Azure Data Discovery & Classification (DSPM)

Azure Data Discovery & Classification (DSPM)

Data Discovery and Classification for Azure Data Stores

Book a Demo
Azure Data Discovery & Classification (DSPM)
Table of Contents
This is some text inside of a div block.

TL;DR:

  • Azure Data Discovery and Classification are crucial for data security and compliance in organizations.
  • Strac offers an advanced solution for automated data discovery and real-time classification in Azure.
  • Practical policies based on data labels can enhance data governance and operational efficiency.
  • Strac provides remediation actions like labeling, masking, and blocking for sensitive data protection.
  • By integrating Strac with Azure, organizations can effectively manage and protect their sensitive information.

Introduction to Azure Data Discovery and Classification (Azure DSPM)

In today's data-driven world, organizations handle vast amounts of sensitive information across various data stores. Effective data discovery and classification are critical to ensuring data security, compliance, and efficient data management. Azure, a leading cloud platform, offers a range of data stores that require robust discovery and classification mechanisms. Strac, a pioneer in Data Loss Prevention (DLP) and Data Discovery, provides an advanced solution for Azure Data Discovery and Classification. This integration page explores the importance of data discovery and classification, the capabilities of Strac in this domain, and practical policies for leveraging classified data in Azure.

Exploring Major Azure Data Stores for Discovery and Classification (Azure DSPM)

Azure offers a wide range of data stores to cater to diverse organizational needs. Some of the major data stores include:

  1. Azure SQL Database: A fully managed relational database with built-in intelligence.
  2. Azure Blob Storage: An object storage solution for unstructured data.
  3. Azure Data Lake Storage: A scalable data lake for big data analytics.
  4. Azure Cosmos DB: A globally distributed, multi-model database service.
  5. Azure Table Storage: A NoSQL store for schemaless storage of structured data.
  6. Azure File Storage: A managed file share service in the cloud.
  7. Azure Data Factory: A cloud-based data integration service.

Understanding the Importance of Data Discovery and Classification in Azure (Azure DSPM)

Data discovery and classification are fundamental to understanding and managing sensitive data. The key reasons for implementing these processes include:

  1. Data Security: Identifying and protecting sensitive information from unauthorized access and breaches.
  2. Compliance: Ensuring adherence to regulatory requirements such as GDPR, HIPAA, and CCPA.
  3. Data Governance: Implementing policies for data usage, access control, and retention.
  4. Risk Management: Reducing the risk of data leaks and ensuring proper handling of sensitive information.
  5. Operational Efficiency: Streamlining data management processes and improving data quality.

Strac's Unique Approach to Azure Data Discovery and Classification (Azure DSPM)

Strac's data discovery and classification solution is designed to seamlessly integrate with Azure's data stores, providing comprehensive visibility and control over sensitive information. Here’s how Strac does it:

Utilizing Automated Data Discovery in Azure

Strac employs advanced algorithms and machine learning techniques to automatically scan and discover sensitive data across all Azure data stores. This process involves:

  1. Scanning: Continuous scanning of data stores to identify sensitive information.
  2. Classification: Categorizing data based on predefined and custom classification rules.
  3. Indexing: Creating an index of discovered data for quick access and management.
Strac Azure Data Discovery and Classification

Implementing Real-time Data Discovery & Classification in Azure DSPM

Strac ensures real-time classification of data, allowing organizations to maintain up-to-date records of sensitive information. The classification process includes:

  1. Pattern Matching: Identifying data patterns that match sensitive information types (e.g., PII, PHI, financial data).
  2. Context Analysis: Analyzing the context in which data appears to accurately classify it.
  3. User-defined Labels: Allowing users to create custom labels and classification rules tailored to their specific needs.

Taking Remediation Actions for Data Classification in Azure DSPM

Once data is discovered and classified, Strac provides various remediation actions to protect and manage sensitive information:

  1. Labeling: Applying labels to sensitive data for easy identification and management.
  2. Masking: Redacting or masking sensitive information to prevent unauthorized access.
  3. Blocking: Restricting access to sensitive data based on user roles and permissions.
  4. Alerting: Generating alerts for potential security threats or compliance violations.
  5. Deletion: Securely deleting sensitive data that is no longer needed.

Implementing Practical Policies Based on Labels for Azure Data

Effective data management policies can be implemented based on the labels applied by Strac. Here are some practical policies:

Setting Access Control Policies for Azure Data Discovery and Classification (Azure DSPM)

  1. Role-based Access Control (RBAC): Define and enforce access permissions based on user roles. For example, only finance team members can access financial data.
  2. Least Privilege Principle: Ensure users have the minimum necessary access to perform their job functions.

Establishing Data Retention Policies in Azure for Classification

  1. Retention Schedules: Define retention periods for different types of sensitive data. For instance, PII data should be retained for no longer than five years.
  2. Automated Deletion: Automatically delete data that has reached the end of its retention period.

Defining Data Sharing Policies in Azure for Discovery and Classification

  1. Restricted Sharing: Limit sharing of sensitive data to authorized personnel only.
  2. Data Encryption: Ensure sensitive data is encrypted during transit and at rest when shared.

Ensuring Compliance with Azure Data Classification Policies

  1. Regulatory Compliance Checks: Regularly audit data stores to ensure compliance with regulations such as GDPR and HIPAA.
  2. Incident Response: Develop and implement incident response plans for data breaches involving sensitive information.

Monitoring and Reporting Policies for Azure Data Discovery and Classification

  1. Continuous Monitoring: Continuously monitor data stores for unauthorized access and unusual activities.
  2. Reporting: Generate regular reports on data discovery, classification, and remediation activities for audit and compliance purposes.

Conclusion on Azure Data Discovery and Classification

Integrating Strac's advanced data discovery and classification solution with Azure's data stores empowers organizations to effectively manage and protect their sensitive information. By automating data discovery, ensuring real-time classification, and implementing robust remediation actions, Strac helps organizations enhance data security, achieve compliance, and streamline data management processes. Leveraging practical policies based on data labels further strengthens data governance and operational efficiency, making Strac an indispensable partner in the Azure ecosystem.

By choosing Strac for Azure Data Discovery and Classification, organizations can confidently navigate the complexities of data security and compliance, ensuring their sensitive data is always protected and properly managed. sensitive data is always protected and properly managed.

Sensitive Data Types for Azure Data Discovery and Classification (DSPM)

Checkout all the sensitive data elements and file formats supported by Strac: https://www.strac.io/blog/strac-catalog-of-sensitive-data-elements

Sharepoint DLP Use Cases

Healthcare Organizations Handling PHI (Protected Health Information)
Financial Services Firms Protecting Multiple Types of Sensitive Data
Technology Companies Safeguarding Intellectual Property (IP)

Practical Scenario

A hospital’s billing and administrative teams use SharePoint Online to store patient invoices, medical reports, and insurance forms. While collaborating with external insurance providers, a staff member accidentally updates the permissions on a SharePoint document library to “Anyone with the link,” exposing potentially thousands of patient files containing PHI.

Industry Challenge

Healthcare organizations must meet HIPAA requirements for patient privacy. Even a single unauthorized access to PHI can trigger non-compliance, steep fines, and damage to the hospital’s reputation.

How Strac Helps

  • Continuous Data Discovery: Strac automatically scans existing and newly uploaded documents, identifying PHI (e.g., medical record numbers, Social Security Numbers).
  • Classification & Labeling: Once identified, files are labeled (e.g., “HIPAA Sensitive”), ensuring that administrators know which documents require the highest level of protection.
  • Visibility into Access: Strac provides real-time insight into who has access to these sensitive documents. Administrators can instantly see if unauthorized users or broad groups have viewing rights.
  • Revoke Public Links: If a file is publicly accessible, Strac immediately revokes those links and restores restricted access.
  • Alerts & Quarantines: When someone attempts to share PHI externally, Strac can alert admins, quarantine the file for review, or completely block the action.
  • Audit-Ready Reports: All actions are logged, enabling quick incident response and demonstrating HIPAA compliance for audits.
Seamless Integration & Scalability Showcase
Machine Learning & Customization Showcase
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

Practical Scenario

A hospital’s billing and administrative teams use SharePoint Online to store patient invoices, medical reports, and insurance forms. While collaborating with external insurance providers, a staff member accidentally updates the permissions on a SharePoint document library to “Anyone with the link,” exposing potentially thousands of patient files containing PHI.

