SlideShare uma empresa Scribd logo

Intro to Data Loss Prevention in SharePoint 2016

Transferir como PPTX, PDF
Craig Jahnke
Craig Jahnke

Intro to Data Loss Prevention in SharePoint 2016

Tecnologia
1 de 29
Intro to Data Loss Prevention In SharePoint 2016 By Craig Jahnke Strategic Advisor March 30, 2017
Agenda • What is Data Loss Prevention (DLP) ? • Sensitive Data • DLP in SharePoint 2016 • DLP Queries & Policies • Limitations • Reminders • Questions
What is Data Loss Prevention (DLP)? • Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. • DLP Software products help a network administrator control what data end users can transfer so that users cannot accidentally or maliciously share data that could put the organization at risk.
Types of Data in Regards to DLP • In Use • In Motion • Exchange Online • At Rest • SharePoint On-Premises
Data Loss Prevention In SharePoint 2016 • With a data loss prevention (DLP) policy in SharePoint Server 2016, you can identify, monitor, and automatically protect sensitive information across your site collections. • Search for sensitive content in your existing eDiscovery Center enabling real time searching while keeping content in place. • Searches across SharePoint 2016, One Drive for Business and SharePoint Online.
Examples of Sensitive Information Data loss prevention (DLP) includes 80 sensitive information types that are ready for you to use in your DLP policies. • Personal Identifiable Information (PII) • Credit Card Numbers • Social Security Numbers • Bank Account Numbers • Passport Numbers • Driver’s License Numbers • https://technet.microsoft.com/en-us/library/jj150541(v=exchg.160).aspx
DLP Processing in SharePoint 2016 Content Sources UserCrawler Content Processing Index Policy Definitions Unified Policy Processing Tasks Query
DLP Queries & Policies • DLP Queries • See what and where sensitive information exists. • Better understand your risks, • Determine what and where is the content that your DLP policies need to protect • DLP Policies • Conditions that the content must match before the rule is enforced -- for example, look only for content containing Social Security numbers that have been shared with people outside your organization. • Actions that you want the rule to take automatically when content matching the conditions is found -- for example, block access to the document and send both the user and compliance officer an email notification.
eDiscovery Center To create and run DLP queries, you must set up an eDiscovery Center site collection.
Compliance Policy Center To create DLP Policies, you must set up a Compliance Policy Center site collection.
DLP Templates • When you create a DLP query or a DLP policy, you can choose from a list of DLP templates that correspond to common regulatory requirements. • Each DLP template identifies specific types of sensitive information
DLP Queries • Before you create your DLP policies, you might want to see what sensitive information already exists across your site collections. To do this, you create and run DLP queries in the eDiscovery Center.
DLP Queries • A DLP query works the same as an eDiscovery query. • Based on which DLP template you choose, the DLP query is configured to search for specific types of sensitive information.
DLP Policies • A DLP policy helps you identify, monitor, and automatically protect sensitive information that’s subject to common industry regulations. • You choose what types of sensitive information to protect, and what actions to take when content containing such sensitive information is detected. • A DLP policy can notify the compliance officer by sending an incident report, notify the user with a policy tip on the site, and optionally block access to the document for everyone but the site owner, content owner, and whoever last modified the document. • Finally, the policy tip has an option to override the blocking action, so that people can continue to work with documents if they have a business justification or need to report a false positive.
Creating DLP Policies • You create and manage DLP policies in the Compliance Policy Center. • Creating a DLP policy is a two- step process: first you create the DLP policy, and then you assign the policy to a site collection.
Step 1 – Create DLP Policy • When you create a DLP policy, you choose a DLP template that looks for the types of sensitive information that you need to identify, monitor, and automatically protect. • When a DLP policy finds content that includes the minimum number of instances of a specific type of sensitive information, it can automatically protect the sensitive information by taking the following actions: • Send an Incident Report • Notify the user with a policy tip • Block access to the content
Step 2 - Assign the DLP Policy • After you create a DLP policy, you need to assign it to one or more site collections, where it can begin to help protect sensitive information in those locations. • A single policy can be assigned to many site collections, but each assignment needs to be created one at a time.
Policy Tips • You want people in your organization who work with sensitive information to stay compliant with your DLP policies, but you don’t want to block them unnecessarily from getting their work done. • A policy tip is a notification or warning that appears when someone is working with content that conflicts with a DLP policy • You can use policy tips to increase awareness and help educate people about your organization’s policies. • Policy tips also give people the option to override the policy, so that they’re not blocked if they have a valid business need or if the policy is detecting a false positive.
Viewing or overriding a policy tip • To take action on a document, such as overriding the DLP policy or reporting a false positive, you can select the Open ... menu for the item > View policy tip. • The policy tip lists the issues with the content, and you can choose Resolve, and then Override the policy tip or Report a false positive.
How DLP Policies Work • DLP detects sensitive information by using deep content analysis. • This deep content analysis uses keyword matches, the evaluation of regular expressions, internal functions, and other methods to detect content that matches your DLP policies. • Potentially only a small percentage of your data is considered sensitive. A DLP policy can identify, monitor, and automatically protect just that data.. • After you create a DLP policy in the Compliance Policy Center, it’s stored as a policy definition in that site. • Assign the policy to different site collections, it starts to evaluate content and enforce actions like sending incident reports, showing policy tips, and blocking access.
Policy Evaluation in Sites • Across all of your site collections, documents are constantly changing. • They are continually being created, edited, shared, and so on. • This means documents can conflict or become compliant with a DLP policy at any time. • DLP policies check documents for policy matches frequently in the background. • You can think of this as asynchronous policy evaluation.
View DLP Events in the Usage Logs • You can view DLP policy activity in the usage logs on the server running SharePoint Server 2016. • Example - view the text entered by users when they override a policy tip or report a false positive. • Turn on the option in Central Administration (Monitoring > Configure usage and health data collection > Simple Log Event Usage Data_SPUnifiedAuditEntry). • For more information about usage logging, see Configure usage and health data collection.
Limitation • Cannot Create Custom Rules • 1 Policy Center Per Web Applications • No “Clean” PowerShell CMDLETS for Automation • One-to-one Site Collections & Policy Mappings • Hybrid Does not Work That Well… • Systems actions – Blocking, flagging, etc. works by timer jobs • Office 365 cannot access On-Premises timer jobs • Cannot Edit Emails That Are Sent To End User
DLP Reminders • Start the search service and define a crawl schedule for your content. • Turn on out-going email. • To view user overrides and other DLP events, turn on the usage report. • For DLP queries, create the eDiscovery Center site collection. • For DLP policies, create the Compliance Policy Center site collection. • Create a security group for your compliance team, and add security group to the Owners group in the eDiscovery Center or Compliance Policy Center. • To run DLP queries, view permissions are required for all content that the query will search – for more information
Questions?
References • https://technet.microsoft.com/en- us/library/mt346121(v=office.16).aspx • https://blogs.msdn.microsoft.com/mvpawardprogram/2016/01/1 3/data-loss-prevention-dlp-in-sharepoint-2016-and-sharepoint- online/ • Vlad Catrinescu - blog at https://absolute-sharepoint.com/
Wait there is more… • Data Theft • Bad actors • SharePoint 2016 – monitors but can’t stop • Office 365 can stop
Data Theft • Data theft is a term used to describe when information is illegally copied or taken from a business or other individual. Commonly, this information is user information such as passwords, social security numbers, credit card information, other personal information, or other confidential corporate information.
Bad Actors • Snowden • Gov Contractors • Wikileaks

Recomendados

SharePoint Saturday NL 2016 - Security & Compliance
SharePoint Saturday NL 2016 - Security & ComplianceSharePoint Saturday NL 2016 - Security & Compliance
SharePoint Saturday NL 2016 - Security & Compliance
Albert Hoitingh
 
Intro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance CenterIntro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance Center
Craig Jahnke
 
Data Loss Prevention in Office 365
Data Loss Prevention in Office 365Data Loss Prevention in Office 365
Data Loss Prevention in Office 365
CloudFronts Technologies LLP.
 
Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)
Radhakrishnan Govindan
 
Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365
Dock 365
 
Tips for a successful SharePoint Migration strategy
Tips for a successful SharePoint Migration strategyTips for a successful SharePoint Migration strategy
Tips for a successful SharePoint Migration strategy
Don Daubert
 
M365 Records Management Community Webinar
M365 Records Management Community WebinarM365 Records Management Community Webinar
M365 Records Management Community Webinar
Drew Madelung
 
Information protection & classification
Information protection & classificationInformation protection & classification
Information protection & classification
David De Vos
 

Recomendados

SharePoint Saturday NL 2016 - Security & Compliance
SharePoint Saturday NL 2016 - Security & ComplianceSharePoint Saturday NL 2016 - Security & Compliance
SharePoint Saturday NL 2016 - Security & Compliance
Albert Hoitingh
 
Intro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance CenterIntro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance Center
Craig Jahnke
 
Data Loss Prevention in Office 365
Data Loss Prevention in Office 365Data Loss Prevention in Office 365
Data Loss Prevention in Office 365
CloudFronts Technologies LLP.
 
Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)Overview of Microsoft Teams and Data Loss Prevention(DLP)
Overview of Microsoft Teams and Data Loss Prevention(DLP)
Radhakrishnan Govindan
 
Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365
Dock 365
 
Tips for a successful SharePoint Migration strategy
Tips for a successful SharePoint Migration strategyTips for a successful SharePoint Migration strategy
Tips for a successful SharePoint Migration strategy
Don Daubert
 
M365 Records Management Community Webinar
M365 Records Management Community WebinarM365 Records Management Community Webinar
M365 Records Management Community Webinar
Drew Madelung
 
Information protection & classification
Information protection & classificationInformation protection & classification
Information protection & classification
David De Vos
 
aMS SouthEast Asia 2021 - Microsoft 365 Data Loss Prevention
aMS SouthEast Asia 2021 - Microsoft 365 Data Loss PreventionaMS SouthEast Asia 2021 - Microsoft 365 Data Loss Prevention
aMS SouthEast Asia 2021 - Microsoft 365 Data Loss Prevention
Albert Hoitingh
 
Azure Information Protection - Taking a Team Approach
Azure Information Protection - Taking a Team ApproachAzure Information Protection - Taking a Team Approach
Azure Information Protection - Taking a Team Approach
Joanne Klein
 
Communication Compliance in Microsoft 365
Communication Compliance in Microsoft 365Communication Compliance in Microsoft 365
Communication Compliance in Microsoft 365
Joanne Klein
 
Protecting your Teams Work across Microsoft 365
Protecting your Teams Work across Microsoft 365Protecting your Teams Work across Microsoft 365
Protecting your Teams Work across Microsoft 365
Joanne Klein
 
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore
 
SPFest Chicago - Information Management and Data Governance in Office 365
SPFest Chicago - Information Management and Data Governance in Office 365SPFest Chicago - Information Management and Data Governance in Office 365
SPFest Chicago - Information Management and Data Governance in Office 365
Joanne Klein
 
ECS19 - Nicki Borell - Microsoft Cybersecurity Reference Architecture
ECS19 - Nicki Borell - Microsoft Cybersecurity Reference ArchitectureECS19 - Nicki Borell - Microsoft Cybersecurity Reference Architecture
ECS19 - Nicki Borell - Microsoft Cybersecurity Reference Architecture
European Collaboration Summit
 
Microsoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkMicrosoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance Framework
Alistair Pugin
 
