Grand Theft Data (Loss Prevention) in SharePoint 2016

Grand Theft Data (Loss Prevention) in SharePoint 2016 or Online

Sorry, no new version of GTA is forthcoming…this blog is about Data Loss Prevention (DLP) in SharePoint 2016 public beta 2 release.

DLP what is it not? DLP has nothing to do with backup or recovery. In general it is a combination of technology and processes that safeguard sensitive information from (un)intentional loss.

This blog is a summary from a nice blog on the MVP Award Program site.

What is DLP? It is a complementary set of technologies to aid your business strategy to handle and protect sensitive business data that restricts sensitive data being put into SharePoint. 

Examples are:

• Credit card numbers
• Passport numbers
• Etc.

DLP is consists of 2 main elements:

• Discovery
• Policy

An important point to mention here is that both of these options do apply to both items stored in SharePoint 2016 On Prem, SharePoint Online and Items stored in OneDrive.

 

Data Loss Prevention: Discovery

Having the ability to perform a DLP query based on a DLP template. A.k.a check if credit card numbers and the like are in SharePoint! The outcome relies 100% on search having crawled all content.

 

In other words the Discovery section let you FIND and REPORT information that holds sensitive information.

 

You will be needing one (or more) eDiscovery sites for this.

So if you have a document with a creditcard number in it, the eDiscovery site will report this document.

 

Data Loss Prevention: Policy

Having the ability to enforce and actually restrict viewing of sensitive information! To do this you need to create a (set of) policy(s).

 

After you have set the policies and you have linked it to your site collection(s) the document with the creditcard number will be blocked!

 

You will need to create one (or more) compliance site(s) for this.

 

Please read Steve's blog for full details! It is really a very good document (and read)!

 

Sources:

https://blogs.msdn.microsoft.com/mvpawardprogram/2016/01/13/data-loss-prevention-dlp-in-sharepoint-2016-and-sharepoint-online/?utm_content=buffer8ff4b&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer

http://www.mcafee.com/us/products/total-protection-for-data-loss-prevention.aspx
https://www.checkpoint.com/products/dlp-software-blade/
http://www.microsoft.com/en-us/download/details.aspx?id=49961

Update 29th januari 2016
I just came across some extra information from Microsoft Netherlands, written by Hans van der Meer, that might be usefull to you as well:
https://blogs.microsoft.nl/microsoftvoorwerk/technologie-helpt-voorkom-datalekken/

eDiscovery:
https://blogs.office.com/2015/06/17/introducing-compliance-search-in-office-365/?fromblog=997321

Think before you act

Think before you act

 

 

SharePoint is just an enabler. The people that use your precious intranet, collaboration or whatever solution are the ones you need to keep happy. Mostly they don't give a…great deal about the technology below, in this case: SharePoint.

 

They just need to do their job and preferably as fast as possible! 

That is one of the major reasons why you need to think before you act. Ask yourself:

• What are we trying to accomplish with this solution?
• Who will be using this solution?
• What is it that they need to do?

You need to be able to answer the questions above before even thinking about creating site collections, libraries or other objects. Please do! Plan for SharePoint 2013

 

Once you have the answers you will need to document them. Again Microsoft helps us by providing templates for documenting your solutions Planning worksheets. 

 

The planning worksheets help you build your logical architecture. Perhaps you already notice we are working from the business down! Please remember that we are building a solution for real people.

 

In my future posts we will be diving head first in the information architecture to find out that different persona's work with your solution, requiring their own specifics that need to be facilitated!

Usefull links:

Plan for SharePoint 2013

Planning worksheets

lPlan logical architectures

Information management - Deployment

This blog is all about Deployment of your solution!

First thing first. Where are we in the process? When we are ready for deployment we already covered (in one form or another):
- Information architecture - Done!
- Logical architecture - Done!
- Physical architecture - Done!
- Installation - Done!

Woohoo! So now we can implement our solution, finally!

You have several options for a SharePoint deployement:
- Manual
- Automated
- Mixed

Manual deployment
A manual deployment is exactly what it is, a manual deployment. You ask somebody to manually, a.k.a using the SharePoint user interface, to create the required objects, like:

• Web apps
• Site Collections
• Sites
• Content Types
• Site Columns
• Libraries
• SharePoint Groups
• Activate features
• Configure (SharePoint) settings
• etc.

Requirements for a manual deployment:

• Accurate information architecture
• Extremely organized and punctual consultant(s)
• Test environment
• Time!

One of the key take aways here is having a specific persona in your team. One that is able to replicate exactly what is written in the information architecture and is able to spot mistakes. I have been working with SharePoint more then 7 years and haven't seen a 100% accurate information architecture with matching logical architecture.

Another key aspect if this type of deployment is time. Manually creating and testing all objects can take days or even weeks! This, off course, depends on your implementation. Think about a DMS solution with 1-5 site collections, 40 content types, 20 or so document libraries and content organizer rules that move documents through your system.

Automated deployment
An automated deployment is a deployment where you use pre-configured scripts, compiled code to create the objects mentioned above.

You could create SharePoint features using Visual Studio that deploy webpart, content types, libraries, etc. Another way is by using Powershell scripts.

Requirements for an automated deployment:

• Accurate information architecture
• Development team
• Development environment
• Test environment

There is a new requirement here Development environment. I personally do not think it it neccesary in a manual deployment but this is very arguable, I agree!

The requirement time isn't on the list. You've been using that during the developement process. Building the features or scripts. Deployment should be a breeze....

Mixed deployment
Off course it is really feasible to use a mixed deployment, e.g.:
Creation of web applications, site collections, content databases, content types, site columns, libraries etc is done using powershell scripts.
Creation of custom webparts is done via custom developed features.
Content organizer rules are created manually.

Requirements for an mixed deployment:

• Accurate information architecture
• Development team
• Development environment
• Test environment
• Extremely organized and punctual consultant(s)
• (Time)

With a mixed deployment you need, off course, all the requirements above!

SharePoint in the Real World - Information Management - Analysis

Especially when dealing with content management need to know about INFORMATION.

Don't believe me, but believe the MCP's of the world and believe all those (big) technical driven implementations that failed.

You really need to know your information and how it is organized:

• What information will your intranet, DMS, BI solution, etc contain?
• Who will be using it and how?
• How do they access it (...and find)
• When do they need it

Microsoft set up some starter worksheets that WILL help:

• Windows Sharepoint services 3.0 
• SharePoint Server 2010
• SharePoint 2013

I suggest you use this information and implement in the mother of all enterprise applications: Excel (or even better in a database). Why?

[Sarcasme]

• Maybe you want to modify your information structure at some point… where within our 1.000 sites did we use this site column? ;-)
• What happens when we modify our taxonomy?

[/Sarcasme]

So again:

Analyse the information that you will put into your SharePoint environment. Write it down and publish it to the people involved.

Information Management - The Series

SharePoint in the Real World - Information Management

I've been playing around with this new blog and this thing is so complex that I decided to create several blog post for this one. 

• Information management - Findability & Data
• Information management - Analysis
• Information management - Deployment
• Information management - Maintenance

The above is certainly not carved in stone. I'm not totally convinced that Deployement and Maintance will become different blogs. Maybe I'll group them. maybe I will add more..and maybe the above will prove just about wright!

Findability & Data

Findability & data is all about how users find the data they need, what data it is that they need, how they are going to use it and why. This information is crucial for the steps to come.

Analysis

Analysis is all about analysing the information & business requirements. In this blog I'll write how I go about determining the requirements and validating them to the conceptual, logical and physical architecture. (I think I will also need to explain about the conceptual, logical and physical architecture)

Deployment

Okay, analysis is done! We are ready to create and deploy this stuf! Cool, but how are we going to do that?

Maintenance

As a wise man once said: WHOOHOO we deployed it and everything is fine we can go home and die - or do something else :-). Nooo some user wants to change my beloved configuration! Now what? Maybe we'd better think this through before hand. That's what this blog is going to be about. Planning for change and how change effects your environment, time-2-market and what not.

I really hope you guys and girls appreciate the effort and give me some feedback!

Regards,
GH