This is the Trace Id: ec478a64fb977665ed03d19a045a9337
Skip to main content
Microsoft Security
Get the report
Two people looking at the laptop.

What is data protection?

Learn how to protect your data wherever it lives and manage sensitive and business critical data across your environment.
Explore data protection

Data protection defined

Data protection refers to security strategies and processes that help secure sensitive data against corruption, compromise, and loss. Threats to sensitive data include data breaches and data loss incidents.

A data breach is the result of unauthorized access to your organization’s information, network, or devices from sources like a cyberattackinsider threats, or human error. In addition to lost data, your organization may incur fines for compliance violations, face legal action for exposed personal information, and suffer long-term damage to your brand reputation.

A data loss incident is an intentional or accidental interruption to your normal organizational operations—for example, a laptop is lost or stolen, software is corrupted, or a computer virus infiltrates your network. Having a security policy in place and training your employees to recognize threats and how to respond—or not respond—is critical to your data protection strategy.

Key principles of data protection

The two key principles of data protection are data availability and data management.

Data availability enables employees to access the data they need for day-to-day operations. Maintaining data availability contributes to your organization’s business continuity and disaster recovery plan, which is an important element of your data protection plan that relies on backup copies stored in a separate location. Having access to these copies minimizes downtime for your employees and keeps their work on track.

Data management encompasses data lifecycle management and information lifecycle management.

  • Data lifecycle management covers data creation, storage, usage and analysis, and archival or disposal. This lifecycle helps to ensure that your organization is complying with relevant regulations and that you’re not storing data unnecessarily.
  • Information lifecycle management is a strategy for cataloging and storing the information derived from your organization’s datasets. Its purpose is to determine how relevant and accurate the information is.

Why is data protection important?

Data protection is important for keeping your organization safe from data theft, leaks, and loss. It involves using privacy policies that meet compliance regulations and preventing damage to your organization’s reputation.

A data protection strategy includes monitoring and protecting data within your environment and maintaining continuous control over data visibility and access.

Developing a data protection policy enables your organization to determine its risk tolerance for every category of data and to comply with applicable regulations. This policy also helps you establish authentication and authorization—determining who should have access to what information and why.

Types of data protection and best practices

Data protection solutions help you monitor internal and external activity, flag suspicious or risky data-sharing behavior, and control access to sensitive data.

Data loss prevention

Data loss prevention is a security solution that helps your organization prevent the sharing, transfer, or use of sensitive data through actions like monitoring sensitive information across your data estate. It also helps to ensure your compliance with regulatory requirements—for example, the Health Insurance Portability and Accountability Act (HIPAA) and European Union (EU) General Data Protection Regulation (GDPR).

Replication

Replication continually copies data from one location to another to create and store an up-to-date copy of your data. It allows failover to this data in the event your primary system goes down. In addition to protecting you from data loss, replication makes data available from the nearest server so that authorized users can access it faster. Having a complete copy of your organization’s data also gives your teams the option to perform analytics without interfering with day-to-day data needs.

Storage with built-in protection

A storage solution should provide data protection, but also enable you to recover data that was deleted or modified. For example, multiple levels of redundancy aid in protecting your data from things like service outages, hardware problems, and natural disasters. Versioning preserves previous states of your data when an overwrite operation creates a new version. Configure a lock—for example, read only or cannot delete—on your storage accounts to help protect them from accidental or malicious deletion.

Firewalls

A firewall helps to ensure that only authorized users have access to your organization’s data. It works by monitoring and filtering network traffic according to your security rules and helps block threats like viruses and ransomware attempts. Firewall settings typically include options to create inbound and outbound rules, specify connection security rules, view monitoring logs, and receive notifications when the firewall blocked something.

Data discovery

Data discovery is the process of finding what data sets exist in your organization within data centers, laptops and desktop computers, various mobile devices, and on cloud platforms. The next step is to categorize your data (for example, mark it as restricted, private, or public) and verify that it meets regulatory compliance.

Authentication and authorization

Authentication and authorization controls verify user credentials and confirm that access privileges are assigned and applied correctly. Role-based access control is one example of providing access to only the people who need it to do their jobs. It can be used in conjunction with identity and access management to help control what employees can and can’t access in order to keep your organization’s resources—like apps, files, and data—more secure.

Backup

Backups fall into the category of data management. They can be as frequent as you need them to be (for example, full backups every night and incremental backups throughout the day) and they enable you to restore lost or corrupted data quickly to minimize downtime. A typical backup strategy includes saving several copies of your data and storing a full copy set on a separate server and another in an off-site location. Your backup strategy will align with your disaster recovery plan.

Encryption

Encryption helps maintain the security, confidentiality, and integrity of your data. It is used on data that is at rest or in motion to prevent unauthorized users from viewing file content even if they gain access to its location. Plaintext is transformed into unreadable cipher-text (in other words, data is converted into code) that requires a decryption key to read or process it.