M365 Virtual Marathon: Retention in Office 365 - the Where What and How
M365 Virtual Marathon: Retention in Office 365 - the Where What and HowM365 Virtual Marathon: Retention in Office 365 - the Where What and How
M365 Virtual Marathon: Retention in Office 365 - the Where What and How
Joanne Klein
 
IRMS UG Principles of Retention in Microsoft 365
IRMS UG Principles of Retention in Microsoft 365IRMS UG Principles of Retention in Microsoft 365
IRMS UG Principles of Retention in Microsoft 365
Joanne Klein
 
Information management and data governance in Office 365
Information management and data governance in Office 365Information management and data governance in Office 365
Information management and data governance in Office 365
Joanne Klein
 
File Security in Microsoft SharePoint and OneDrive
File Security in Microsoft SharePoint and OneDriveFile Security in Microsoft SharePoint and OneDrive
File Security in Microsoft SharePoint and OneDrive
David J Rosenthal
 
What's new with Security & Compliance for SharePoint, OneDrive, and Teams
What's new with Security & Compliance for SharePoint, OneDrive, and TeamsWhat's new with Security & Compliance for SharePoint, OneDrive, and Teams
What's new with Security & Compliance for SharePoint, OneDrive, and Teams
Drew Madelung
 
Microsoft Teams in the Modern Workplace
Microsoft Teams in the Modern WorkplaceMicrosoft Teams in the Modern Workplace
Microsoft Teams in the Modern Workplace
Joanne Klein
 
SharePoint Saturday Cambridge: Security & compliance
SharePoint Saturday Cambridge: Security & complianceSharePoint Saturday Cambridge: Security & compliance
SharePoint Saturday Cambridge: Security & compliance
Albert Hoitingh
 
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Christian Buckley
 
Create a Compliance Strategy for Office 365
Create a Compliance Strategy for Office 365Create a Compliance Strategy for Office 365
Create a Compliance Strategy for Office 365
Erica Toelle
 
Protect your data in / with the Cloud
Protect your data in / with the CloudProtect your data in / with the Cloud
Protect your data in / with the Cloud
GWAVA
 
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VMSecuring Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Drew Madelung
 
Share point encryption
Share point encryptionShare point encryption
Share point encryption
csmith2009
 
Data Loss Prevention in O365
Data Loss Prevention in O365Data Loss Prevention in O365
Data Loss Prevention in O365
Don Daubert
 
Deep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss PreventionDeep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss Prevention
Drew Madelung
 

Mais conteúdo relacionado

Mais procurados

Azure Information Protection - Taking a Team Approach
Azure Information Protection - Taking a Team ApproachAzure Information Protection - Taking a Team Approach
Azure Information Protection - Taking a Team Approach
Joanne Klein
 
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore
 
IRMS UG Principles of Retention in Microsoft 365
IRMS UG Principles of Retention in Microsoft 365IRMS UG Principles of Retention in Microsoft 365
IRMS UG Principles of Retention in Microsoft 365
Joanne Klein
 
File Security in Microsoft SharePoint and OneDrive
File Security in Microsoft SharePoint and OneDriveFile Security in Microsoft SharePoint and OneDrive
File Security in Microsoft SharePoint and OneDrive
David J Rosenthal
 
Create a Compliance Strategy for Office 365
Create a Compliance Strategy for Office 365Create a Compliance Strategy for Office 365
Create a Compliance Strategy for Office 365
Erica Toelle
 
Share point encryption
Share point encryptionShare point encryption
Share point encryption
csmith2009
 

Mais procurados (20)

aMS SouthEast Asia 2021 - Microsoft 365 Data Loss Prevention
aMS SouthEast Asia 2021 - Microsoft 365 Data Loss PreventionaMS SouthEast Asia 2021 - Microsoft 365 Data Loss Prevention
aMS SouthEast Asia 2021 - Microsoft 365 Data Loss Prevention
 
Azure Information Protection - Taking a Team Approach
Azure Information Protection - Taking a Team ApproachAzure Information Protection - Taking a Team Approach
Azure Information Protection - Taking a Team Approach
 
