DLP (Data Loss Prevention) – Large or Small Companies regulated when it comes to how particular kind of information can be stored transferred or disclosed it can be governed by law or industry standards.
Examples:- Data Protection Act that we can mention is that the Data Protection Act in Ireland which regulates our data can be handled this regulation is soon to be replaced by new EU regulations.
An ignorant staff member Comply with all these standards and regulations can be a little bit of a challenge and most of the time we are talking about human factors.
Means business could be in violation of the law because a staff member by accident sends an email to an inappropriate user it could be as well a document that accidentally located in the wrong location.
Example: – A file share which is suddenly available to everyone in the company, to be honest, there are loads of risks and scenarios that can play out which could put the company to a lot of problems with the law the industry or the public. To save this kind of situations we use Data Loss Prevention or DLP.
If you are an office 365 shopper & using Office 365 Exchange, Office 365 Sharepoint Online and OneDrive for Business in your daily work. If You have regulations to comply with, then you should be looking at enabling DLP functions that are included with Office 365.
DLP or Data loss Prevention works in a way that it can identify sensitive information across all locations like Exchange Online, Sharepoint Online, OneDrive for Business.
The information like PPS numbers, credit card patterns, passport numbers, etc.
– If someone sends an email and recipient looks little but fishy then DLP or Data loss prevention generates a warning.
– A user can override DLP or Data Loss Prevention Policy with business justification and send the email, and later manager or same person who send the email can review the justification to ensure that everything is in order.
– Monitor Policy conflicts and incidents.
How DLP or Data Loss Prevention works with Microsoft Exchange Online.
To explain this better we take an example of two companies Paayi1 & Paayi2. In this scenario, Employee A sends two documents to Employee B of Paayi1 and two documents of Employee C of Paayi2. One of the documents contains sensitive customer details and organization don’t allow for sensitive information to external users unless of course there is a business justification.
Technologies Used here are as follow
When Employee tries to send Email to them, Policy tip appears in this case. The EOP has detected that the email contains an excel sheet with sensitive information and that it has been sent to an unauthorized user.
Note this there is an Override button at the end of the message; this will allow Employee A to send anyway.
By clicking on the Override Button, this will allow Employee A to send but need But need Business justification. Once Employee A submit the justification then email can be sent.
After sending the email, a new message pops up saying:- You have chosen to send this message even though it appears to contain sensitive information. Your decision might be reviewed later by your organization.
Now See How DLP or Data Loss Prevention works in Microsoft OneDrive for Business
Employee A from Paayi1. Inc Upload two documents on OneDrive for Business. These documents contain sensitive information and Paayi1. Inc doesn’t allow for sensitive information to be stored in this location. Employee A will try to upload this anyway, now check out how DLP works when here.
If Employee tries to upload two types of documents one is in .doc format, and other is in .pdf format, and both contains sensitive information like credit card numbers. After Uploading the documents, a read icon comes on the documents.
Now when employee A tries to click on these documents, he will see a policy tip as shown below.
Now Employee can resolve this by clicking on Resolve or open the document and remove the sensitive information.
When Employee A clicks on resolve button a new window pops up with two options – Override Policy or report an issue. It gives Employee A possibility to provide a business justification or in case there are missing configurations into policy and docs should not be classified as sensitive then the user can simply report this to the DLP administrator.
Now if Employee A opened the document then how it looks.
Now see how DLP works in Microsoft SharePoint
In this Employee, A upload two documents to a SharePoint site and those documents contain sensitive information. It doesn’t allow sensitive information to be stored on the SharePoint site.
When Employee A drop those files on the Sharepoint Site than those files are being marked with a red symbol.
Now when Employee A click one of these two files ti will give the Policy Tip Again informing the user that it contains sensitive data.
Clicking on resolve button either you can resolve the policy or report to DLP administrator.
One More cool functionality is this If Employee A by any chance didn’t recognize the policy tips, then there are emails being sent to him informing him that the files he just uploaded will be restricted and can only be accessed by the owner.
Data Loss Prevention Tools
Now we will Show how it Looks to DLP Administrator or Compliance Officer.
His job is to ensure that the company is compliant with regulation and industry standards. First, we will see how DLP or Data loss prevention reporting can be presented through email. Second, we will see how it looks when accessing the compliance reports through the security and compliance section in office 365.
DLP Administrator checks the compliance mailbox which collects daily activities. He can see that there is an incident relating to an email being from Employee A to Employee B and Employee C( Outside organization). DLP administrator not only able to open the email but also able to read the full email & check the attachments.
Now we will show you how it looks from an auditor perspective. In here you can see the date, rule, Item, Last modified, Sensitive information, Severity & Action.
Written By - Yashdeep Sahni