DLP (Data Loss Prevention) - Large or Small Companies regulated when it comes to how a particular kind of information can be stored, transferred, or disclosed it could be governed by law or industry standards.
Examples:- Data Protection Act that we can mention is that the Data Protection Act in Ireland, which regulates our data, can be handled. This regulation is soon to be replaced by new EU regulations.
An ignorant staff member Comply with all these standards and regulations can be a little bit of a challenge, and most of the time, we are talking about human factors.
Means business could violate the law because a staff member by accident sends an email to an inappropriate user. It could be as well a document that is accidentally located in the wrong location.
Example: - A file share that is suddenly available to everyone in the company. To be honest, there are loads of risks and scenarios that can play out, which could put the company to a lot of problems with the law, the industry, or the public. To save this kind of situation, we use Data Loss Prevention or DLP.
Suppose you are an office 365 shopper & using Office 365 Exchange, Office 365 Sharepoint Online, and OneDrive for Business in your daily work. If You have regulations to comply with, then you should be looking at enabling DLP functions that are included with Office 365.
DLP or Data Loss Prevention works in a way that it can identify sensitive information across all locations like Exchange Online, Sharepoint Online, OneDrive for Business.
The information like PPS numbers, credit card patterns, passport numbers, etc. will be checked in every DLP scan.
- If someone sends an email and the recipient looks a little bit fishy, then DLP or Data loss prevention generates a warning.
- A user can override DLP or Data Loss Prevention Policy with business justification and send the email, and later manager or the same person who sends the email can review the justification to ensure that everything is in order.
- Monitor Policy conflicts and incidents.
How DLP or Data Loss Prevention works with Microsoft Exchange Online.
To explain this better, we take an example of two companies Paayi1 & Paayi2. In this scenario, Employee A sends two documents to Employee B of Paayi1 and two documents of Employee C of Paayi2. One of the documents contains sensitive customer details, and the organization doesn't allow for sensitive information to external users unless, of course, there is a business justification.
Technologies Used here are as follow
When Employee tries to send an email to them, the Policy tip appears in this case. The EOP has detected that the email contains an excel sheet with sensitive information and that it has been sent to an unauthorized user.
Note this there is an Override button at the end of the message; this will allow Employee A to send anyway.
Data Loss Prevention information message
By clicking on the Override Button, this will allow Employee A to send but need Business justification. Once Employee A submits the explanation, then email can be sent.
After sending the email, a new message pops up saying:- You have chosen to send this message even though it appears to contain sensitive information. Your decision might be reviewed later by your organization.
Now See How DLP or Data Loss Prevention works in Microsoft OneDrive for Business.
Employee A from Paayi1. Inc Upload two documents on OneDrive for Business. These documents contain sensitive information and Paayi1. Inc doesn't allow for sensitive information to be stored in this location. Employee A will try to upload this anyway, now check out how DLP works when here.
If Employee tries to upload two types of documents, one is in .doc format, and the other is in .pdf format, and both contain sensitive information like credit card numbers. After Uploading the documents, a read icon comes on the documents.
Now when employee A tries to click on these documents, he will see a policy tip, as shown below.
Now Employee can resolve this by clicking on Resolve or open the document and remove the sensitive information.
When Employee A clicks on the resolve button, a new window pops up with two options - Override Policy or report an issue. It gives Employee A possibility to provide a business justification, or in case there are missing configurations into Policy and docs should not be classified as sensitive. The user can simply report this to the DLP administrator.
Now, if Employee A opened the document, then a yellow bar will come on the top of the document.
Now see how DLP works in Microsoft SharePoint.
In this Employee, A upload two documents to a SharePoint site, and those documents contain sensitive information. It doesn't allow sensitive information to be stored on the SharePoint site.
When Employee A drop those files on the Sharepoint Site than those files are being marked with a red symbol.
Now when Employee A clicks one of these two files, it will give the Policy Tip Again, informing the user that it contains sensitive data.
Clicking on the resolve button, either you can resolve the Policy or report to the DLP administrator.
One More cool functionality is this If Employee A, by any chance, didn't recognize the policy tips, then there are emails being sent to him informing him that the files he just uploaded will be restricted and can only be accessed by the owner.
Data Loss Prevention Tools
Now we will show how it Looks to DLP Administrator or Compliance Officer.
His job is to ensure that the company is compliant with regulations and industry standards. First, we will see how DLP or Data loss prevention reporting can be presented through email. Second, we will see how it looks when accessing the compliance reports through the security and compliance section in office 365.
DLP Administrator checks the compliance mailbox, which collects daily activities. He can see that there is an incident relating to an email being from Employee A to Employee B and Employee C( Outside organization). DLP administrator not only able to open the email but also able to read the full email & check the attachments.
Now we will show you how it looks from an auditor perspective. Here you can see the date, rule, Item, Last modified, Sensitive information, Severity & Action.