I recently published a blog asking whether Microsoft “lock-in” is the right security strategy for your organisation and wanted to provide this summary.

In the blog, I asked how finance teams became so influential in selecting cybersecurity products and providing advice for chief security officers (CSOs) and chief information security officers (CISOs) facing pressure from their chief financial officers to go all in on E5 (the licence tier that includes Microsoft’s data security solution, Purview). For companies who have the E5 licence, the post provides some tips on how to fix some Purview gaps and how to show the value of a specialised tool that complements Purview.

What is vendor lock-in?

In the tech world, vendor lock-in refers to a situation where a customer becomes dependent on a particular vendor’s products or services and finds it difficult to switch to another vendor without substantial cost, effort or disruption. Customers are essentially forced to stay with the providers they have and buy more from the incumbent. Providers with locked-in customers can offer an inferior service without losing customers. This removes competition from the market, meaning better companies lose out and customers have to put up with overpaying for a service that could be a lot better.

What is Purview?

Purview is a collection of different technologies, some developed in-house by Microsoft and others acquired that have been loosely integrated and rebranded as Microsoft Purview.

The pros and cons of going all in on Microsoft Purview

Going all in with Microsoft Purview comes with its set of pros and cons.

The positives of going all in on Purview: Purview could potentially replace other security tools and address security cost concerns. Purview claims to offer a chance to establish a more cohesive approach to the entire security stack by consolidating to one provider and replacing best-of-breed point solutions. With comprehensive reporting and integrated technologies, Microsoft touts improved insights for better decision-making and threat response.
The negatives of going all in on Purview: On the other hand, CISOs need to be aware of implementation costs, ongoing maintenance costs, the organisation’s overall security posture, support ticket resolution timing and feature requests and delivery.

Lengthy deployments

Deploying Purview, a complex amalgamation of technologies, demands expertise and resources. For a Next customer with E5 faced challenges, a two-year timeframe for labelling and classification before operational use is estimated. This highlights potential delays for CISOs with alternative plans for their teams until the Purview rollout is complete.

Complexity

Purview configuration and optimisation is notoriously complex and expensive. According to George Kurtz of Crowdstrike, enterprise customers exploring Microsoft often find the need for multiple consoles. They realise it demands a significant workforce and might incur higher costs than using the E5 licence they already have in place.

Visibility limitations

Purview’s complete value is unlocked when fully integrated with the Microsoft OS, applications, data types and the entire Purview stack. While it excels with O365 and native Microsoft data, analysts highlight limitations in non-Microsoft and Apple-native apps and file types, pointing out gaps in support beyond O365 and Office apps on the macOS agent.

Support challenges

Without additional fees for an upgraded Microsoft support plan, resolving support tickets can take weeks or months. Access to a support engineer familiar with your specific issue is a core challenge. Opting for a specialised data protection solution ensures quicker issue resolution, thanks to the deep product knowledge of every support engineer.

Feature requests

Finally, feature requests for Microsoft Purview can take months or years to be considered unless you’re a major customer with influence. Using an online form for requests can be hit or miss. Independent software vendors are quicker in addressing customer needs, welcoming and encouraging feature requests to deliver promptly on critical use cases. Simply put, smaller players are more agile in delivering new features.

Enhancing Microsoft Purview: unleashing the power of the Reveal Platform by Next DLP

If you already have a Microsoft Purview licence but identified some limitations, the question becomes: how do you justify investing in a specialised insider risk and data protection platform? Enter the Reveal Platform by Next DLP, a robust augmentation for Microsoft Purview. Here are five key ways in which the Reveal Platform and Next DLP elevate Microsoft Purview:

Comprehensive data protection: Safeguard your data, regardless of its location or file type. In an age where diverse applications and file types abound, Reveal offers a suite of features ensuring the security of your data, supporting various data types, seamlessly integrating with third-party applications, and accommodating data stored across different environments without the need for expensive discovery and classification projects.
Advanced DLP and IRM support: While Purview is adequate for basic data protection scenarios, Reveal takes data loss prevention and insider risk management to the next level. Leveraging Machine Learning on endpoints, it establishes a baseline for normal data behaviour and after the training period, identifies deviations. Moreover, Reveal ensures secure data flow within your ecosystem, tracking and tracing files from origin through all user interactions and providing robust protection.
Instant value and policy-free visibility: Unlike traditional approaches that require lengthy discovery and classification processes, Reveal provides immediate visibility into data movement and real-time inspection. Customers derive value within the first week, and the platform seamlessly imports Microsoft Purview information protection sensitivity labels, enabling the definition and enforcement of data protection policies without the need for complex configurations.
Unified console view: Overcoming the complexity of multiple consoles within the Purview collection, Reveal offers a unified console view. This consolidated view into insider risk management and data loss prevention events empowers analysts with complete and contextual visibility. This streamlines decision-making by presenting insights into “who did what with what data” along with the relevant context.
Innovative R&D and world-class customer experience: Next DLP stands out with its innovative and agile research and development and customer success teams committed to delivering a world-class customer experience.

Conclusion

As with any security technology-related decision, there are pros and cons that every CSO or CISO should consider when evaluating whether Purview is right for their organisation. For more information on this topic, check out the blog post, fireside chat and e-book.