1 00:00:00,000 --> 00:00:06,200 Welcome to the Azure Security Podcast, 2 00:00:06,200 --> 00:00:09,360 where we discuss topics relating to security, privacy, 3 00:00:09,360 --> 00:00:13,400 reliability, and compliance on the Microsoft Cloud Platform. 4 00:00:13,400 --> 00:00:15,960 Hey everybody, welcome to Episode 28. 5 00:00:15,960 --> 00:00:18,120 This week is Mark, Gladys, and myself. 6 00:00:18,120 --> 00:00:22,360 We also have two guests, Gopal Shankar and Arvind Chandaka, 7 00:00:22,360 --> 00:00:24,760 who are here to talk to us about Azure Purview 8 00:00:24,760 --> 00:00:26,920 and Azure Information Protection. 9 00:00:26,920 --> 00:00:29,000 But before we get to Gopal and Arvind, 10 00:00:29,000 --> 00:00:30,520 let's head over to the news. 11 00:00:30,520 --> 00:00:32,360 Gladys, why don't you kick us off? 12 00:00:32,360 --> 00:00:35,320 Actually, the first new that I want to talk about 13 00:00:35,320 --> 00:00:41,400 is about Azure Information Protection Unify Label Clients. 14 00:00:41,400 --> 00:00:46,160 There is a new version that is general availability. 15 00:00:46,160 --> 00:00:49,400 As many of you know, Azure Information Protection, 16 00:00:49,400 --> 00:00:53,760 the administrative interface was deprecated as end of March. 17 00:00:53,760 --> 00:00:57,720 But the information rights management capability 18 00:00:57,720 --> 00:01:02,640 are still needed, even though also certain products 19 00:01:02,640 --> 00:01:06,640 like Office have embedded capabilities. 20 00:01:06,640 --> 00:01:10,920 For example, you may need it for third party files, 21 00:01:10,920 --> 00:01:15,360 such as PDF and non-office file supported, 22 00:01:15,360 --> 00:01:17,640 and this is provided by the client. 23 00:01:17,640 --> 00:01:21,320 So this new version includes a lot of scanner, 24 00:01:21,320 --> 00:01:26,680 usage, logging, diagnostic, and report improvements. 25 00:01:26,680 --> 00:01:29,120 If you're not familiar with the scanner, 26 00:01:29,120 --> 00:01:33,960 basically it's used to search for sensitive files 27 00:01:33,960 --> 00:01:39,560 within storage like SharePoint and File Shares. 28 00:01:39,560 --> 00:01:46,680 So it will be really good to upgrade to this latest client. 29 00:01:46,680 --> 00:01:49,240 The next news that I wanted to talk about 30 00:01:49,240 --> 00:01:53,320 is attribute-based access control, 31 00:01:53,320 --> 00:01:57,720 which is available under Azure Storage. 32 00:01:57,720 --> 00:02:00,800 If you're not familiar with this, 33 00:02:00,800 --> 00:02:05,120 attribute-based access control or ABAC 34 00:02:05,120 --> 00:02:10,320 is an authorization strategy that defines access levels 35 00:02:10,320 --> 00:02:15,800 based on attributes associated with security principles, 36 00:02:15,800 --> 00:02:22,440 resources, requests, and the environments being used. 37 00:02:22,440 --> 00:02:27,640 Azure ABAC builds on role-based access control 38 00:02:27,640 --> 00:02:31,880 by adding conditions to Azure role assignment. 39 00:02:31,880 --> 00:02:35,360 I'm really excited about this because it expands 40 00:02:35,360 --> 00:02:39,000 the zero trust principles further by enabling 41 00:02:39,000 --> 00:02:45,160 one to author condition-based on resource and request attributes. 42 00:02:45,160 --> 00:02:50,800 Finally, I wanted to talk about Azure AD signing logs 43 00:02:50,800 --> 00:02:53,400 that are currently in preview. 44 00:02:53,400 --> 00:02:56,560 Azure AD has some signing logs previously, 45 00:02:56,560 --> 00:03:02,200 but these ones are enabling logs for non-interactive user 46 00:03:02,200 --> 00:03:04,920 signings, service principles signings, 47 00:03:04,920 --> 00:03:08,840 and managed identities for Azure resource signings. 48 00:03:08,840 --> 00:03:11,760 We released some instant response playbooks, 49 00:03:11,760 --> 00:03:16,400 which are really built on our experience from our dark team, 50 00:03:16,400 --> 00:03:19,080 our detection response team that's doing investigations 51 00:03:19,080 --> 00:03:22,560 and incidents as well as some internal Microsoft teams 52 00:03:22,560 --> 00:03:24,880 as well working together and providing, 53 00:03:24,880 --> 00:03:27,600 hey, these are playbooks on how to deal with really 54 00:03:27,600 --> 00:03:29,800 three different popular attacks, password 55 00:03:29,800 --> 00:03:32,120 spray and phishing and whatnot. 56 00:03:32,120 --> 00:03:33,800 Those are out. 57 00:03:33,800 --> 00:03:36,480 So far, these are actually landing really well. 58 00:03:36,480 --> 00:03:38,560 Normally, I get five or 10 likes on a tweet, 59 00:03:38,560 --> 00:03:39,920 and I'm like, woohoo. 60 00:03:39,920 --> 00:03:41,920 This one's sitting at somewhere around 800 now. 61 00:03:41,920 --> 00:03:43,640 So I'm like, oh my gosh, we definitely 62 00:03:43,640 --> 00:03:45,480 hit a nerve there on what people need. 63 00:03:45,480 --> 00:03:47,440 So we're definitely looking closer at that. 64 00:03:47,440 --> 00:03:50,120 How do we invest and keep getting people what they need? 65 00:03:50,120 --> 00:03:52,240 So definitely check those out. 66 00:03:52,240 --> 00:03:55,720 You are all there that AKMSI are playbooks. 67 00:03:55,720 --> 00:03:58,040 Personally, I also took on Tech Reviewer Role 68 00:03:58,040 --> 00:04:01,120 for a book on Microsoft certifications. 69 00:04:01,120 --> 00:04:03,520 So looking forward to reading through that 70 00:04:03,520 --> 00:04:07,760 and trying to make that as high quality as we can. 71 00:04:07,760 --> 00:04:09,280 I made some more guidance. 72 00:04:09,280 --> 00:04:11,640 I just wanted to bring this up to the top of mind. 73 00:04:11,640 --> 00:04:13,120 There's been a lot of headlines lately 74 00:04:13,120 --> 00:04:16,240 around the colonial pipeline attack and whatnot, 75 00:04:16,240 --> 00:04:18,240 and that is no exception. 76 00:04:18,240 --> 00:04:20,560 There is a lot of ransomware going on right now. 77 00:04:20,560 --> 00:04:23,960 So I just want to remind folks to check out the AKMSI human 78 00:04:23,960 --> 00:04:27,200 operated because those ransomware gangs 79 00:04:27,200 --> 00:04:30,640 have a lot of profit and a lot of technical debt 80 00:04:30,640 --> 00:04:33,080 that they can defend or technical debt 81 00:04:33,080 --> 00:04:36,520 that they can exploit in terms of having run an IT with security 82 00:04:36,520 --> 00:04:39,160 as a fairly low priority in many cases 83 00:04:39,160 --> 00:04:42,800 for the better part of 30 or 50 years in many organizations. 84 00:04:42,800 --> 00:04:45,000 And so there's a lot of opportunity for these attackers 85 00:04:45,000 --> 00:04:46,720 to really run rampant. 86 00:04:46,720 --> 00:04:48,800 And they finally found a model that will allow them 87 00:04:48,800 --> 00:04:49,960 to do so to profit. 88 00:04:49,960 --> 00:04:52,400 So please, please, please follow this guidance. 89 00:04:52,400 --> 00:04:57,760 Get secure backups, protect against lateral traversal, 90 00:04:57,760 --> 00:05:00,560 and work your way through the rest of the list as well. 91 00:05:00,560 --> 00:05:04,640 But we do have the guidance, full plan, objectives, key 92 00:05:04,640 --> 00:05:08,400 results, metrics, stakeholders, checklist, technical links, 93 00:05:08,400 --> 00:05:09,080 et cetera. 94 00:05:09,080 --> 00:05:11,480 We really tried to make it as complete as possible. 95 00:05:11,480 --> 00:05:13,200 So please check it out. 96 00:05:13,200 --> 00:05:15,760 Zero Trust Principles, core principles, just as a reminder, 97 00:05:15,760 --> 00:05:17,920 the open group released those not too long ago. 98 00:05:17,920 --> 00:05:19,120 So we've got a link to that. 99 00:05:19,120 --> 00:05:20,120 So you can check those out. 100 00:05:20,120 --> 00:05:22,080 It's a really nice set of principles 101 00:05:22,080 --> 00:05:23,920 to help organizations kind of understand 102 00:05:23,920 --> 00:05:25,600 Zero Trust, get their head around it, 103 00:05:25,600 --> 00:05:27,320 in a very vendor agnostic kind of way. 104 00:05:27,320 --> 00:05:30,480 I'm actually co-chair of the Zero Trust Architecture Working 105 00:05:30,480 --> 00:05:31,920 Group over there. 106 00:05:31,920 --> 00:05:34,600 So definitely check that out. 107 00:05:34,600 --> 00:05:38,520 And don't quite have the cyber reference architecture 108 00:05:38,520 --> 00:05:39,520 yet ready to announce. 109 00:05:39,520 --> 00:05:42,080 But possibly by the time we publish this podcast, 110 00:05:42,080 --> 00:05:43,320 it'll be out. 111 00:05:43,320 --> 00:05:45,520 But that one is just about ready to release. 112 00:05:45,520 --> 00:05:47,800 And then we do have a fun little surprise as well, 113 00:05:47,800 --> 00:05:51,280 fairly big one actually, that will be coming along with it 114 00:05:51,280 --> 00:05:51,800 as well. 115 00:05:51,800 --> 00:05:53,840 So those are coming soon. 116 00:05:53,840 --> 00:05:55,720 Just a bit of a teaser there. 117 00:05:55,720 --> 00:05:57,960 So there are a few items that sort of piqued my interest 118 00:05:57,960 --> 00:05:59,280 over the last couple of weeks. 119 00:05:59,280 --> 00:06:02,000 The first three are all to do with Azure Monitor, 120 00:06:02,000 --> 00:06:04,280 as most of you should probably know, 121 00:06:04,280 --> 00:06:08,320 Azure Monitor is primarily there for data plane and control 122 00:06:08,320 --> 00:06:12,720 plane management or notifications and alerting and so on. 123 00:06:12,720 --> 00:06:15,920 Three announcements that I saw, the first one 124 00:06:15,920 --> 00:06:19,200 is support for customer managed keys for encryption of data 125 00:06:19,200 --> 00:06:21,320 at rest in Azure Monitor. 126 00:06:21,320 --> 00:06:24,520 As you can imagine, some of the information 127 00:06:24,520 --> 00:06:27,360 can be relatively sensitive in Azure Monitor, 128 00:06:27,360 --> 00:06:29,360 even though best practice dictates 129 00:06:29,360 --> 00:06:32,040 that you shouldn't store anything sensitive in a logging 130 00:06:32,040 --> 00:06:34,640 infrastructure, it could happen. 131 00:06:34,640 --> 00:06:36,840 So some customers have asked for control 132 00:06:36,840 --> 00:06:40,280 of the encryption keys, so that is now available. 133 00:06:40,280 --> 00:06:42,400 The next one is in public preview, 134 00:06:42,400 --> 00:06:45,880 is the ability to have a one minute frequency log alerts 135 00:06:45,880 --> 00:06:48,080 update in Azure Monitor. 136 00:06:48,080 --> 00:06:49,320 I don't know, to be honest with you, 137 00:06:49,320 --> 00:06:51,520 I don't know what the old frequency was, 138 00:06:51,520 --> 00:06:53,800 but I can tell you one thing, it wasn't one minute. 139 00:06:53,800 --> 00:06:57,440 So now we've got that ability that's in public preview. 140 00:06:57,440 --> 00:06:59,680 The other one, a couple of years ago, 141 00:06:59,680 --> 00:07:01,280 it worked at a financial organization 142 00:07:01,280 --> 00:07:03,000 or with a financial organization. 143 00:07:03,000 --> 00:07:06,520 And one of the people there, they're really top of her game. 144 00:07:06,520 --> 00:07:08,360 I was a lady by the name of Ronnie Kwan, 145 00:07:08,360 --> 00:07:10,840 and she's just written an article, a blog post, 146 00:07:10,840 --> 00:07:13,200 on using Azure Monitor with PrivateLink. 147 00:07:13,200 --> 00:07:15,400 Fantastic article, shows you how to hook it all up, 148 00:07:15,400 --> 00:07:17,680 how it all works, some of the pitfalls, 149 00:07:17,680 --> 00:07:19,280 one of the best sets of documentation 150 00:07:19,280 --> 00:07:20,640 I've seen on the topic. 151 00:07:20,640 --> 00:07:21,960 And as you're probably aware, 152 00:07:21,960 --> 00:07:23,840 if you're listening to any prior podcasts, 153 00:07:23,840 --> 00:07:26,440 one thing I've said all along is one thing we're seeing 154 00:07:26,440 --> 00:07:30,440 across more and more PAS services in Azure 155 00:07:30,440 --> 00:07:33,080 is support for customer managed keys for data at rest 156 00:07:33,080 --> 00:07:35,600 and for PrivateLink, private endpoints. 157 00:07:35,600 --> 00:07:38,000 So here's an example of Azure Monitor 158 00:07:38,000 --> 00:07:40,000 meeting two of those goals. 159 00:07:40,000 --> 00:07:42,600 The next item is to do with storage accounts. 160 00:07:42,600 --> 00:07:45,120 That's the ability to put a policy in place 161 00:07:45,120 --> 00:07:48,440 that prevents the use of shared key authorization, 162 00:07:48,440 --> 00:07:50,200 which means that you're only gonna use 163 00:07:50,200 --> 00:07:51,720 Azure Active Directory. 164 00:07:51,720 --> 00:07:53,840 Some customers I know, they only want AAD 165 00:07:53,840 --> 00:07:56,640 at the data plane, and they don't want the use 166 00:07:56,640 --> 00:08:00,160 of shared keys, and this is a way of enforcing that. 167 00:08:00,160 --> 00:08:02,720 And then a self-serving note, 168 00:08:02,720 --> 00:08:06,040 I wrote three blog posts in the last couple of weeks. 169 00:08:06,040 --> 00:08:09,160 One is about some of the best security practice 170 00:08:09,160 --> 00:08:12,000 that I can give you in my humble opinion. 171 00:08:12,000 --> 00:08:13,320 I'm not gonna give the game away, 172 00:08:13,320 --> 00:08:15,440 go ahead and read the blog post. 173 00:08:15,440 --> 00:08:19,200 Another one is about being pedantic about cryptography. 174 00:08:19,200 --> 00:08:21,000 In other words, when you're talking about keys, 175 00:08:21,000 --> 00:08:23,240 and you say, how are you gonna encrypt with a key? 176 00:08:23,240 --> 00:08:24,720 Which key? 177 00:08:24,720 --> 00:08:26,560 Well, we're gonna rotate keys. 178 00:08:26,560 --> 00:08:27,880 Which key are you gonna rotate? 179 00:08:27,880 --> 00:08:29,440 Is it their encryption key? 180 00:08:29,440 --> 00:08:30,720 Is it a key encryption key? 181 00:08:30,720 --> 00:08:32,400 Because they're two totally different things. 182 00:08:32,400 --> 00:08:35,240 They're two different, where things can go wrong. 183 00:08:35,240 --> 00:08:37,200 So be really pedantic about your wording, 184 00:08:37,200 --> 00:08:39,440 especially when it comes to crypto. 185 00:08:39,440 --> 00:08:41,320 And you have to, it's kinda funny about that, Michael, 186 00:08:41,320 --> 00:08:43,920 is when you're dealing with the upper end 187 00:08:43,920 --> 00:08:46,240 of sort of the security organization chart 188 00:08:46,240 --> 00:08:48,320 and the CISO and working with the business, 189 00:08:48,320 --> 00:08:49,800 it's almost the exact opposite, 190 00:08:49,800 --> 00:08:51,120 where you have to talk about risk 191 00:08:51,120 --> 00:08:53,240 and these sort of fuzzy concepts 192 00:08:53,240 --> 00:08:55,120 that aren't really well-defined. 193 00:08:55,120 --> 00:08:56,680 But when it comes down to like the crypto, 194 00:08:56,680 --> 00:08:58,520 technically you have to be extraordinarily precise. 195 00:08:58,520 --> 00:09:00,200 So I just, I love that contrast. 196 00:09:00,200 --> 00:09:02,520 And it's the weirdness of security. 197 00:09:02,520 --> 00:09:05,760 You know, I've been in so many conversations with customers 198 00:09:05,760 --> 00:09:09,000 where literally my opening statement is, 199 00:09:09,000 --> 00:09:11,760 I'm going to be really pedantic with my wording 200 00:09:11,760 --> 00:09:13,640 when it comes to the crypto. 201 00:09:13,640 --> 00:09:17,000 So when you're describing something and it involves crypto, 202 00:09:17,000 --> 00:09:21,200 don't be surprised if I constantly keep asking you, 203 00:09:21,200 --> 00:09:23,080 which key are you talking about? 204 00:09:23,080 --> 00:09:24,840 Or when you say you're doing this, 205 00:09:24,840 --> 00:09:26,640 what do you actually mean? 206 00:09:26,640 --> 00:09:29,160 Because again, the devil's in the details 207 00:09:29,160 --> 00:09:30,320 when it comes to crypto. 208 00:09:30,320 --> 00:09:34,440 And I really want to know which stuff you're talking about. 209 00:09:34,440 --> 00:09:38,240 I mean security in general, but crypto specifically. 210 00:09:38,240 --> 00:09:42,240 And then the last one, the last blog post was about 211 00:09:42,240 --> 00:09:44,000 when David LeBlanc and I wrote 212 00:09:44,000 --> 00:09:46,240 the second edition of Running Secure Code, 213 00:09:46,240 --> 00:09:47,560 I put a section in there called 214 00:09:47,560 --> 00:09:50,400 the Attackers Advantage and the Defender's Dilemma, 215 00:09:50,400 --> 00:09:53,680 which talks about the whole asymmetry of cybersecurity. 216 00:09:53,680 --> 00:09:56,160 And someone brought up a topic on LinkedIn just recently 217 00:09:56,160 --> 00:10:00,680 and this exact asymmetry came up 218 00:10:00,680 --> 00:10:01,960 in this conversation in LinkedIn. 219 00:10:01,960 --> 00:10:05,560 It made me think about this section of the book. 220 00:10:05,560 --> 00:10:08,880 So basically essentially sort of reprinted that part 221 00:10:08,880 --> 00:10:11,760 of the book in a blog post and commented on it, 222 00:10:11,760 --> 00:10:14,240 what is it essentially 20 years later. 223 00:10:14,240 --> 00:10:15,480 So anyway, take a look. 224 00:10:15,480 --> 00:10:17,520 So that's it with the news. 225 00:10:17,520 --> 00:10:19,720 So now get onto our guests. 226 00:10:19,720 --> 00:10:22,640 This week we have Gopal Shankar 227 00:10:22,640 --> 00:10:24,560 and we have Arvind Chandaka, 228 00:10:24,560 --> 00:10:26,360 who are here from the Azure Purview 229 00:10:26,360 --> 00:10:29,320 and Azure Information Protection Teams. 230 00:10:29,320 --> 00:10:31,760 Gentlemen, thank you so much for joining us this week. 231 00:10:31,760 --> 00:10:34,200 Gopal and Arvind, would you mind introducing yourselves 232 00:10:34,200 --> 00:10:36,920 and what you do at Microsoft and how long you've been here? 233 00:10:36,920 --> 00:10:40,040 Thanks Michael, thank you for having us on this podcast. 234 00:10:40,040 --> 00:10:42,120 We are really excited to be here. 235 00:10:42,120 --> 00:10:44,960 My name is Gopal Shankar and I work as a senior program manager 236 00:10:44,960 --> 00:10:48,040 in the cloud customer experience engineering team, 237 00:10:48,040 --> 00:10:50,120 which is part of the cloud security team. 238 00:10:50,120 --> 00:10:51,960 I've been with Microsoft for 17 years 239 00:10:51,960 --> 00:10:54,440 and in this team for about a year. 240 00:10:54,440 --> 00:10:56,680 In my role, I focus on product adoption, 241 00:10:56,680 --> 00:10:58,480 product development, specifically around 242 00:10:58,480 --> 00:11:01,320 Azure Information Protection and Azure Purview. 243 00:11:01,320 --> 00:11:03,200 I work with select set of customers 244 00:11:03,200 --> 00:11:06,200 to help maximize their investments in these products. 245 00:11:06,200 --> 00:11:07,520 We're also the voice of the customers 246 00:11:07,520 --> 00:11:10,080 so we take customer feedback, feature asks 247 00:11:10,080 --> 00:11:12,080 and relay that back to the product groups. 248 00:11:13,040 --> 00:11:15,600 And hi everybody, my name is Arvind Chandaka, 249 00:11:15,600 --> 00:11:17,200 also from Gopal's team. 250 00:11:17,200 --> 00:11:20,880 I'm also a program manager from the team, 251 00:11:20,880 --> 00:11:23,960 working on all the things that Gopal said above 252 00:11:23,960 --> 00:11:26,240 and particularly working on a lot of different 253 00:11:26,240 --> 00:11:29,000 feature initiatives that we have 254 00:11:29,000 --> 00:11:30,520 on growth and so on and so forth. 255 00:11:30,520 --> 00:11:33,880 So very excited to be here talking with everybody. 256 00:11:33,880 --> 00:11:34,840 Hey, thanks for the introduction. 257 00:11:34,840 --> 00:11:38,280 So the first question, so what is Azure Purview 258 00:11:38,280 --> 00:11:39,480 and why do we need it? 259 00:11:40,320 --> 00:11:41,160 That's a great question. 260 00:11:41,160 --> 00:11:44,360 So Azure Purview is a new product. 261 00:11:44,360 --> 00:11:46,360 It is a unified data governance service 262 00:11:46,360 --> 00:11:50,760 that helps customers to manage and govern data on-premise, 263 00:11:50,760 --> 00:11:53,640 multi-cloud as well as software as a service. 264 00:11:53,640 --> 00:11:56,440 It is a cloud-based service in which you can register 265 00:11:56,440 --> 00:11:59,160 data sources, scan data and get deeper insights 266 00:11:59,160 --> 00:12:01,520 about your data estate. 267 00:12:01,520 --> 00:12:03,640 Your question, why do we need it? 268 00:12:03,640 --> 00:12:06,840 As organizations embark on digital transformation, 269 00:12:06,840 --> 00:12:11,520 it is clear that they are generating data everywhere, right? 270 00:12:11,520 --> 00:12:15,960 From IoT devices to operational devices to analytical data. 271 00:12:15,960 --> 00:12:17,640 As they migrate and modernize, 272 00:12:17,640 --> 00:12:20,080 this is becoming even more important. 273 00:12:20,080 --> 00:12:22,400 Data is everywhere spread across business units 274 00:12:22,400 --> 00:12:23,920 and geographies too. 275 00:12:23,920 --> 00:12:26,600 So with Azure Purview, customers can create 276 00:12:26,600 --> 00:12:29,840 a holistic map of their data landscape 277 00:12:29,840 --> 00:12:31,600 with automated discovery, 278 00:12:31,600 --> 00:12:33,240 classify the sensitive data, 279 00:12:33,240 --> 00:12:35,440 which is super critical for security folks 280 00:12:35,440 --> 00:12:38,400 and have a deeper understanding of the data of the VH. 281 00:12:38,400 --> 00:12:41,640 I'm gonna do a follow-on question. 282 00:12:42,600 --> 00:12:44,640 I spoke in the news about 283 00:12:44,640 --> 00:12:47,520 a Azure Information Protection Scanner. 284 00:12:48,400 --> 00:12:51,120 Could you explain a little bit the difference 285 00:12:51,120 --> 00:12:54,440 between Purview and the scanner that I mentioned 286 00:12:54,440 --> 00:12:59,440 since I mentioned that we could scan data sources? 