Communication Compliance in Microsoft 365
Communication Compliance in Microsoft 365Communication Compliance in Microsoft 365
Communication Compliance in Microsoft 365
 
Protecting your Teams Work across Microsoft 365
Protecting your Teams Work across Microsoft 365Protecting your Teams Work across Microsoft 365
Protecting your Teams Work across Microsoft 365
 
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
 
SPFest Chicago - Information Management and Data Governance in Office 365
SPFest Chicago - Information Management and Data Governance in Office 365SPFest Chicago - Information Management and Data Governance in Office 365
SPFest Chicago - Information Management and Data Governance in Office 365
 
ECS19 - Nicki Borell - Microsoft Cybersecurity Reference Architecture
ECS19 - Nicki Borell - Microsoft Cybersecurity Reference ArchitectureECS19 - Nicki Borell - Microsoft Cybersecurity Reference Architecture
ECS19 - Nicki Borell - Microsoft Cybersecurity Reference Architecture
 
Microsoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkMicrosoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance Framework
 
M365 Virtual Marathon: Retention in Office 365 - the Where What and How
M365 Virtual Marathon: Retention in Office 365 - the Where What and HowM365 Virtual Marathon: Retention in Office 365 - the Where What and How
M365 Virtual Marathon: Retention in Office 365 - the Where What and How
 
IRMS UG Principles of Retention in Microsoft 365
IRMS UG Principles of Retention in Microsoft 365IRMS UG Principles of Retention in Microsoft 365
IRMS UG Principles of Retention in Microsoft 365
 
Information management and data governance in Office 365
Information management and data governance in Office 365Information management and data governance in Office 365
Information management and data governance in Office 365
 
File Security in Microsoft SharePoint and OneDrive
File Security in Microsoft SharePoint and OneDriveFile Security in Microsoft SharePoint and OneDrive
File Security in Microsoft SharePoint and OneDrive
 
What's new with Security & Compliance for SharePoint, OneDrive, and Teams
What's new with Security & Compliance for SharePoint, OneDrive, and TeamsWhat's new with Security & Compliance for SharePoint, OneDrive, and Teams
What's new with Security & Compliance for SharePoint, OneDrive, and Teams
 
Microsoft Teams in the Modern Workplace
Microsoft Teams in the Modern WorkplaceMicrosoft Teams in the Modern Workplace
Microsoft Teams in the Modern Workplace
 
SharePoint Saturday Cambridge: Security & compliance
SharePoint Saturday Cambridge: Security & complianceSharePoint Saturday Cambridge: Security & compliance
SharePoint Saturday Cambridge: Security & compliance
 
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
Security, Administration & Governance for SharePoint On-Prem, Online, & Every...
 
Create a Compliance Strategy for Office 365
Create a Compliance Strategy for Office 365Create a Compliance Strategy for Office 365
Create a Compliance Strategy for Office 365
 
Protect your data in / with the Cloud
Protect your data in / with the CloudProtect your data in / with the Cloud
Protect your data in / with the Cloud
 
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VMSecuring Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
 
Share point encryption
Share point encryptionShare point encryption
Share point encryption
 

Semelhante a Intro to Data Loss Prevention in SharePoint 2016

Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint Webinar
Concept Searching, Inc
 
Data Privacy Compliance Awareness Planning Strategy Assessment Methodology Fr...
Data Privacy Compliance Awareness Planning Strategy Assessment Methodology Fr...Data Privacy Compliance Awareness Planning Strategy Assessment Methodology Fr...
Data Privacy Compliance Awareness Planning Strategy Assessment Methodology Fr...
SlideTeam
 
Governance - O365 How It's Affected & Where Do I Start
Governance - O365 How It's Affected & Where Do I StartGovernance - O365 How It's Affected & Where Do I Start
Governance - O365 How It's Affected & Where Do I Start
Stacy Deere
 