How Strac's Sharepoint DLP Helps

  • Continuous Data Discovery: Strac automatically scans existing and newly uploaded documents, identifying PHI (e.g., medical record numbers, Social Security Numbers).
  • Classification & Labeling: Once identified, files are labeled (e.g., “HIPAA Sensitive”), ensuring that administrators know which documents require the highest level of protection.
  • Visibility into Access: Strac provides real-time insight into who has access to these sensitive documents. Administrators can instantly see if unauthorized users or broad groups have viewing rights.
  • Revoke Public Links: If a file is publicly accessible, Strac immediately revokes those links and restores restricted access.
  • Alerts & Quarantines: When someone attempts to share PHI externally, Strac can alert admins, quarantine the file for review, or completely block the action.
  • Audit-Ready Reports: All actions are logged, enabling quick incident response and demonstrating HIPAA compliance for audits.

Practical Scenario

A mid-sized investment firm uses SharePoint to collaborate on various client files, including:
  • Credit card statements (subject to PCI-DSS)
  • ID documents (Driver’s Licenses, Passports, etc.) used for KYC (Know Your Customer) verification
  • Banking information such as account and routing numbers
An associate accidentally shares a SharePoint folder containing these files with a newly onboarded client who does not require access to all confidential documents. This folder is also accessible to several internal teams outside the immediate project, creating multiple potential exposure points.

Industry Problem

Financial organizations must adhere to strict regulations like PCI-DSS for payment card data and various KYC/AML (Anti-Money Laundering) standards that mandate secure handling of personally identifiable information (PII). Exposing client ID documents, bank details, or credit card data can lead to fraud, legal liabilities, and erode customer trust.

How Strac Helps

  • Comprehensive Data Discovery: Strac scans both existing and newly uploaded documents in SharePoint for sensitive information such as credit card numbers, bank account details, and ID documents (Driver’s License, Passport formats).
  • Classification & Automated Labeling: Once identified, Strac applies meaningful labels (e.g., “PCI-DSS Sensitive,” “PII – ID Documents,” “Banking Info”) to ensure these files stand out and are subject to stricter security rules.
  • Visibility into Access: Strac provides an immediate view of who currently has access to these sensitive files. This allows admins to spot situations where external clients or internal teams unnecessarily have permissions.
  • Public Access Revocation: If a labeled document (e.g., containing card data or ID scans) is found to be publicly shared or too broadly accessible, Strac automatically revokes these links or permissions, aligning access with the principle of least privilege.
  • Alerts, Quarantines, and Blocks: When a user attempts to share a labeled document with outside domains—or with an entire department—Strac alerts administrators or quarantines/blocks the file share, depending on policy settings.
    In cases where the share is intentional but needs review, admins can approve or deny the request within Strac’s dashboard.
  • Audit & Compliance: Every sharing event, label assignment, and access revocation is logged, creating a detailed audit trail. This helps demonstrate compliance with PCI-DSS, KYC, AML, and other regulatory requirements.
    Automatic reporting simplifies any regulatory or internal compliance audit, reducing the administrative burden on security and compliance teams.
Seamless Integration & Scalability Showcase
Machine Learning & Customization Showcase
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

Practical Scenario

A mid-sized investment firm uses SharePoint to collaborate on various client files, including:
  • Credit card statements (subject to PCI-DSS)
  • ID documents (Driver’s Licenses, Passports, etc.) used for KYC (Know Your Customer) verification
  • Banking information such as account and routing numbers
An associate accidentally shares a SharePoint folder containing these files with a newly onboarded client who does not require access to all confidential documents. This folder is also accessible to several internal teams outside the immediate project, creating multiple potential exposure points.