287 00:12:59,640 --> 00:13:04,640 Sure, so Azure Information Protection is our solution 288 00:13:04,920 --> 00:13:08,040 for scanning data on-premise. 289 00:13:09,160 --> 00:13:11,240 If you wanna understand what kind of data 290 00:13:11,240 --> 00:13:13,120 you have in your on-premise, 291 00:13:13,120 --> 00:13:16,600 then you use Azure Information Protection to scan, 292 00:13:16,600 --> 00:13:18,480 sorry, Azure Information Protection Scanner 293 00:13:18,480 --> 00:13:22,320 to scan your resources to understand 294 00:13:22,320 --> 00:13:24,280 what kind of sensitive data you have 295 00:13:24,280 --> 00:13:26,600 so that you can classify and manage it. 296 00:13:26,600 --> 00:13:29,120 Purview takes a little beyond that. 297 00:13:29,120 --> 00:13:32,360 It's more about managing data on-premise 298 00:13:32,360 --> 00:13:34,760 as well as in the cloud, right? 299 00:13:34,760 --> 00:13:38,920 So it's going to help you to manage data across clouds 300 00:13:38,920 --> 00:13:41,800 and also on your on-premises. 301 00:13:41,800 --> 00:13:43,920 One of the things I want to add, 302 00:13:43,920 --> 00:13:46,000 and it's a very important distinction, 303 00:13:46,000 --> 00:13:50,960 is AIP and AIP scanner overall 304 00:13:50,960 --> 00:13:53,840 is highly focused on information worker data. 305 00:13:53,840 --> 00:13:56,640 So this would mean, you know, office documents, 306 00:13:56,640 --> 00:14:01,000 Word, Excel, PowerPoint, additional ones like PDF, 307 00:14:01,000 --> 00:14:02,240 and so on. 308 00:14:02,240 --> 00:14:04,720 So these kinds of files that are basically sitting 309 00:14:04,720 --> 00:14:09,720 on on-prem file fairs, SMB drives, and so on and so forth, 310 00:14:10,520 --> 00:14:14,280 these are the targets for the AIP scanner, 311 00:14:14,280 --> 00:14:17,440 versus Azure Purview focuses more on 312 00:14:17,440 --> 00:14:19,440 operational and analytical data. 313 00:14:19,440 --> 00:14:23,560 So an example of a sort that Azure Purview would do, 314 00:14:23,560 --> 00:14:25,720 would basically scan on-prem, 315 00:14:25,720 --> 00:14:27,640 would be something like a SQL server. 316 00:14:27,640 --> 00:14:28,960 And inside the SQL server, 317 00:14:28,960 --> 00:14:32,800 you could have basically all of these kinds of data rows 318 00:14:32,800 --> 00:14:37,560 that could help describe application data as an example, 319 00:14:37,560 --> 00:14:38,960 and you'd be able to collect that 320 00:14:38,960 --> 00:14:42,160 and correlate that in Azure Purview, 321 00:14:42,160 --> 00:14:46,360 which is slightly different than what we're focusing with AIP. 322 00:14:47,280 --> 00:14:49,160 So is the product available now? 323 00:14:50,240 --> 00:14:53,120 So we launched this product in December. 324 00:14:53,120 --> 00:14:55,840 The product is currently in public preview. 325 00:14:55,840 --> 00:14:57,200 We've been testing the product, 326 00:14:57,200 --> 00:14:58,480 we've got a lot of customers have signed up 327 00:14:58,480 --> 00:15:00,320 and we're getting great feedback. 328 00:15:00,320 --> 00:15:03,120 It's likely to be generally available sometime 329 00:15:03,120 --> 00:15:05,520 in the second half of the calendar year. 330 00:15:05,520 --> 00:15:08,520 So until the point it will be in public preview. 331 00:15:08,520 --> 00:15:10,000 I mean, it's got the Azure in front of it, 332 00:15:10,000 --> 00:15:11,720 so I can make an assumption that's in the portal, 333 00:15:11,720 --> 00:15:14,640 but how do you get access to Purview? 334 00:15:14,640 --> 00:15:16,960 Is it something available to everyone? 335 00:15:16,960 --> 00:15:19,240 Or, you know, and where do you get to it? 336 00:15:19,240 --> 00:15:21,080 Like how would people actually get to try it out 337 00:15:21,080 --> 00:15:22,680 and check it out? 338 00:15:22,680 --> 00:15:25,440 Sure, so you definitely need to have an Azure account 339 00:15:25,440 --> 00:15:28,040 with an active subscription. 340 00:15:28,040 --> 00:15:29,920 That account must have permissions 341 00:15:29,920 --> 00:15:32,040 to create resources under the subscription. 342 00:15:32,040 --> 00:15:34,520 So simply sign into your Azure, you know, 343 00:15:34,520 --> 00:15:37,040 under resources, look for Purview, 344 00:15:37,040 --> 00:15:38,960 create a Purview instance. 345 00:15:38,960 --> 00:15:40,560 Once you have the instance deployed, 346 00:15:40,560 --> 00:15:43,280 you launch Azure Purview and then make sure 347 00:15:43,280 --> 00:15:46,080 that you have security principles added 348 00:15:46,080 --> 00:15:49,480 to various data plane roles that we have. 349 00:15:49,480 --> 00:15:53,040 We have Purview Data Reader, Curator and Administrator. 350 00:15:53,040 --> 00:15:55,440 So based on your, you know, needs, 351 00:15:55,440 --> 00:15:58,920 add respect to, you know, users to these groups 352 00:15:58,920 --> 00:16:01,080 so that they can access this portal. 353 00:16:01,080 --> 00:16:02,760 And there you go, you're all set. 354 00:16:02,760 --> 00:16:06,040 You'll be able to view all the data from there on. 355 00:16:06,040 --> 00:16:10,960 Cool, now who should actually be going to that portal? 356 00:16:10,960 --> 00:16:13,240 I mean, you know, cause we're talking about data folks here 357 00:16:13,240 --> 00:16:15,080 and I know there's a lot of different interests in data, 358 00:16:15,080 --> 00:16:17,640 like, hey, how do we, you know, find new markets 359 00:16:17,640 --> 00:16:21,120 and get more insights on customers and our operations 360 00:16:21,120 --> 00:16:23,240 and how do I keep it secure? 361 00:16:23,240 --> 00:16:27,040 Like so what roles would interact with Purview 362 00:16:27,040 --> 00:16:28,600 and would use it? 363 00:16:28,600 --> 00:16:29,600 That's a great question. 364 00:16:29,600 --> 00:16:33,640 You know, Purview caters to a very wide range of personas. 365 00:16:33,640 --> 00:16:38,640 So it provides a single plate of glass view data 366 00:16:39,240 --> 00:16:42,400 in your data catalog, give you an example, you know, 367 00:16:42,400 --> 00:16:44,760 for example, Chief Data Officers who will benefit 368 00:16:44,760 --> 00:16:46,080 from the holistic and, you know, 369 00:16:46,080 --> 00:16:48,040 coherent view of data estate, right? 370 00:16:48,040 --> 00:16:50,960 Once you have all the resources configured and scanned, 371 00:16:50,960 --> 00:16:53,880 it's gonna give you that birds eye view. 372 00:16:53,880 --> 00:16:56,400 This helps them to understand where their data is. 373 00:16:56,400 --> 00:16:59,360 They can have, they can view variety of reports 374 00:16:59,360 --> 00:17:00,880 in the dashboard. 375 00:17:00,880 --> 00:17:02,640 Risk and compliance officers, you know, 376 00:17:02,640 --> 00:17:05,040 they can understand the risk of the data and, you know, 377 00:17:05,040 --> 00:17:07,360 what needs to be done from a compliance standpoint 378 00:17:07,360 --> 00:17:11,600 to meet their organizational needs or regulatory requirements. 379 00:17:11,600 --> 00:17:15,080 So you can actually group data sources into collections 380 00:17:15,080 --> 00:17:18,960 and have a nice hierarchy view of your enterprise 381 00:17:18,960 --> 00:17:21,640 and manage data from there. 