How to avoid data breaches
Data breaches rarely happen the same way twice. Some are driven by malicious insiders, others by external hackers, careless employees, or even well-intentioned staff experimenting with new AI tools. What they all have in common: the cost to the business can be devastating. Below are four real-world style scenarios that show how breaches often occur […]
Turning Audit Pain into Audit Readiness: How to Simplify Compliance
IT security audits are meant to validate that an organization’s information assets are secure and compliant. Regulators, boards, and customers expect assurance that risks are managed against standards and regulations such as ISO/IEC 27001, NIST SP 800-171/53, PCI DSS, HIPAA, and GDPR. For CISOs, audits should showcase security maturity. Instead, they often become a repetitive, […]
Securing Data in the Age of AI: Outcomes of Implementing Microsoft Purview and the Infotechtion-ARM Solution to embrace and extend Purview
Data is the lifeblood of modern organizations—and one of the biggest targets for cybercriminals, insiders, and supply chain vulnerabilities. Sensitive information exists everywhere: in emails, collaboration platforms, cloud storage, legacy file shares, and increasingly in AI assistants like Microsoft Copilot. The challenge is not only knowing where sensitive data is, but also ensuring it is […]
How Microsoft Purview Insider Risk Management Helps You Stay Ahead of Internal Threats
In today’s hybrid work environment, where sensitive data flows across devices, apps, and geographies, insider risks have become one of the most complex and costly threats to manage. According to Microsoft research, insider incidents account for 20% of data breaches and cost organizations an average of $7.5 million per incident. Worse, they take an average […]
Security and Governance for AI: Building a Resilient Future
Protecting and Governing AI with Microsoft Solutions Artificial Intelligence (AI) is revolutionizing industries across the globe, yet its rise brings critical challenges in security and governance that organizations must address proactively. Understanding the risks, implementing robust safeguards, and embracing a Zero Trust strategy are pivotal steps in leveraging AI effectively while mitigating vulnerabilities. Generative AI: […]
An Information Asset Catalog: Why Now?
It’s 2025, and most every organization over a few hundred people likely has a Records Retention Schedule. It may have even been extended to include Non-Records, and their related retention and disposition requirements. Most organizations will also have an enterprise architecture management system – a system that stores the applications the organization utilizes. And, more […]
Automatic classification of files and emails in Microsoft 365 using Microsoft Purview or SharePoint Premium
Employees are usually too busy to care about compliance. We need to automate security and governance as best as possible, and I will in this blog post outline ways to automate data classification in Microsoft 365 to ensure data security and governance. This is for auto-applying sensitivity labels to secure sensitive files and emails and […]
SharePoint lifecycle management: 6 options to reduce costs and risks
SharePoint storage is not unlimited and purchasing more is expensive. It can be up to 10x more expensive when compared with IaaS cloud storage solutions such as Azure Blob Storage. Organizations often turn to lower-cost cloud storage solutions for archiving or long-term storage. However, these solutions lack the governance and security features implemented in Microsoft365 […]
Data lifecycle options for Microsoft 365
Keep what we need and delete the rest A study by CGOC (Compliance and Governance Oversight Council) some years ago found that in average, 25% of information has business value, 5% is subject to regulatory record keeping requirements, 2% is subject to legal hold, and 68% is redundant, obsolete, or trivial (ROT). Many companies store […]
Preparing for a Copilot Implementation
So, you’re ready to roll out Copilot. You have an Information and Records Governance program in place, including your Steering Committee, Information and Records Coordinators, policies and procedures, Records Retention Schedule (RRS), licenses, and training. As you review the rollout plan with your colleagues, you’re all doing your best to think of any challenges that […]
