New SharePoint 2016 Features: On-Premise DLP
Continuing with our series [Blog 1] on the investment areas within SharePoint Server 2016 we now reach number 3 in the list and my personal favourite – Data Loss Prevention (DLP). It’s no secret that the world in which we now live in requires us to ensure that we are adequately protecting both our own and our customer’s sensitive data. Whether that is credit card numbers, government ID numbers or healthcare information, safeguarding it is critical and the penalties for not appropriately doing so can be severe. Enter Data Loss Prevention in SharePoint Server 2016 that allows us to identify, monitor and protect sensitive data types while also educating users on compliance policies for handling certain data types.
At its core the Data Loss Prevention capabilities within SharePoint Server 2016 are powered by its Enterprise Search engine to identify where sensitive data types reside within the environment (after all we first have to know where the information exists before we can apply any protective measures to it). The search queries that Microsoft built look for 51 different data types that cover common sensitive content types from around the globe. Think of this like those very kind Microsoft engineers who have coded a bunch of Ctrl+F statements to find where all those pesky e.g. credit card numbers are hiding within SharePoint. However, as anyone who has used Ctrl+F knows, there are limitations to the accuracy of the results using this method.
Yet, telling SharePoint to look for 16 digit numbers does not guarantee that only credit card numbers will be found. That is why the Ctrl+F queries go a little further and also look for the proximity of associated keywords such as “credit card” or “MasterCard” in order to improve the confidence level that the data that has been found is actually the sensitive data that we are looking for. Based on the confidence level that the query generates it can trigger certain actions as per the next part of the DLP solution – the policies that monitor and protect the content.
SharePoint Server 2016 uses policies to take action when sensitive data is detected by the search engine. With these we can notify individuals within our organization that a document contains information that violates policy, block the item from being viewed by the majority of SharePoint users and provide the document owner with the opportunity to bring the content back in line with policy. The policies are created within the new Compliance Policy Center and can applied to any site collection including OneDrive for Business sites and content.
As part of creating a policy template we can incorporate the final capability designed to educate users – the policy tips. Most people are now quite comfortable with pop up help or tips and therefore will find it a useful feature to employ when rolling out DLP within your organization. When a document contains information that is in violation with policy, the “tip” can be displayed both within Office applications when authoring and saving the document to SharePoint 2016 or within the SharePoint UI when attempting to upload policy violating documents. The tooltips also include the opportunity to resolve the issue thus both educating users on the nature of the policy violation but also allowing them to take corrective action rather than hitting a frustrating dead end.
SharePoint Server 2016 takes a great leap forward over previous versions of SharePoint to help secure and protect sensitive data. Data Loss Prevention is just one capability in this area that Microsoft has improved for this release and I highly encourage you to look at Microsoft TechNet to see what it can offer your organization.
We know that DLP is a huge area of concern for SharePoint customers and we released Sensitive Content Manager last year to help organizations better discover and secure their sensitive content. It’s good to hear that Microsoft is adding these DLP enhancements to help SharePoint 2016 adopters out of the box options to start their journey to reduce their potential for any data loss.