382 00:17:21,640 --> 00:17:24,480 CISOs are interested from a security aspect of the data, 383 00:17:24,480 --> 00:17:26,440 data source administrators, you know, 384 00:17:26,440 --> 00:17:28,800 they wanna make sure that they can scan all the data 385 00:17:28,800 --> 00:17:31,000 that's available in the enterprises, 386 00:17:31,000 --> 00:17:33,000 whether it is on-prem or in the cloud. 387 00:17:33,000 --> 00:17:34,880 So they will be able to, you know, 388 00:17:34,880 --> 00:17:37,280 get all those resources into Azure Purview. 389 00:17:37,280 --> 00:17:39,560 And finally, you know, the data consumers, 390 00:17:39,560 --> 00:17:40,920 the business users, you know, 391 00:17:40,920 --> 00:17:44,000 who will be actually consuming this information, 392 00:17:44,000 --> 00:17:46,240 they will be able to search, understand 393 00:17:46,240 --> 00:17:48,360 where the data comes from as well as, you know, 394 00:17:48,360 --> 00:17:51,120 how it is classified and how can actually they get in touch 395 00:17:51,120 --> 00:17:52,760 with the owners of the data. 396 00:17:52,760 --> 00:17:54,240 So those are some of the personal assets. 397 00:17:54,240 --> 00:17:56,200 It even expands beyond that too. 398 00:17:56,200 --> 00:17:58,520 So ultimately, what kind of problems are we trying to solve 399 00:17:58,520 --> 00:18:00,400 with Azure Purview? 400 00:18:00,400 --> 00:18:03,960 So, you know, generally we've talked to many customers, 401 00:18:03,960 --> 00:18:05,720 you know, customers today, you know, 402 00:18:05,720 --> 00:18:07,640 have a very manual process. 403 00:18:07,640 --> 00:18:11,120 They have homegrown solutions that do not adapt well 404 00:18:11,120 --> 00:18:15,440 and grow, you know, with the data growing in the environment. 405 00:18:15,440 --> 00:18:19,960 And it's a very costly affair as well as full of gaps, right? 406 00:18:19,960 --> 00:18:22,640 There's a sprung to human error. 407 00:18:22,640 --> 00:18:25,760 And Purview helps to reimagine the data governance 408 00:18:25,760 --> 00:18:26,640 in the cloud. 409 00:18:26,640 --> 00:18:30,720 It empowers data consumers to find valuable, 410 00:18:30,720 --> 00:18:33,240 trustworthy data, you know, 411 00:18:33,240 --> 00:18:35,600 which is spread across the enterprise, right? 412 00:18:35,600 --> 00:18:38,520 It helps you discover data. 413 00:18:38,520 --> 00:18:39,680 Data consumers, for example, 414 00:18:39,680 --> 00:18:41,240 can discover the data in the enterprise 415 00:18:41,240 --> 00:18:43,920 and, you know, obviously this has been a challenge for them. 416 00:18:43,920 --> 00:18:46,520 There is no one place to go, you know, 417 00:18:46,520 --> 00:18:48,200 creating and maintaining documentation 418 00:18:48,200 --> 00:18:50,160 for data sources can be very difficult 419 00:18:50,160 --> 00:18:51,400 and ongoing effort. 420 00:18:51,400 --> 00:18:54,160 So it becomes a barrier to share data across the enterprise. 421 00:18:54,160 --> 00:18:56,760 So Purview solves that problem too. 422 00:18:56,760 --> 00:18:58,960 From a security administrators perspective, 423 00:18:58,960 --> 00:19:00,400 you know, data is constantly growing 424 00:19:00,400 --> 00:19:02,840 and sharing in different ways. 425 00:19:02,840 --> 00:19:04,800 So the task of discovering and protecting, 426 00:19:04,800 --> 00:19:08,840 governing these data is a super humongous task, right? 427 00:19:08,840 --> 00:19:10,760 So it is super important to make sure the content 428 00:19:10,760 --> 00:19:12,840 is being shared with the correct people, you know, 429 00:19:12,840 --> 00:19:15,280 applications with the right permissions. 430 00:19:15,280 --> 00:19:18,280 So understanding the risk levels in the organization 431 00:19:18,280 --> 00:19:20,880 based on the sensitive data type that resides, 432 00:19:20,880 --> 00:19:23,200 such as credit card numbers, social security, 433 00:19:23,200 --> 00:19:24,520 et cetera, et cetera, 434 00:19:24,520 --> 00:19:26,840 you need to constantly monitor these resources 435 00:19:26,840 --> 00:19:29,600 for managing sensitive data. 436 00:19:29,600 --> 00:19:31,520 So these are the problems that, you know, 437 00:19:31,520 --> 00:19:34,400 Purview will be able to solve once you onboard 438 00:19:34,400 --> 00:19:37,400 all your sources into Purview. 439 00:19:37,400 --> 00:19:40,000 So you have this one place to go 440 00:19:40,000 --> 00:19:44,200 to basically manage your data and the security aspects of it. 441 00:19:44,200 --> 00:19:49,200 So you explained briefly what Purview was used for, 442 00:19:49,200 --> 00:19:53,480 but can you walk through a fuller scenario? 443 00:19:53,480 --> 00:19:54,120 Sure. 444 00:19:54,120 --> 00:19:58,840 So imagine a situation where you have everything manual today 445 00:19:58,840 --> 00:20:01,760 and you're able to only, you know, 446 00:20:01,760 --> 00:20:04,160 share with limited number of people, 447 00:20:04,160 --> 00:20:06,440 not many people are able to see it. 448 00:20:06,440 --> 00:20:10,280 Once you have a Purview instance up and running, 449 00:20:10,280 --> 00:20:12,280 the administrator is going to basically go 450 00:20:12,280 --> 00:20:15,480 and register all the sources in the enterprise 451 00:20:15,480 --> 00:20:18,760 to bring everything into one umbrella, right? 452 00:20:18,760 --> 00:20:22,120 And I mentioned earlier about having this collections view 453 00:20:22,120 --> 00:20:24,440 where you can actually have a holistic view 454 00:20:24,440 --> 00:20:26,600 and also have a deeper view based on 455 00:20:26,600 --> 00:20:28,920 how you want to slice and dice the data. 456 00:20:28,920 --> 00:20:32,480 It could be by geography, it could be by function, right? 457 00:20:32,480 --> 00:20:33,960 So once you have that, 458 00:20:33,960 --> 00:20:37,080 now you will be able to provide access to the consumers 459 00:20:37,080 --> 00:20:39,840 based on their role who will be able to actually go 460 00:20:39,840 --> 00:20:42,080 and view this data in the portal 461 00:20:42,080 --> 00:20:45,680 and also understand what kind of sensitive data is available, 462 00:20:45,680 --> 00:20:47,400 what kind of labeling is available 463 00:20:47,400 --> 00:20:49,520 if they have integrated that with Microsoft Information 464 00:20:49,520 --> 00:20:52,440 Protection so that they get this end-to-end view. 465 00:20:52,440 --> 00:20:54,280 They can also see the data lineage, you know, 466 00:20:54,280 --> 00:20:55,760 as the data moves. 467 00:20:55,760 --> 00:20:58,080 So that's another big feature that they have. 468 00:20:58,080 --> 00:21:00,080 So if we're thinking also about a scenario, 469 00:21:00,080 --> 00:21:05,320 just imagine you have some subsets of data lying around. 470 00:21:05,320 --> 00:21:10,280 So say you had information in various Azure data assets, 471 00:21:10,280 --> 00:21:14,840 ADLS, Azure files, blob storage, et cetera, 472 00:21:14,840 --> 00:21:19,840 you also had some information in Amazon S3 as an example, 473 00:21:20,000 --> 00:21:23,280 maybe even on-prem and SQL Server. 