Data Loss Prevention in Office 365: Part One

colossus-war-room

As you surely know, email is at the very heart of business communication (as I’ve probably said and/or written about a million times – or perhaps only 10).

Which means that all sorts of information can pass through your messaging system – not all of it desirable; some of it potentially damaging.

For example, let’s say you’re concerned about credit card data being sent to external recipients in potential violation of the Payment card Industry Data Security Standard (PCI DSS), how would you know, and what could you do to prevent it?

The answer is data loss prevention – also known as DLP.

The Wikipedia entry on DLP summarizes:

Data loss/leak prevention solution is a system that is designed to detect potential data breach / data ex-filtration transmissions and prevent them by monitoring, detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage). In data leakage incidents, sensitive data is disclosed to unauthorized personnel either by malicious intent or inadvertent mistake.

Such sensitive data can come in the form of private or company information, intellectual property (IP), financial or patient information, credit-card data, and other information depending on the business and the industry.

If your email platform is Office 365 (or Exchange 2013 on premise), Microsoft has provided a host of built-in sensitive data type templates you can employ as a part of a DLP strategy.

Although the underlying algorithms are quite complex, the initial workflow is fairly simple to understand so long as you recall that sensitive information types form the foundation of the data loss prevention policy’s actions.

Note the following for example:

O365-DLP-one
The screenshot shows a DLP policy configured to capture potential instances of PCI-DSS violations (in this case, messages sent to external recipients that contain numerical sequences which seem to match the standard credit card format).

Note also that you access the DLP screen from the Exchange Admin Center by selecting the compliance management option.

In the next post, we’ll review in greater detail the process of creating a DLP from a template – or from scratch – including the relationship between sensitive information types and DLP policies.

Until then, check out these links:

Published by

D. Roberto

No one can know everything...but I come close! Actually, this project is an enhanced version of the notes I take everyday to sharpen my skills and deepen my understanding. Hopefully, it can be of some benefit to my fellow specialists around the world.