Several years after its launch, Office 365 can lay claim as being one of the most well-known and utilized cloud platforms available. Alongside other facilities like Salesforce, Box, Yammer and countless others, the suite grants access to information in ways never previously envisaged.
However, with this increased accessibility comes increased risk. If employees are afforded more entry points into their company’s knowledge capital, then this increases the risk of data loss. Data loss can have catastrophic and costly consequences for any firm. However, we need to be mindful that these risks aren’t just technological but can also be linked to an employee’s actions.
We live in a world where business-critical information can be stored in emails, financial documents can be opened on the move, and so on. Preventing this precious data going astray is known as Data Loss Prevention. Luckily Office 365 is in a strong position to assist with this.
Let’s look at how.
How Does Exchange Data Loss Prevention Work?
Microsoft released their first set of Data Loss Prevention (DLP) tools for SharePoint Online and OneDrive in 2013, with the latest additions focusing on Exchange and Exchange Online. These facilities are managed in an area called the Exchange Administration Centre (EAC), which can be accessed (as with all other applications) via the Office 365 Administration Portal.
These tools sit alongside the already released in-place eDiscovery and in-place legal holds. The EAC now allows you to:
- Pick from a range of available policy templates (more on this below)
- Test how efficient any potential DLP policy will be prior to release
- Roll your own custom DLP templates and information types
- Create and manage custom tips
- Review analytics and DLP related reports
DLP Policy Templates
The key theme to the above is Policies. A DLP policy can be summarized as a set of transport rules, and introduce a powerful and innovative new way of detecting sensitive information. These rules, once defined, are incorporated into Exchange’s mail processing workflows. Content is then analyzed using a variety of techniques below to detect content types that can also be defined in the EAC:
- Keyword matches
- Dictionary matches
- Regular expression evaluation
The advantage to the Out-of-the-Box DLP templates is that they have to be rigorous enough to satisfy all the various standards that Microsoft operate Office 365 under (ISO27001, Safe Harbour, etc.) so these represent an excellent place to start.
Live Features
On the flip side of being able to apply these templates, there may be concerns on how they might interfere with the end user’s working patterns. One interesting and unique way is the way in which centrally defined DLP policy violations are shown to the user.
As outlined above, there are a number of techniques that are used to assess and evaluate email content. When a violation is detected on the user’s part, it is revealed to them in the form of a Policy Tip. Currently, you and I are familiar with mouse-over tips; just hover over an item and more information will be shown via a handy pop-up.
Policy Tips work in a very similar fashion. Depending on how a DLP policy has been defined, a policy tip can be purely informative to outright restrictive. A common business scenario is the distribution of credit card information or personally identifiable information (transaction data for instance).
Potential responses to this may be a simple pop-up box to advise of this included data, or the disabling of the sending and distribution options for the email itself.
Touch-tastic
One policy type that we feel is worth a mention is one that is known as Document Fingerprint. A fingerprint can be defined as a content type and then distributed via the transport rules. Rather than requiring actual biometric data, the concept of a document’s fingerprint is its unique and particular use of language.
This can certainly be quite powerful when considering how to prevent the loss of form related data. The HR guys can now breathe a sigh of relief!
A Great Approach
In closing, the combination of remote policy creation in Exchange and real-live feedback on their violations is a potent and well-balanced pairing. Microsoft are thinking intelligently and hoping that small things, like the policy tips will educate and enlighten users as to their mistakes, rather than purely directing them to IT.
It’s a well-known fact that humans are nominally the weakest point of any system, so in seeking to inform and not belittle end users for their mistakes, Microsoft have taken a great approach to both the creation and application of DLP policies within the Exchange domain.