474 00:21:23,280 --> 00:21:25,880 But all of these different kinds of sources, 475 00:21:25,880 --> 00:21:28,800 the workflow basically will function as this. 476 00:21:28,800 --> 00:21:32,360 You can then, you could first go into sort of the area 477 00:21:32,360 --> 00:21:37,360 in the registered sources area for Azure Purview 478 00:21:39,640 --> 00:21:41,200 and then you're able to register 479 00:21:41,200 --> 00:21:43,320 each of these individual sources 480 00:21:43,320 --> 00:21:46,120 that you have around your various environments. 481 00:21:46,120 --> 00:21:48,360 Once you're able to register that 482 00:21:48,360 --> 00:21:50,480 and provide basically the necessary permissions 483 00:21:50,480 --> 00:21:54,080 and visibility into being able to scan those, 484 00:21:54,080 --> 00:21:56,280 you'll basically go through a scanning operation 485 00:21:56,280 --> 00:22:00,640 to discover all of that data that underlies these sources. 486 00:22:00,640 --> 00:22:03,680 And so these data assets or metadata assets 487 00:22:03,680 --> 00:22:07,040 will be populated within your, 488 00:22:07,040 --> 00:22:10,000 what we call it a data state in Purview. 489 00:22:10,000 --> 00:22:12,120 Inside of this particular area, 490 00:22:12,120 --> 00:22:14,320 you'll be able to see the results of your scan 491 00:22:14,320 --> 00:22:17,400 and all of the sort of individual documents that exist 492 00:22:17,400 --> 00:22:19,040 as a result of your scan. 493 00:22:19,040 --> 00:22:21,160 And then you could basically filter 494 00:22:21,160 --> 00:22:23,440 by different kinds of settings, 495 00:22:23,440 --> 00:22:25,960 look into the kinds of information that you want, 496 00:22:25,960 --> 00:22:27,320 and so on. 497 00:22:27,320 --> 00:22:29,040 From my perspective, it sounds like this is just 498 00:22:29,040 --> 00:22:32,960 a really radical shift in kind of data management 499 00:22:32,960 --> 00:22:36,120 for an organization almost like on the level of going 500 00:22:36,120 --> 00:22:39,800 from physical servers to VMs or from on-premise to cloud 501 00:22:39,800 --> 00:22:43,480 because all of a sudden, boom, your stuff is there, 502 00:22:43,480 --> 00:22:45,320 obviously after it's all set up and whatnot, 503 00:22:45,320 --> 00:22:47,480 in one report and one console, 504 00:22:47,480 --> 00:22:50,680 instead of having to chase after it in a thousand places. 505 00:22:50,680 --> 00:22:53,160 So I'm really interested in the kind of insights 506 00:22:53,160 --> 00:22:55,800 that you can get now that you have this in one place. 507 00:22:55,800 --> 00:22:58,520 Like, what is the value people are getting out of this? 508 00:22:58,520 --> 00:22:59,360 Absolutely. 509 00:22:59,360 --> 00:23:02,080 So there's two real large insights 510 00:23:02,080 --> 00:23:03,320 as a result of that workflow. 511 00:23:03,320 --> 00:23:05,640 One is that data state or data catalog 512 00:23:05,640 --> 00:23:08,040 I was talking and talking about. 513 00:23:08,040 --> 00:23:10,120 And in this particular area, 514 00:23:10,120 --> 00:23:13,080 imagine you were an individual, like a data scientist, 515 00:23:13,080 --> 00:23:15,720 as an example, going through and trying to find the data set 516 00:23:15,720 --> 00:23:18,840 that you need in order to basically get your models created 517 00:23:18,840 --> 00:23:21,520 and test them and so on and so forth. 518 00:23:21,520 --> 00:23:23,000 This keeps it all in one place 519 00:23:23,000 --> 00:23:24,600 because you've been able to go through 520 00:23:24,600 --> 00:23:27,480 and identify all of this disparate data 521 00:23:27,480 --> 00:23:29,320 in so many various sources. 522 00:23:29,320 --> 00:23:32,560 You're able to go to a single holistic sort of 523 00:23:33,520 --> 00:23:36,960 pane of glass in order to get what you need, 524 00:23:36,960 --> 00:23:39,560 get access to it and so on and so forth. 525 00:23:39,560 --> 00:23:43,280 So that's incredibly valuable for data consumers overall. 526 00:23:44,160 --> 00:23:47,000 Another piece is actually, funny enough, 527 00:23:47,000 --> 00:23:50,360 it's also called Insights, our data insights pillar, 528 00:23:50,360 --> 00:23:53,680 where you can go into this particular tab in Azure Purview 529 00:23:53,680 --> 00:23:55,640 and what you'll be able to get out of it 530 00:23:55,640 --> 00:23:57,520 are different kinds of reports 531 00:23:57,520 --> 00:24:00,400 on the kinds of files you were able to scan through 532 00:24:00,400 --> 00:24:01,960 and the results of your scan. 533 00:24:01,960 --> 00:24:04,600 So as an example, 534 00:24:04,600 --> 00:24:08,160 Purview is looking at many different kinds of classifications 535 00:24:08,160 --> 00:24:10,280 as you're going through these scans. 536 00:24:10,280 --> 00:24:12,200 And so classifications can be considered 537 00:24:12,200 --> 00:24:14,760 to things like sensitive information types, 538 00:24:14,760 --> 00:24:17,000 credit card data, social security numbers, 539 00:24:17,000 --> 00:24:19,760 driver's license numbers, et cetera. 540 00:24:19,760 --> 00:24:23,360 And being able to identify what is the breakdown 541 00:24:23,360 --> 00:24:25,400 of this kind of sensitive information 542 00:24:25,400 --> 00:24:27,320 within the scans that were done. 543 00:24:27,320 --> 00:24:30,240 What percent of that is from Azure assets? 544 00:24:30,240 --> 00:24:33,800 What percent of that is from AWS assets? 545 00:24:33,800 --> 00:24:35,920 AWS assets and so on and so forth. 546 00:24:36,920 --> 00:24:39,800 You'll be able to get that breakdown there. 547 00:24:39,800 --> 00:24:41,400 You'll also be able to get a breakdown 548 00:24:41,400 --> 00:24:45,400 into any sort of sensitivity labels you can use, 549 00:24:45,400 --> 00:24:48,520 whether your scan worked or failed over time, 550 00:24:48,520 --> 00:24:51,320 understanding the different kinds of file types that are good. 551 00:24:51,320 --> 00:24:53,680 It's a very rich ecosystem to be able to go through 552 00:24:53,680 --> 00:24:55,600 and actually see these reports 553 00:24:55,600 --> 00:24:58,240 because ultimately like Gopal was mentioning, 554 00:24:58,240 --> 00:25:00,560 you can go ahead and provide this information 555 00:25:00,560 --> 00:25:05,480 to your leadership, your IT team, data team security, 556 00:25:05,480 --> 00:25:08,720 et cetera, and be able to garner some tangible insights 557 00:25:08,720 --> 00:25:12,360 such that you're able to make any necessary remediations, 558 00:25:12,360 --> 00:25:16,640 any necessary actions to continue protecting your data, 559 00:25:16,640 --> 00:25:20,440 as well as maintaining a holistic database 560 00:25:20,440 --> 00:25:22,680 or rather data catalog. 561 00:25:22,680 --> 00:25:24,480 Yeah, and as I'm thinking about this, 562 00:25:24,480 --> 00:25:27,440 because I'm both a business geek and a security geek, 563 00:25:27,440 --> 00:25:30,520 and like the security geek side of me is like going, 564 00:25:30,520 --> 00:25:31,480 okay, this is awesome 565 00:25:31,480 --> 00:25:33,200 because I can now see what data we have to protect 566 00:25:33,200 --> 00:25:35,040 and be able to ask the business, 567 00:25:35,040 --> 00:25:38,040 hey, what's important, what should we be focusing on? 568 00:25:38,040 --> 00:25:39,800 But at the same time, I'm now a little bit freaked out 569 00:25:39,800 --> 00:25:41,680 because now that it's easier for the business to find this, 570 00:25:41,680 --> 00:25:44,480 it's also easier for the attackers to use the same tool. 571 00:25:45,800 --> 00:25:48,720 So actually one of the questions I was thinking about, 572 00:25:48,720 --> 00:25:51,440 like now you guys classify and label this, right? 