Search This Blog

Friday, January 22, 2016

Grand Theft Data (Loss Prevention) in SharePoint 2016


Grand Theft Data (Loss Prevention) in SharePoint 2016 or Online



Sorry, no new version of GTA is forthcoming…this blog is about Data Loss Prevention (DLP) in SharePoint 2016 public beta 2 release.

DLP what is it not? DLP has nothing to do with backup or recovery. In general it is a combination of technology and processes that safeguard sensitive information from (un)intentional loss.

This blog is a summary from a nice blog on the MVP Award Program site.

What is DLP? It is a complementary set of technologies to aid your business strategy to handle and protect sensitive business data that restricts sensitive data being put into SharePoint. 
Examples are:
  • Credit card numbers
  • Passport numbers
  • Etc.

DLP is consists of 2 main elements:
  • Discovery
  • Policy
An important point to mention here is that both of these options do apply to both items stored in SharePoint 2016 On Prem, SharePoint Online and Items stored in OneDrive.
 

Data Loss Prevention: Discovery

Having the ability to perform a DLP query based on a DLP template. A.k.a check if credit card numbers and the like are in SharePoint! The outcome relies 100% on search having crawled all content.
 
In other words the Discovery section let you FIND and REPORT information that holds sensitive information.
 
You will be needing one (or more) eDiscovery sites for this.
So if you have a document with a creditcard number in it, the eDiscovery site will report this document.
 

Data Loss Prevention: Policy

Having the ability to enforce and actually restrict viewing of sensitive information! To do this you need to create a (set of) policy(s).
 
After you have set the policies and you have linked it to your site collection(s) the document with the creditcard number will be blocked!
 
You will need to create one (or more) compliance site(s) for this.
 
Please read Steve's blog for full details! It is really a very good document (and read)!
 

Sources:

http://www.mcafee.com/us/products/total-protection-for-data-loss-prevention.aspx
https://www.checkpoint.com/products/dlp-software-blade/
http://www.microsoft.com/en-us/download/details.aspx?id=49961

Update 29th januari 2016
I just came across some extra information from Microsoft Netherlands, written by Hans van der Meer, that might be usefull to you as well:
https://blogs.microsoft.nl/microsoftvoorwerk/technologie-helpt-voorkom-datalekken/

eDiscovery:
https://blogs.office.com/2015/06/17/introducing-compliance-search-in-office-365/?fromblog=997321


Think before you act

Think before you act

 
Information flows
 
SharePoint is just an enabler. The people that use your precious intranet, collaboration or whatever solution are the ones you need to keep happy. Mostly they don't give a…great deal about the technology below, in this case: SharePoint.
 
They just need to do their job and preferably as fast as possible! 

That is one of the major reasons why you need to think before you act. Ask yourself:
  • What are we trying to accomplish with this solution?
  • Who will be using this solution?
  • What is it that they need to do?

You need to be able to answer the questions above before even thinking about creating site collections, libraries or other objects. Please do! Plan for SharePoint 2013
 
Once you have the answers you will need to document them. Again Microsoft helps us by providing templates for documenting your solutions Planning worksheets. 
 
The planning worksheets help you build your logical architecture. Perhaps you already notice we are working from the business down! Please remember that we are building a solution for real people.
 
In my future posts we will be diving head first in the information architecture to find out that different persona's work with your solution, requiring their own specifics that need to be facilitated!

Usefull links: