Minute Read: 5 minutes

How to protect your sensitive data with automatic classification and labeling

This is a data-driven era. Every day tons of data are generated and it is a herculean task to manually provide security to all the data that is produced. Large enterprises generate huge amounts of data that are maintained by ERP systems like SAP. Transactions with third-party vendors and partners happen almost every day with lots of data being exchanged.

While ERP systems provide the needed data security, once the data leaves these secure systems and is downloaded in a completely new network system, their security becomes questionable. Moreover, when mergers and acquisitions happen, a completely unknown set of data is dumped into these already existing data oceans.

Organizations find it difficult to make use of manual approaches to provide security and stay on top of an ever-changing sea of data. To sum it up, today most organizations do not know what and how their data is handled, what information is exchanged, and how to provide data security to the ever- increasing data lake.

In addition, organizations also face the challenge of keeping their data privacy policy and requirements updated to the current privacy laws. This forces organizations to take utmost care of their data security. With the increasing data breaches and attacks especially on CAD and CAM files used in the design and manufacturing industries, it is necessary to automate data security.

What does it mean to automate data security?

An initial step in safeguarding critical information is to classify which data is critical for the organization. This is Data Discovery and it contains information such as where the sensitive information is found, along with the cardinality of sensitive data elements. And once the organization identifies the type and location of the sensitive data, it can be adequately protected.

Data Classification helps organizations in identifying and organizing their sensitive data to ensure adequate protection. There are many challenges in classifying data. First of all, manually categorizing data that were created years ago is a big task. Secondly, the categorization may be too broad and if users do not understand the categories they will not be able to properly classify them. Thirdly, if users are not aware of the importance of the sensitive information, it may fall into wrong hands and sensitive information may likely be found where it shouldn’t be found.

ALSO READ | 5 steps to implement a successful data classification policy

Data labeling is the application of the actual label or classification to the associated object. Therefore, the only viable solution to the above challenges is to automate the classification of data. Automating the classification process is one of the most effective ways to ensure that your data stays secure wherever it resides.

Microsoft Information Protection (MIP) forms the core of many enterprise data protection strategies. It is a comprehensive suite of services features that Microsoft offers for its customers to classify, label, and protect data.

Automating and operationalizing data protection with SECUDE and Microsoft Information Protection

Most organizations have adopted Microsoft Information Protection solutions for their data classification, labeling protection, and monitoring needs. However, product blueprints and designs are critical in the global supply chain and are exchanged regularly, both within and outside the company’s boundaries. Securing these assets is as important as securing your office and pdf documents.

All organizations utilizing CAD designs, blueprints, and other product data manage them through Product Lifecycle Management (PLM) systems. However, they need these CAD files locally on their frontend workstations to edit them. Also, when they collaborate with their suppliers, which may be more in number, they need these files on their workstations. In all these cases, if these files are not adequately protected once they leave the PLM repository it could spell trouble for the enterprises.

SECUDE’s products HALOCAD and HALOCORE help in automating data protection in the following ways:

Automated Protection of CAD files shared across the supply chain:

SECUDE’s HALOCAD provides automated MIP protection whenever a CAD file or assembly leaves the PLM system. In addition, the CAD applications should be able to open MIP-protected files.

SECUDE’s HALOCAD provides a plug-in for various CAD application, allowing them to open MIP-protected files and to enforce the user privileges defined by the MIP template. With SECUDE’s integration, the extension of the CAD files does not change.

For example, when authoring a CAD diagram, the Autodesk application generates a dwg file, and when the file is protected by SECUDE’s add-in, the add-in preserves the extension of the file, thereby allowing users not to see the difference, and workflow is not disrupted.

ALSO READ | How to protect your CAD data files with MIP and HALOCAD

When an unauthorized user is using an AutoCAD application without the HALOCAD add-in, they will not be able to open the document, even though the application the protected CAD document as a *.dwg file.  When opening protected documents, the HALOCAD solution integrates with Azure Active Directory for user authentication; if the user is authorized by the organization’s policy then the user can open the document and proceed to author changes in the CAD diagram.

With the HALOCAD add-in, users can easily apply, change, and remove Microsoft Information Protection-based sensitivity labels, and underlying protection actions such as encryption, with the click of a button.

SECUDE offers a free version of the HALOCAD add-in to facilitate the ease of opening and viewing sensitive CAD diagrams and models. However, users cannot change labels when only consuming (viewing) the content.

Automated MIP Protection for the structured data when downloaded/exported from SAP:

Most companies worldwide are managing their core business processes with SAP applications and store all their business-critical data (like finance, HR, CRM) in SAP systems.

However, SAP users often download data out of SAP as a copy and use it within Office files (mainly Excel). As the SAP security system only works within SAP, these downloaded / exported files are not protected.

SECUDE HALOCORE provides automated MIP protection before the data leaves the SAP system. It leverages the SAP business process metadata / attributes to identify the required data classification and to map the SAP data security profile to the corresponding MIP template. So, only the users, who have access to the data in SAP, have access to the downloaded data.

M365 Compliance E5 along with managed IT environments and structured data:

As described above, SECUDE solutions provide automated MIP protection in managed IT environments and for structured data. From a unified information protection perspective, this approach provides the maximum value when used together with an automated MIP protection in the unstructured data domain which is covered by M365 Compliance E5.

So, whenever customers want unified information protection across the board, they need to ensure they have SECUDE’s solution along with M365 Compliance E5 for covering all their data with automated MIP protection.


In today’s dynamically data-driven environment it is highly important to ensure the security of your data. While manually protecting data is possible it is cumbersome and wastage of time and effort. Automating data security is the best solution to this challenge.

With Microsoft Information Protection being adopted by most organizations for automation, it operates in the domain of unstructured data and is focused on file content and metadata in the file type header (if any) for the classification process.

SECUDE’s solution operates in the domain of structured data and reads business process metadata/attributes from the SAP system or from the PLM repository to identify the appropriate MIP classification label.

Thus, SECUDE and MIP complement each other and provide a unified classification across all types of data (both structured and unstructured). It is an extension to MIP for the SAP and CAD/PLM environments.

To learn more about how SECUDE helps in automating data protection write to

Comments are closed.