Atlan_Product metering_Subrat.pdf
Atlan_Product metering_Subrat.pdfAtlan_Product metering_Subrat.pdf
Atlan_Product metering_Subrat.pdf
Subrat Kumar Dash
 

Semelhante a Intro to Data Loss Prevention in SharePoint 2016 (20)

Data Loss Prevention in O365
Data Loss Prevention in O365Data Loss Prevention in O365
Data Loss Prevention in O365
 
Deep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss PreventionDeep dive into Microsoft Purview Data Loss Prevention
Deep dive into Microsoft Purview Data Loss Prevention
 
SPSTC18 Laying Down the Law - Governing Your Data in O365
SPSTC18 Laying Down the Law - Governing Your Data in O365SPSTC18 Laying Down the Law - Governing Your Data in O365
SPSTC18 Laying Down the Law - Governing Your Data in O365
 
March 2023 CIAOPS Need to Know Webinar
March 2023 CIAOPS Need to Know WebinarMarch 2023 CIAOPS Need to Know Webinar
March 2023 CIAOPS Need to Know Webinar
 
SC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance SolutionsSC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance Solutions
 
Doculabs Everteam houston breakfast 06.29.17 v0.2
Doculabs Everteam houston breakfast 06.29.17 v0.2Doculabs Everteam houston breakfast 06.29.17 v0.2
Doculabs Everteam houston breakfast 06.29.17 v0.2
 
SPUnite17 SharePoint and Data Loss Prevention
SPUnite17 SharePoint and Data Loss PreventionSPUnite17 SharePoint and Data Loss Prevention
SPUnite17 SharePoint and Data Loss Prevention
 
HSPUG presentation - Advanced Data Governance
HSPUG presentation - Advanced Data GovernanceHSPUG presentation - Advanced Data Governance
HSPUG presentation - Advanced Data Governance
 
SharePoint Governance 101 SPSSA2016
SharePoint Governance 101 SPSSA2016SharePoint Governance 101 SPSSA2016
SharePoint Governance 101 SPSSA2016
 
Data Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint Webinar
 
SharePoint Governance 101 - OKCSUG
SharePoint Governance 101 - OKCSUGSharePoint Governance 101 - OKCSUG
SharePoint Governance 101 - OKCSUG
 
Data Privacy Compliance Awareness Planning Strategy Assessment Methodology Fr...
Data Privacy Compliance Awareness Planning Strategy Assessment Methodology Fr...Data Privacy Compliance Awareness Planning Strategy Assessment Methodology Fr...
Data Privacy Compliance Awareness Planning Strategy Assessment Methodology Fr...
 
Think tank - Data Culture for a Better Business
Think tank - Data Culture for a Better BusinessThink tank - Data Culture for a Better Business
Think tank - Data Culture for a Better Business
 
Iconuk 2016 - IBM Connections adoption Worst practices!
Iconuk 2016 - IBM Connections adoption Worst practices!Iconuk 2016 - IBM Connections adoption Worst practices!
Iconuk 2016 - IBM Connections adoption Worst practices!
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are Coming
 
SharePoint Governance 101 - Austin O365 & SharePoint User Group
SharePoint Governance 101 - Austin O365 & SharePoint User GroupSharePoint Governance 101 - Austin O365 & SharePoint User Group
SharePoint Governance 101 - Austin O365 & SharePoint User Group
 
Governance - O365 How It's Affected & Where Do I Start
Governance - O365 How It's Affected & Where Do I StartGovernance - O365 How It's Affected & Where Do I Start
Governance - O365 How It's Affected & Where Do I Start
 
Atlan_Product metering_Subrat.pdf
Atlan_Product metering_Subrat.pdfAtlan_Product metering_Subrat.pdf
Atlan_Product metering_Subrat.pdf
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are coming
 
Understanding Data Loss Prevention
Understanding Data Loss PreventionUnderstanding Data Loss Prevention
Understanding Data Loss Prevention
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Último (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