How Strac's Sharepoint DLP Helps

  • Comprehensive Data Discovery: Strac scans both existing and newly uploaded documents in SharePoint for sensitive information such as credit card numbers, bank account details, and ID documents (Driver’s License, Passport formats).
  • Classification & Automated Labeling: Once identified, Strac applies meaningful labels (e.g., “PCI-DSS Sensitive,” “PII – ID Documents,” “Banking Info”) to ensure these files stand out and are subject to stricter security rules.
  • Visibility into Access: Strac provides an immediate view of who currently has access to these sensitive files. This allows admins to spot situations where external clients or internal teams unnecessarily have permissions.
  • Public Access Revocation: If a labeled document (e.g., containing card data or ID scans) is found to be publicly shared or too broadly accessible, Strac automatically revokes these links or permissions, aligning access with the principle of least privilege.
  • Alerts, Quarantines, and Blocks: When a user attempts to share a labeled document with outside domains—or with an entire department—Strac alerts administrators or quarantines/blocks the file share, depending on policy settings.
    In cases where the share is intentional but needs review, admins can approve or deny the request within Strac’s dashboard.
  • Audit & Compliance: Every sharing event, label assignment, and access revocation is logged, creating a detailed audit trail. This helps demonstrate compliance with PCI-DSS, KYC, AML, and other regulatory requirements.
    Automatic reporting simplifies any regulatory or internal compliance audit, reducing the administrative burden on security and compliance teams.

Practical Scenario

A software company keeps source code, product roadmaps, and design specs in SharePoint. Several teams—including external contractors—use the same SharePoint site. A developer accidentally grants a large group, including some non-disclosure–exempt contractors, access to a folder containing patent-pending code.

Industry Problem

Leaking IP can destroy a firm’s competitive advantage, trigger legal disputes, and cause immense reputational harm.

How Strac Helps

  • Holistic File Scanning: Strac inspects documents, PDFs, and archives for code snippets, system designs, and proprietary business terms to detect potential IP.
  • Intelligent Labeling: Documents identified as containing IP or trade secrets are automatically classified (e.g., “Proprietary IP”), reinforcing the need for restricted sharing.
  • Real-Time Access Insights: With Strac, administrators can instantly see who has access to IP-tagged files, enabling them to remove unauthorized users or reduce permission scopes.
  • Immediate Link Removal: If a contractor or external partner is mistakenly granted access to IP, Strac revokes public or unauthorized sharing before the files can be downloaded.
  • Alerts & Blocking: Strac’s policies can be configured to alert security teams or block external sharing attempts for files containing proprietary content.
  • Incident Response & Auditing: Detailed logs of every share request, label change, and access revocation aid in quick incident resolution and help prove due diligence if legal issues arise.
Seamless Integration & Scalability Showcase
Machine Learning & Customization Showcase
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

Practical Scenario

A software company keeps source code, product roadmaps, and design specs in SharePoint. Several teams—including external contractors—use the same SharePoint site. A developer accidentally grants a large group, including some non-disclosure–exempt contractors, access to a folder containing patent-pending code.

How Strac's Sharepoint DLP Helps

  • Holistic File Scanning: Strac inspects documents, PDFs, and archives for code snippets, system designs, and proprietary business terms to detect potential IP.
  • Intelligent Labeling: Documents identified as containing IP or trade secrets are automatically classified (e.g., “Proprietary IP”), reinforcing the need for restricted sharing.
  • Real-Time Access Insights: With Strac, administrators can instantly see who has access to IP-tagged files, enabling them to remove unauthorized users or reduce permission scopes.
  • Immediate Link Removal: If a contractor or external partner is mistakenly granted access to IP, Strac revokes public or unauthorized sharing before the files can be downloaded.
  • Alerts & Blocking: Strac’s policies can be configured to alert security teams or block external sharing attempts for files containing proprietary content.
  • Incident Response & Auditing: Detailed logs of every share request, label change, and access revocation aid in quick incident resolution and help prove due diligence if legal issues arise.
      Book a Demo   


Get started with us

      Book a Demo      Download Data Sheet

More DLP & Data Discovery (DSPM) Integrations

All integrations

Intercom DLP

SaaS

Detect & Mask (Redact) Sensitive Intercom Conversations - Intercom DLP (Data Loss Prevention)

View integration

Logs DLP

Cloud

Discover & Redact PII or Sensitive Data In Logs

View integration

Office 365 Email DLP & DSPM

SaaS

Discover & Remediate Sensitive Emails From Your Inbox - Office 365 DLP (Data Loss Prevention)

View integration