Under the Hood with SharePoint 2016: Data Loss Prevention

Microsoft's launch of the SharePoint 2016 Release Candidate on Jan. 20 brought us one step closer to the much-anticipated final product.

And as we get closer, companies are taking a serious look at what new features SharePoint 2016 includes which can improve their SharePoint Return on Investment or make their work lives easier.

Getting Sensitive About Data Loss Prevention

One of the new features catching the interest of enterprises contemplating an upgrade to SharePoint 2016 is the new Data Loss Prevention feature.

Data Loss Prevention (DLP) is a strategy to prevent end users from finding or sharing sensitive data such as credit card numbers, Social Security numbers or passport numbers for example. Data Loss Prevention techniques are based in three categories: data in-use (endpoint actions), in motion (network traffic) and at-rest (data storage).

SharePoint 2016’s new DLP system applies to at-rest, since it allows you to find the sensitive information in your SharePoint documents.

The four main goals of DLP in SharePoint 2016 are: Identify, Monitor, Protect and End User Education.

Identify

DLP uses the advanced SharePoint search engine to find 51 types of sensitive information in SharePoint. Microsoft hardcoded a series of tests to detect if a certain information type is included in a document for each of the 51 types. Let's use the example of a credit card number to see how this works.

The format of a credit card number is 16 digits which can be formatted (dddd-dddd-dddd-dddd) or unformatted (dddddddddddddddd). However, having 16 digits in a row is not necessarily a credit card, so Microsoft also checks for other keywords in a proximity of 300 characters. Here is a screenshot of only a few of the keywords Microsoft searches for:

After all the document and information is parsed, Microsoft will assign a different confidence level based on how much information is found. For example, for a credit card number, SharePoint is 85 percent confident that what it found is a credit card if:

It finds content that matches the 16 digit pattern
Finds one of the following:
- A keyword from Keyword_cc_verification is found
- A keyword from Keyword_cc_name is found
- Finds a date in the right date format.

If it only finds the pattern of 16 digits, SharePoint reduces the confidence level to 65 percent.

Keep in mind that as the DLP engine relies on search to analyze content from the documents, if the search engine doesn't crawl a document library, DLP will not work on the documents located in that library.

Monitor

DLP brings us two sites templates that aid in monitoring the data in our environment. The first is the eDiscovery Center.

The eDiscovery Center is used for reactive reports. This allows us to create reports of the type of content in SharePoint, however, no automatic action is taken. We can create reports to find different types of information, and save them to Excel for easy reporting and sharing with the compliance team.

The second type of site template is the Compliance Policy Center.

True to its name, the Compliance Policy Center allows us to set up policies about data usage. In this case, improper data use triggers a notification for the data parameters we set. Policies can be further narrowed down to the number of policy violations required before a notification is triggered, and who should receive the notification. Policies should be assigned to specific site collections.

Learning Opportunities

Webinar

Learn the implications of AI to your company though thought-provoking questions

May

ChatGPT and the Future of Conversational AI

This discussion explores various aspects of AI implementation, ethical considerations, and challenges for your organization.

Webinar

An inspirational future of Employee Voice

May

The Evolution of Employee Listening - 2023 Trends & Best Practices

Learn proven effective methods and solutions to supporting an inspirational future of Employee Voice

Webinar

Skills needed to design, build, and run generative AI-based CX solutions

Jun

How organizations can design, build and run Generative AI into the Customer Experience

Discover how to drive enhanced CX through Generative AI

Webinar

Learn how to optimize your digital customer journey

Jun

The Future of Social Media: Emerging Trends and How to Stay Ahead of the Curve

The impact of emerging technologies like AI on social media

Webinar

What it takes to do personalization well

Jun

The Building Blocks of Personalization

This webinar will explore how personalization can create powerful ecommerce shopping experience.

Webinar

Discover the challenges that contact centers, AX, and CX face and how CAI-assisted applications can help solve them

Jun

The Future of Contact Centers with AI at the Helm

Learn how to balance human intuition and interaction with the potential uses of AI to create delightful and lasting CX

Webinar

May

ChatGPT and the Future of Conversational AI

This discussion explores various aspects of AI implementation, ethical considerations, and challenges for your organization.

Webinar

May

The Evolution of Employee Listening - 2023 Trends & Best Practices

Learn proven effective methods and solutions to supporting an inspirational future of Employee Voice

Webinar

May

ChatGPT and the Future of Conversational AI

This discussion explores various aspects of AI implementation, ethical considerations, and challenges for your organization.

Webinar

May

The Evolution of Employee Listening - 2023 Trends & Best Practices

Learn proven effective methods and solutions to supporting an inspirational future of Employee Voice

Webinar

Jun

How organizations can design, build and run Generative AI into the Customer Experience

Discover how to drive enhanced CX through Generative AI

Webinar

May

ChatGPT and the Future of Conversational AI

This discussion explores various aspects of AI implementation, ethical considerations, and challenges for your organization.

Further refinements include if the system notifies users about sensitive information in a document or documents, and whether or not to block that document(s).

DLP Policy Notify user of sensitive information

This brings us to our next topic, which is Block.

Block

When policy makers click the “Block access to the content” checkbox, the document will feature a red “Stop” sign on its icon. This blocks access to that item for everyone except its owner, last modifier and the site owner. Other users will not even see the document.

End User Education

End User Education rounds out the DLP goals. Letting users know that there is something wrong with their document, as well as telling them what is wrong, will help prevent the same mistake from happening again. When a document is flagged by a DLP Policy, and that DLP policy notifies the user, the user will receive an email about their document.

The email gives clear reasons for what triggered the notification — in this case, the document “New Information From Clients.dox” contained a credit card number. Furthermore, when going in the document library and clicking on the stop sign, a Policy Tip is shown to the user.

The policy tip contains information that the document is blocked, as well as information about the blocked permissions. The user has the choice to click Resolve and override the policy by giving a business justification.

Further Information

Data Loss Prevention is one of the great new features in SharePoint 2016 that might push businesses to migrate from SharePoint 2013 or 2010. For those looking for a more technical article on how to set DLP up and make it work, you can find more information here: Configure DLP in SharePoint 2016 Step by Step Tutorial.

Title image "Guy working on his car" (CC BY 2.0) by vidalia_11