573 00:25:51,440 --> 00:25:54,200 Now, is that tied in with Microsoft Information Protection? 574 00:25:54,200 --> 00:25:55,560 How do those two connect? 575 00:25:55,560 --> 00:25:58,240 Absolutely, you're right on the money for that. 576 00:25:58,240 --> 00:26:00,800 So just a little bit of a background 577 00:26:00,800 --> 00:26:02,960 for our audience who might not be aware, 578 00:26:02,960 --> 00:26:04,360 Microsoft Information Protection 579 00:26:04,360 --> 00:26:07,240 is a suite of capabilities really driven around 580 00:26:07,240 --> 00:26:11,960 basically security and information protection in M365. 581 00:26:11,960 --> 00:26:15,200 One of the core components of MIP 582 00:26:15,200 --> 00:26:18,720 is basically this component called a sensitivity label. 583 00:26:18,720 --> 00:26:21,600 And what a sensitivity label does for an organization 584 00:26:21,600 --> 00:26:25,800 is it helps define basically how important 585 00:26:25,800 --> 00:26:27,600 that piece of information is. 586 00:26:27,600 --> 00:26:30,160 And a taxonomy in different kinds of corporations 587 00:26:30,160 --> 00:26:31,680 help denote that. 588 00:26:31,680 --> 00:26:33,440 So as an example, you could have something 589 00:26:33,440 --> 00:26:35,840 that is public, general, confidential, 590 00:26:35,840 --> 00:26:37,400 highly confidential, et cetera. 591 00:26:37,400 --> 00:26:39,560 Different corporations will do it in different ways. 592 00:26:39,560 --> 00:26:44,560 And not only will this sensitivity label denote that, 593 00:26:45,240 --> 00:26:47,400 but in the scope of MIP, 594 00:26:47,400 --> 00:26:50,720 it also provides data at rest encryption 595 00:26:50,720 --> 00:26:52,840 and almost transparent encryption 596 00:26:52,840 --> 00:26:55,480 so that if it was moved around essentially 597 00:26:55,480 --> 00:26:57,680 to these informational worker files, 598 00:26:57,680 --> 00:27:01,040 you'd be still getting some level of protection from them. 599 00:27:01,040 --> 00:27:03,120 Now, there is an integration. 600 00:27:03,120 --> 00:27:06,000 There is basically a better together story 601 00:27:06,000 --> 00:27:09,240 where we are integrating the sensitivity labels 602 00:27:09,240 --> 00:27:10,360 with purview. 603 00:27:10,360 --> 00:27:14,160 And so if you were to use basically E5 604 00:27:15,200 --> 00:27:17,440 or rather have the E5 license, 605 00:27:17,440 --> 00:27:20,320 you can go ahead to Security and Compliance Center 606 00:27:20,320 --> 00:27:23,760 and set up the configuration of what a label is 607 00:27:23,760 --> 00:27:26,280 and what kind of sensitivity, 608 00:27:26,280 --> 00:27:28,760 sensitive information types or classifications 609 00:27:28,760 --> 00:27:30,040 are included there. 610 00:27:30,040 --> 00:27:34,040 And so that will help you essentially be able to 611 00:27:35,680 --> 00:27:39,440 identify in a purview scan 612 00:27:39,440 --> 00:27:43,640 when you find say a driver's license information 613 00:27:43,640 --> 00:27:48,640 and a credit card info that that label to be attached to it 614 00:27:49,240 --> 00:27:51,760 that signifies it as confidential. 615 00:27:51,760 --> 00:27:54,160 So right now we have this currently available 616 00:27:55,240 --> 00:27:56,880 and hopefully later in the future, 617 00:27:56,880 --> 00:28:00,840 we will also introduce protection capabilities as well. 618 00:28:00,840 --> 00:28:04,880 I was gonna ask why one needs to classify 619 00:28:04,880 --> 00:28:06,840 or identify data, 620 00:28:06,840 --> 00:28:11,840 which you have talked a little bit about already, 621 00:28:11,840 --> 00:28:15,760 but I wanna make sure that the audience understand 622 00:28:15,760 --> 00:28:18,520 what we mean with classification, 623 00:28:18,520 --> 00:28:23,280 especially when we are talking to government, 624 00:28:23,280 --> 00:28:26,240 classification has a different connotation. 625 00:28:26,240 --> 00:28:28,720 What we're talking here is about labeling 626 00:28:28,720 --> 00:28:30,600 and or tagging the data. 627 00:28:30,600 --> 00:28:35,480 So why would an organization needs to do this? 628 00:28:35,480 --> 00:28:37,960 Yeah, I mean, ultimately there is sort of like 629 00:28:37,960 --> 00:28:40,360 a information protection framework 630 00:28:40,360 --> 00:28:43,120 that we took from MIP and AIP 631 00:28:43,120 --> 00:28:47,760 and are applying it here in purview as well. 632 00:28:47,760 --> 00:28:51,280 This kind of concept of discover 633 00:28:51,280 --> 00:28:53,400 where the sensitive information is in your environment. 634 00:28:53,400 --> 00:28:55,440 Once you're able to discover it, 635 00:28:55,440 --> 00:28:57,560 analyze it and understand basically 636 00:28:57,560 --> 00:29:00,360 what kind of taxonomy to create off it. 637 00:29:00,360 --> 00:29:03,120 And then once you get a kind of understanding of taxonomy, 638 00:29:03,120 --> 00:29:06,000 understand how to go about protecting and governing it 639 00:29:06,000 --> 00:29:08,920 within your environment. 640 00:29:08,920 --> 00:29:11,360 And so we're basically trying to implement 641 00:29:11,360 --> 00:29:13,480 that kind of framework here as well, 642 00:29:14,400 --> 00:29:17,480 with at least starting originally with the discovery piece 643 00:29:17,480 --> 00:29:20,200 where we're able to attach these same labels 644 00:29:20,200 --> 00:29:24,560 that you can use in the MIP world here as well in purview. 645 00:29:24,560 --> 00:29:26,560 As it's something that a lot of different customers 646 00:29:26,560 --> 00:29:31,000 that we currently have are heavily leveraging as well. 647 00:29:31,000 --> 00:29:33,680 And this is just a really great synergy we have here 648 00:29:33,680 --> 00:29:36,960 and being able to do that and follow in the steps 649 00:29:36,960 --> 00:29:38,680 of what is that best practice, 650 00:29:38,680 --> 00:29:41,680 that overall framework for information protection. 651 00:29:41,680 --> 00:29:44,960 Just to add to that, what Harbin just mentioned, 652 00:29:44,960 --> 00:29:49,440 the platform should be automatically able to classify data 653 00:29:49,440 --> 00:29:51,680 and allow manual overwrite when possible. 654 00:29:51,680 --> 00:29:55,880 So it's the foundation for effective governance as well. 655 00:29:55,880 --> 00:29:59,760 My guess is that as you purview can take data 656 00:29:59,760 --> 00:30:02,560 from multiple data sources and categorize it 657 00:30:02,560 --> 00:30:04,680 and classify it and identify it. 658 00:30:04,680 --> 00:30:06,520 So what does that look like right now? 659 00:30:06,520 --> 00:30:11,000 What sort of data sources can you use within as you purview? 660 00:30:11,000 --> 00:30:13,200 That's a great question. 661 00:30:13,200 --> 00:30:16,560 So right now you could classify a huge plot 662 00:30:16,560 --> 00:30:19,760 of different kinds of Azure data assets, 663 00:30:19,760 --> 00:30:24,680 ADLS, Blob storage, et cetera. 664 00:30:24,680 --> 00:30:27,480 You also have the capability now it's in public preview 665 00:30:27,480 --> 00:30:32,480 to basically scan AWS S3 buckets. 