Disaster recovery

Disaster recovery is an element of information security (InfoSec) that focuses on how organizations use backups to restore data and return to normal operating conditions following a disaster (for example, a natural disaster, large-scale equipment failure, or a cyberattack). It’s a proactive approach that helps your organization reduce the impact of unpredictable events and respond more quickly to planned or unplanned interruptions.

Endpoint protection

Endpoints are physical devices that connect to a network—such as mobile devices, desktop computers, virtual machines, embedded devices, and servers. Endpoint protection helps your organization monitor these devices and safeguard against threat actors who seek out vulnerabilities or human error and take advantage of security weaknesses.

Snapshots

A snapshot is a view of your file system at a particular point in time; it preserves that view and tracks any changes made after that point. This data protection solution references storage arrays that use a collection of drives instead of servers. Arrays typically create a catalog that points to the location of data. A snapshot copies an array and sets the data to read only. New entries are created in the catalog while old catalogs are preserved. Snapshots also include system configurations to recover servers.

Data erasure

Erasure is deleting stored data that your organization no longer needs. This process is also known as data wiping or data deletion and is often a regulatory requirement. In relation to GDPR, individuals have the right to have their personal data erased upon request. This right to erasure is also called “the right to be forgotten.”
Back to tabs

Protection, security, and privacy

They may seem like interchangeable terms, but data protection, data security, and data privacy each have a different purpose. Data protection encompasses the strategies and processes your organization uses to help secure sensitive data against corruption, compromise, and loss. Data security is concerned with the integrity of your data and works to protect it from corruption by unauthorized users or insider threats. Data privacy controls who has access to your data and determines what can be shared with third parties.

Data protection compliance and laws

Every organization must comply with relevant data protection standards, laws, and regulations. Legal obligations include, but are not limited to, collecting only the information you need from customers or employees, keeping it safe, and disposing of it properly. The following are examples of privacy laws.

GDPR is the strictest data privacy and security law. It was drafted and passed by the EU, but organizations worldwide are obligated to comply if they target or collect personal data from EU citizens or residents or offer goods and services to them.

The California Consumer Privacy Act (CCPA) helps to secure privacy rights for California consumers, including the right to know about the personal information a business collects and how it is used and shared, the right to delete personal information collected from them, and the right to opt out of the sale of their personal information.

HIPAA helps to protect patient health information from being disclosed without the patient’s knowledge or consent. The HIPAA Privacy Rule safeguards personal health information and was issued to implement HIPAA requirements. The HIPAA Security Rule helps to protect identifiable health information that a healthcare provider creates, receives, maintains, or transmits electronically.

The Gramm-Leach-Bliley Act (GLBA)—also known as the Financial Services Modernization Act of 1999—requires financial institutions to explain their information sharing practices to customers and to safeguard sensitive data.

The Federal Trade Commission is the primary consumer protection body in the United States. The Federal Trade Commission Act declares unlawful any unfair methods of competition and unfair or deceptive acts or practices affecting commerce.

Data discovery and classification

Data discovery and data classification are separate processes that work together to provide visibility into your organization’s data. A data discovery tool scans your entire digital estate to discover where structured and unstructured data resides, which is critical to your data protection strategy. Data classification organizes data from the data discovery process based on file type, content, and other metadata; helps eliminate duplicate data; and makes it easy to locate and retrieve data.

Unprotected data is vulnerable data. Knowing what data you have and where it lives helps you to protect it while adhering to regulatory compliance requirements related to data processes and controls.

Data protection solutions

Data protection solutions help to guard against data loss and include security, data backup, and recovery, which directly support your organization’s disaster recovery plan.

Simplify how your organization understands its sensitive data. Get visibility into all your data; get more powerful protection across apps, clouds, and devices; and manage regulatory requirements with Microsoft Security solutions.
Resources

Learn more about Microsoft Security

  1.
A man is looking at the computer.

Microsoft Purview

Explore governance, protection, and compliance solutions for your organization’s data.
Learn more
Two men looking at a laptop together

Help prevent data loss

Identify inappropriate sharing, transfer, or use of sensitive data on endpoints, apps, and services.
Learn more
Two young women in a sunlit office: one with glasses works on a laptop; the other in a denim jacket smiles at her phone.

Information protection

Help protect and govern your data with built-in, intelligent, unified, and extensible solutions.
Learn more
A diverse group of four people engaged in a lively discussion around a table.

Communication compliance

Use machine learning to detect communication violations.
Learn more
Back to Resources section
FAQ

Frequently asked questions

  • Examples of data protection include guarding against malicious or accidental damage, having a disaster recovery strategy, and limiting access only to those who need the data.
  • The purpose of data protection is to safeguard your organization’s data against compromise, harm, and loss.
  • GDPR states that individuals have fundamental rights and freedoms when it comes to the protection of their personal data. Every organization that collects personal data must gain explicit consent from individuals and is required to be transparent about how that data will be used.
  • Data protection tools include data discovery and inventory, encryption, data erasure, access management, and endpoint security.
  • To help protect data, businesses may start by establishing a security policy that defines things like approved use and incident reporting. Backing up critical data, keeping software up to date, and educating employees on data protection are other important actions to take.

Follow Microsoft Security