September 2017 saw Microsoft Office 365 introduce real-time policy tips for SharePoint Online and OneDrive for Business across all their Enterprise license levels. This built-in DLP functionality not only enables greater control over corporate data security for all Microsoft Office 365 Enterprise customers, but also provides a valuable foundation on which to build a comprehensive information management and protection strategy.
Preventing sensitive information from being accidentally (or maliciously) shared outside approved corporate circles has always been something of a challenge for organisations. The main approach has typically been to screen email contents for potentially confidential information and block any communications that raise red flags.
Of course, email communications are far from the only possible platform on which data leaks can occur. Simply saving a sensitive document to an insecure location on a file share can be equally problematic. (Think payroll information that is accessible to employees, or customer details that are saved outside of the assigned POPI- or GDPR-compliant locations.)
Preventing these kinds of potential breaches outside of email channels has – until recently – been a fiddly operation to say the least. Because of the intricacy involved, a lot of organisations limited the implementation of document-level rights-management solutions to only those departments handling significant quantities of sensitive information. Any non-email documents generated by users outside of those departments were left largely unpoliced.
With Microsoft’s release of their new real-time policy tips in SharePoint Online and OneDrive for Business, however, document-level DLP and rights-management has finally become simple and user-friendly enough to be implemented organisation-wide. Not only that, the DLP portion has also been built into all Enterprise license levels, making this essential foundation for a broader information management strategy more accessible and affordable than ever before.
How do real-time policy tips work?
Real-time policy tips are essentially security warnings (or suggestions) that appear in real-time during the creation of a document. They notify users when content within their document may fall under DLP or data governance policies and could require special handling to ensure compliance is maintained.
On their own, these tips allow users to either confirm an exception to the rules, or let a predefined action be implemented – for example, preventing external sharing of the document or notifying senior personnel. This is valuable because:
- It supports secure collaboration by effectively policing and preventing unauthorised access
- It proactively encourages knowledge of and adherence to corporate governance policies
- It leverages human insight while minimising human error
But that’s not new… is it?
There have been third-party solutions that have attempted this kind of data classification process before. However: none of them had the same full-stack integration that Microsoft does, and their solutions were extremely tricky to deploy (and clunky to operate) as a result.
Because Microsoft essentially owns every part of the data creation, storage and dissemination process (from desktop to cloud), it’s been able to integrate its version of this technology so deeply and seamlessly that it’s almost invisible to users – even when they’re using it to its full extent.
The additional functionality is an almost effortless extension of the existing applications, and while DLP and real-time policy tips are only the tip of this iceberg, they’re a great starting point for a broader corporate governance posture.
The fact that they require nothing more (for Enterprise licensing tiers) than to be switched on and configured is definitely something we haven’t seen across documents and messaging before, and their synergy with Microsoft Rights Management Services and Azure Information Protection is a powerful – and unique – asset.
Why get users involved in DLP?
Technology can do a lot when it comes to automatically screening and minimising risks, but for noticing subtleties that don’t fit specific rules, nothing beats a good, old human. Prompting them to use those abilities (via real-time policy tips) makes good sense from an information management perspective.
Beyond that, when real-time policy tips are combined with Azure Information Protection, users can also assign additional tags to documents for data classification purposes. This gives businesses better insight into their data on all levels, far beyond simple DLP. That’s what modern information management is about, after all – it’s evolved far beyond basic security into something much broader and more valuable.
We’re very excited to see Microsoft upping their game in this sphere once again, enabling businesses to leverage all of their assets, including their people, as a core part of the Microsoft experience. We’ve long said that the best information management solutions are a combination of people, processes and technology, and making tools to facilitate this more widely available is a huge step in the right direction.
The bigger picture – adding AIP and RMS
Microsoft’s built-in DLP is a quick – and big – win for enterprises setting out on their information management journey. It would be crazy not to take advantage of the powerful functionality it adds (free of charge) to all Enterprise licensing tiers.
That said, DLP alone is not a full-coverage data protection or information management solution. If and when you’re ready to advance to this level, we highly recommend adding Microsoft Rights Management Services and Azure Information Protection to the mix. These three technologies combine seamlessly to create a comprehensive and sophisticated information management solution that is highly configurable, provides excellent protection and insight, and maintains a clean and simple user experience.
For more information on using Microsoft’s real-time policy tips, configuring your setup to support your DLP and data governance policies, or using DLP as the foundation of a broader information management strategy, contact Cloud Essentials.