Of all the advanced, bleeding-edge features that have come with SharePoint 2016, the one that may very well make the greatest difference for your organization is Data Loss Prevention (DLP). We will delve into the value of DLP and then discuss the variety of exciting ways that SharePoint 2016 implements it.
Why Is Data Loss Prevention So Important?
Ever since email became the dominant form of inter-office communication, a single click of the “send” button from within office walls has potentially had the ability to sink an entire organization. Ease of sending data also means ease of mishandling data. Companies in the defense, healthcare, and credit card fields are especially susceptible as they can respectively end up leaking classified information, HIPPA-protected patient records, and credit card numbers in an instant. It doesn’t take malicious hacking for any of this information to get out; in the course of a hectic, high-pressure work day it is very easy for an employee to make a simple mistake that can lead to heavy fines, lawsuits, or even federal prosecution.
Microsoft Outlook has long been considered a security pain point for organizations. It is then not surprising that with Office 365 Microsoft gave its customers advanced automated DLP functionality.
Of course, it is not only email that needs protection; modern office collaboration systems such as SharePoint allow documents to circulate through a business infrastructure in many facile ways (including mobile and VPN). Therefore, it is fortunate that Microsoft has brought these features to SharePoint with its 2016 release.
A Closer Look at DLP in SharePoint 2016
There is concurrence that DLP is a feature that will sway many companies towards making the upgrade to SharePoint 2016:
- Data At-Rest. What makes DLP in SharePoint 2016 an especially effective safeguard against data leaks is that it operates primarily on data at-rest. In other words, it will flag documents that are sitting on storage and will sound the warning long before anyone gets a chance to upload them to the wrong source or accidentally flash the content from a tablet in public. In a way, it operates much like a desktop search, background indexing items within a system’s documents. However, rather than index general terms for retrieval, it tests for potentially sensitive patterns – e.g. strings of 16 digits. It also happens to be a smart system that assigns a “confidence score” to its findings, checking for the context of the item and attempting to eliminate false negatives.
- Powerful Tools for Administrators. DLP in SharePoint 2016 puts a great deal of power in the hands of security professionals and policy enforcers. This is largely by means of two site templates: eDiscoveryCenter and Compliance Policy Center. The former allows for effective automation and reporting of potential data leaks. The latter allows for fine-grained control over automated policies against preset types such as PCI and also allows for setting the number of violations detected before and alert is issued and/or the document is blocked.
- Education is the Best Defense. As excellent as all these tools are, many security and information professionals would argue that the best defense against data leaks is a workforce educated to proactively prevent them. This is why it is excellent that SharePoint 2016 has an End User Education feature. Rather than simply respond to violations with an impersonal automated slap-on-the-wrist, SharePoint 2016 will notify the user of exactly what needs to be corrected. In the event of an incident it offers a conversational dialog of “Policy Tips,” explains exactly which policy is at risk, and offers the user the ability to give a “business justification” to override the correction if the document has been blocked.