Microsoft has taken another step to secure data in SharePoint Online with the introduction of Data Loss Prevention (DLP). The only thing surprising is that it has taken this long to do it, given that Microsoft already provides DLP for Exchange, Outlook and Outlook Web App (OWA).
However, it wouldn’t make a lot of sense to introduce DLP to SharePoint Online without also applying it to OneDrive.
So Microsoft has gone ahead and done that, too. With it, users will be able to to search for sensitive content in the enterprise eDiscovery Center, but keep the content where it was originally located.
Microsoft made the announcement in a blog post by Wesley Holley, a program manager on the Office 365 team and Shobhit Sahay, technical product manager on the Office 365 team.
The move is a response to the growing issues around the storage of sensitive information in enterprise siloes and data centers. Given that SharePoint on-premises is being used by a wide variety enterprises for enterprise content management, as well as the fact that Microsoft has long term ambitions to move its clients to the cloud, then securing data is essential.
While Microsoft points to the fact that protecting data is important because it enables organizations to comply with government and industry regulations, which is true, the story is bigger. In fact, guaranteeing that it can protect data is key to the success of both SharePoint Online and OneDrive — hence the introduction of DLP.
Holley and Sahay explained, "Office 365 already provides these necessary capabilities for email with Data Loss Prevention (DLP) in Exchange, Outlook, and OWA[Outlook Web App], along with a series of built-in sensitive information types that you can use for your searches. We’re pleased to announce that we are taking our first steps for DLP in SharePoint and OneDrive, thereby allowing you to use the same sensitive information types to search documents and sites across your organization."
Searching for sensitive content
The introduction of DLP is a major addition for securing data in SharePoint online generally speaking, there are three specific areas where it is particularly useful:
The search for sensitive content is now built into enterprise search and enables enterprises find sensitive content in their existing e-discovery center. Compliance administrators can start the process by entering queries of any level of complexity into the search engine. Once the query has been run the results appear under the SharePoint tab where they can be reviewed in place. The query parameters can be adjusted to fine-tune the search while access to the eDiscovery Center is role protected to ensure that workers can only access the data they are authorized to access.
Office 365 can manage a huge range of sensitive information types that covers not just verticals, but also industry segments and geographies. It can also identify standard information types like credit card numbers, Social Security numbers (SSNs), bank account numbers and other types of data. These 51 sensitive information types that are identifiable are detected based on pattern matching and are easy to set up. Users will also be able to extend these same sensitive information types to search across SharePoint Online and OneDrive for Business by creating simple queries.
From the e-Discovery center, users will be able to review offending documents in real time and export the list of suspect documents outside the center for further review. By doing this, enterprises can look at permissions, remove sensitive data from shared sites, among other actions.
Later in the year Microsoft will be introducing capabilities that will allow users to create policies that automatically detect sensitive content and apply protection based on your organization’s need.