? We did the entire workflow.
Our deployment plan included integration with our other software applications and deployment of agents on the workstations.
It doesn't require any maintenance because it's already integrated with Microsoft Azure and your Office 365.
What was our ROI?
For us, the return on investment is the elimination of manual labor, and the reduced amount of time spent looking for data leakage issues if there is an incident.
And from the compliance perspective, we can download the reports from Purview and present them.
Which other solutions did I evaluate?
I worked in an organization that had a different DLP solution but they didn't have a dedicated internal risk management solution like Purview. They needed to use different kinds of solutions, from different vendors, to incorporate everything, and that creates overhead for day-to-day operations. It's a challenge because interoperability is an issue for different systems. Instead of having multiple vendors' solutions, I can install Purview, or I can enhance the features in Purview to make my life easier, and it can be managed through a single portal.
There are organizations that use multiple solutions to achieve different goals for data privacy, data governance, and data security. Instead of doing that, you can use Microsoft Purview. And Purview is easier to implement because most companies already have Microsoft Azure or AD Connect in the picture.
If you have different vendors, the pricing is a problem because you need to incorporate everything together. That's why Microsoft Purview is a perfect solution for us.
What other advice do I have?
Whenever you go for any risk management solution, you need to understand the criticality and sensitivity of your organization when it comes to risk. Once you have done that, I would prefer Purview because it is an easy, out-of-the-box solution. It has predefined features. If a person has a basic understanding of IT security and information security, he can easily tweak those policies after a month or whatever time frame the company chooses and it works seamlessly.
We use Office 365 as well as Microsoft Defender and other Microsoft services for other purposes, like risky sign-ins or email forwarding. For example, if somebody is trying to forward their entire email box to a private email, that is something that is not permitted by our company's policies. We use different tools for different purposes. We use Purview more for data classification, categorization, and internal risk management. We use AI and automation for risky logins and risky sign-ins but not in Purview for internal risk purposes.
We have defined policies for PII, things like passport or social security numbers, et cetera. The policy covers seven or eight types of PII information and would generate a high alert on this type of information.
*Disclosure: I am a real user, and this review is based on my own experience and opinions.