Intro to Data Loss Prevention in SharePoint 2016

  • 1. Intro to Data Loss Prevention In SharePoint 2016 By Craig Jahnke Strategic Advisor March 30, 2017
  • 2. Agenda • What is Data Loss Prevention (DLP) ? • Sensitive Data • DLP in SharePoint 2016 • DLP Queries & Policies • Limitations • Reminders • Questions
  • 3. What is Data Loss Prevention (DLP)? • Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. • DLP Software products help a network administrator control what data end users can transfer so that users cannot accidentally or maliciously share data that could put the organization at risk.
  • 4. Types of Data in Regards to DLP • In Use • In Motion • Exchange Online • At Rest • SharePoint On-Premises
  • 5. Data Loss Prevention In SharePoint 2016 • With a data loss prevention (DLP) policy in SharePoint Server 2016, you can identify, monitor, and automatically protect sensitive information across your site collections. • Search for sensitive content in your existing eDiscovery Center enabling real time searching while keeping content in place. • Searches across SharePoint 2016, One Drive for Business and SharePoint Online.
  • 6. Examples of Sensitive Information Data loss prevention (DLP) includes 80 sensitive information types that are ready for you to use in your DLP policies. • Personal Identifiable Information (PII) • Credit Card Numbers • Social Security Numbers • Bank Account Numbers • Passport Numbers • Driver’s License Numbers • https://technet.microsoft.com/en-us/library/jj150541(v=exchg.160).aspx
  • 7. DLP Processing in SharePoint 2016 Content Sources UserCrawler Content Processing Index Policy Definitions Unified Policy Processing Tasks Query
  • 8. DLP Queries & Policies • DLP Queries • See what and where sensitive information exists. • Better understand your risks, • Determine what and where is the content that your DLP policies need to protect • DLP Policies • Conditions that the content must match before the rule is enforced -- for example, look only for content containing Social Security numbers that have been shared with people outside your organization. • Actions that you want the rule to take automatically when content matching the conditions is found -- for example, block access to the document and send both the user and compliance officer an email notification.
  • 9. eDiscovery Center To create and run DLP queries, you must set up an eDiscovery Center site collection.
  • 10. Compliance Policy Center To create DLP Policies, you must set up a Compliance Policy Center site collection.
  • 11. DLP Templates • When you create a DLP query or a DLP policy, you can choose from a list of DLP templates that correspond to common regulatory requirements. • Each DLP template identifies specific types of sensitive information
  • 12. DLP Queries • Before you create your DLP policies, you might want to see what sensitive information already exists across your site collections. To do this, you create and run DLP queries in the eDiscovery Center.
  • 13. DLP Queries • A DLP query works the same as an eDiscovery query. • Based on which DLP template you choose, the DLP query is configured to search for specific types of sensitive information.
  • 14. DLP Policies • A DLP policy helps you identify, monitor, and automatically protect sensitive information that’s subject to common industry regulations. • You choose what types of sensitive information to protect, and what actions to take when content containing such sensitive information is detected. • A DLP policy can notify the compliance officer by sending an incident report, notify the user with a policy tip on the site, and optionally block access to the document for everyone but the site owner, content owner, and whoever last modified the document. • Finally, the policy tip has an option to override the blocking action, so that people can continue to work with documents if they have a business justification or need to report a false positive.
  • 15. Creating DLP Policies • You create and manage DLP policies in the Compliance Policy Center. • Creating a DLP policy is a two- step process: first you create the DLP policy, and then you assign the policy to a site collection.
  • 16. Step 1 – Create DLP Policy • When you create a DLP policy, you choose a DLP template that looks for the types of sensitive information that you need to identify, monitor, and automatically protect. • When a DLP policy finds content that includes the minimum number of instances of a specific type of sensitive information, it can automatically protect the sensitive information by taking the following actions: • Send an Incident Report • Notify the user with a policy tip • Block access to the content
  • 17. Step 2 - Assign the DLP Policy • After you create a DLP policy, you need to assign it to one or more site collections, where it can begin to help protect sensitive information in those locations. • A single policy can be assigned to many site collections, but each assignment needs to be created one at a time.