666 00:30:33,280 --> 00:30:37,440 We also have on-prem resources like Power BI, 667 00:30:37,440 --> 00:30:39,000 SQL server, et cetera. 668 00:30:39,000 --> 00:30:41,680 And then as well as a lot of different SaaS connectors 669 00:30:41,680 --> 00:30:42,960 and integrations that we have. 670 00:30:42,960 --> 00:30:47,040 So Oracle DB is one that comes to mind. 671 00:30:47,040 --> 00:30:49,280 And there's a lot of different SaaS ones 672 00:30:49,280 --> 00:30:50,320 that we're working on right now 673 00:30:50,320 --> 00:30:54,920 that is sort of the brunt of a lot of the work 674 00:30:54,920 --> 00:30:56,800 going into GA. 675 00:30:56,800 --> 00:30:58,400 For the full list, of course, 676 00:30:58,400 --> 00:31:00,000 feel free to look at the documentation. 677 00:31:00,000 --> 00:31:03,120 We will be attaching that in this podcast as well. 678 00:31:03,120 --> 00:31:05,320 So you could see the full list, 679 00:31:05,320 --> 00:31:09,520 but it's a pretty big litany of items. 680 00:31:09,520 --> 00:31:13,880 So what is the future roadmap look like? 681 00:31:13,880 --> 00:31:15,920 What is coming down the pipe? 682 00:31:16,800 --> 00:31:19,400 That's a really great question. 683 00:31:19,400 --> 00:31:21,360 Data sources are obviously one of the biggest things 684 00:31:21,360 --> 00:31:22,400 we're focusing on right now. 685 00:31:22,400 --> 00:31:24,120 So just the different kinds of connectors 686 00:31:24,120 --> 00:31:27,160 for different SaaS providers and so on and so forth. 687 00:31:27,160 --> 00:31:29,320 That's been a big ask from customers. 688 00:31:30,320 --> 00:31:34,200 We are working a lot on the security side as well. 689 00:31:34,200 --> 00:31:36,000 There's a couple of stories going around 690 00:31:36,000 --> 00:31:39,440 for that access governance, alerting, 691 00:31:40,520 --> 00:31:44,280 and sort of the work we're doing on that front 692 00:31:44,280 --> 00:31:46,680 is going to help bolster sort of the security story 693 00:31:46,680 --> 00:31:48,640 of curvy a lot more. 694 00:31:48,640 --> 00:31:51,920 Unfortunately, I can't say too much other than those pieces 695 00:31:51,920 --> 00:31:55,320 because we are working on some pieces right now 696 00:31:55,320 --> 00:31:56,920 that are not public yet, 697 00:31:56,920 --> 00:31:58,640 but they are coming public really soon 698 00:31:58,640 --> 00:32:01,440 and we're excited to see how the security community reacts 699 00:32:01,440 --> 00:32:04,520 to it and are we looking forward to some feedback 700 00:32:04,520 --> 00:32:06,080 on that area? 701 00:32:06,080 --> 00:32:09,200 Essentially, there are a lot of data sources 702 00:32:09,200 --> 00:32:11,120 that's coming which will be added. 703 00:32:11,120 --> 00:32:13,920 And like Arvin mentioned, from the safety aspect, 704 00:32:13,920 --> 00:32:16,880 there is also a couple of features that we're working on. 705 00:32:16,880 --> 00:32:19,200 There's a lot of discussions on the multi-cloud effort 706 00:32:19,200 --> 00:32:21,200 as well, so you will see them coming 707 00:32:22,160 --> 00:32:23,920 as we go towards GR beyond. 708 00:32:25,400 --> 00:32:28,040 Another big piece is actually a lot of work 709 00:32:28,040 --> 00:32:30,080 on the multi-cloud area. 710 00:32:30,080 --> 00:32:33,040 So I mentioned AWS through buckets, 711 00:32:33,040 --> 00:32:34,800 scanning becoming public preview. 712 00:32:34,800 --> 00:32:39,800 There's a lot of other sources sort of along that area 713 00:32:40,680 --> 00:32:43,320 of AWS and GTP resources essentially 714 00:32:43,320 --> 00:32:45,400 that will also be great capabilities 715 00:32:45,400 --> 00:32:48,440 to have for customers. 716 00:32:48,440 --> 00:32:50,400 So there's a question we ask all our guests at the end 717 00:32:50,400 --> 00:32:52,560 and that is, do you have any last thoughts? 718 00:32:52,560 --> 00:32:53,960 Is there any sort of takeaway 719 00:32:53,960 --> 00:32:55,400 like to leave our listeners with? 720 00:32:55,400 --> 00:32:57,920 The biggest piece here to understand is 721 00:32:57,920 --> 00:33:00,920 it's a product that really impacts data overall 722 00:33:00,920 --> 00:33:02,440 and security. 723 00:33:02,440 --> 00:33:05,400 And many times when we're talking to customers, 724 00:33:05,400 --> 00:33:07,080 we see that these two pieces, 725 00:33:07,080 --> 00:33:10,800 although they should really be one and together 726 00:33:10,800 --> 00:33:13,240 and talking to each other and collaborating, 727 00:33:13,240 --> 00:33:15,080 are very much sometimes separated. 728 00:33:16,200 --> 00:33:19,440 So tools like this are sort of helping 729 00:33:19,440 --> 00:33:22,880 with the market push and driving those conversations together. 730 00:33:22,880 --> 00:33:25,520 And I'd like to see it's already starting to say 731 00:33:25,520 --> 00:33:28,200 that it's already starting to work a little bit. 732 00:33:28,200 --> 00:33:29,920 Having these engaging conversations, 733 00:33:29,920 --> 00:33:32,360 having sort of customers lead the way 734 00:33:32,360 --> 00:33:34,840 and having these kinds of conversations 735 00:33:34,840 --> 00:33:37,400 and hopefully we'll continue to see this market trend. 736 00:33:37,400 --> 00:33:40,200 Yeah, I'll just add few more things to that. 737 00:33:40,200 --> 00:33:42,040 We've talked to many customers, 738 00:33:42,040 --> 00:33:44,120 they all have one common challenge. 739 00:33:44,120 --> 00:33:49,120 Data is growing very fast at a very high velocity, 740 00:33:49,360 --> 00:33:52,440 higher volumes and also the variety of data. 741 00:33:52,440 --> 00:33:54,400 So it's extremely important to have 742 00:33:54,400 --> 00:33:57,000 a comprehensive data governance solution. 743 00:33:57,000 --> 00:34:01,080 So Perview is unified data governance cloud-based solution 744 00:34:01,080 --> 00:34:05,280 and also supports data on-prem as well as in the cloud. 745 00:34:05,280 --> 00:34:09,320 So highly recommend our listeners to try Perview 746 00:34:09,320 --> 00:34:10,840 and help us with feedback. 747 00:34:10,840 --> 00:34:12,440 And with that, let's bring this to an end. 748 00:34:12,440 --> 00:34:14,160 Thank you so much for joining us this week. 749 00:34:14,160 --> 00:34:15,240 We really appreciate it. 750 00:34:15,240 --> 00:34:16,720 And I certainly learned a great deal. 751 00:34:16,720 --> 00:34:20,120 I know Mark and Gladys for you learned a great deal too. 752 00:34:20,120 --> 00:34:22,320 To our listeners, we trust you found this useful too. 753 00:34:22,320 --> 00:34:23,560 Thanks for listening. 754 00:34:23,560 --> 00:34:25,840 Stay safe out there and we'll see you next time. 755 00:34:25,840 --> 00:34:28,760 Thanks for listening to the Azure Security Podcast. 756 00:34:28,760 --> 00:34:32,480 You can find show notes and other resources at our website, 757 00:34:32,480 --> 00:34:35,560 azsecuritypodcast.net. 758 00:34:35,560 --> 00:34:37,120 If you have any questions, 759 00:34:37,120 --> 00:34:39,440 please find us on Twitter at AzureSecPod. 760 00:34:40,320 --> 00:34:43,280 Background music is from ccmixter.com 761 00:34:43,280 --> 00:34:46,080 and licensed under the Creative Commons license. 762 00:34:46,080 --> 00:35:02,080 Background music playing