  • 18. Policy Tips • You want people in your organization who work with sensitive information to stay compliant with your DLP policies, but you don’t want to block them unnecessarily from getting their work done. • A policy tip is a notification or warning that appears when someone is working with content that conflicts with a DLP policy • You can use policy tips to increase awareness and help educate people about your organization’s policies. • Policy tips also give people the option to override the policy, so that they’re not blocked if they have a valid business need or if the policy is detecting a false positive.
  • 19. Viewing or overriding a policy tip • To take action on a document, such as overriding the DLP policy or reporting a false positive, you can select the Open ... menu for the item > View policy tip. • The policy tip lists the issues with the content, and you can choose Resolve, and then Override the policy tip or Report a false positive.
  • 20. How DLP Policies Work • DLP detects sensitive information by using deep content analysis. • This deep content analysis uses keyword matches, the evaluation of regular expressions, internal functions, and other methods to detect content that matches your DLP policies. • Potentially only a small percentage of your data is considered sensitive. A DLP policy can identify, monitor, and automatically protect just that data.. • After you create a DLP policy in the Compliance Policy Center, it’s stored as a policy definition in that site. • Assign the policy to different site collections, it starts to evaluate content and enforce actions like sending incident reports, showing policy tips, and blocking access.
  • 21. Policy Evaluation in Sites • Across all of your site collections, documents are constantly changing. • They are continually being created, edited, shared, and so on. • This means documents can conflict or become compliant with a DLP policy at any time. • DLP policies check documents for policy matches frequently in the background. • You can think of this as asynchronous policy evaluation.
  • 22. View DLP Events in the Usage Logs • You can view DLP policy activity in the usage logs on the server running SharePoint Server 2016. • Example - view the text entered by users when they override a policy tip or report a false positive. • Turn on the option in Central Administration (Monitoring > Configure usage and health data collection > Simple Log Event Usage Data_SPUnifiedAuditEntry). • For more information about usage logging, see Configure usage and health data collection.
  • 23. Limitation • Cannot Create Custom Rules • 1 Policy Center Per Web Applications • No “Clean” PowerShell CMDLETS for Automation • One-to-one Site Collections & Policy Mappings • Hybrid Does not Work That Well… • Systems actions – Blocking, flagging, etc. works by timer jobs • Office 365 cannot access On-Premises timer jobs • Cannot Edit Emails That Are Sent To End User
  • 24. DLP Reminders • Start the search service and define a crawl schedule for your content. • Turn on out-going email. • To view user overrides and other DLP events, turn on the usage report. • For DLP queries, create the eDiscovery Center site collection. • For DLP policies, create the Compliance Policy Center site collection. • Create a security group for your compliance team, and add security group to the Owners group in the eDiscovery Center or Compliance Policy Center. • To run DLP queries, view permissions are required for all content that the query will search – for more information
  • 27. Wait there is more… • Data Theft • Bad actors • SharePoint 2016 – monitors but can’t stop • Office 365 can stop
  • 28. Data Theft • Data theft is a term used to describe when information is illegally copied or taken from a business or other individual. Commonly, this information is user information such as passwords, social security numbers, credit card information, other personal information, or other confidential corporate information.
  • 29. Bad Actors • Snowden • Gov Contractors • Wikileaks

Notas do Editor

  1. Typically Search works like this Backend You have searchable content It is crawled – goes in the content and capture all the information Content processing will analyze and apply exclusion and pass to index Front End A user makes a query The query searches the index for the information and responds back to the user DLP creates uses the Policy Definition Looks for information in the index. You need to have the information in the index before you can apply policies to it *** If you don’t search a site collection you can’’ apply policies to it. If you are doing daily crawls, you could have a gap of 24 hours before it is indexed.
  2. When you create a DLP query or a DLP policy, you can choose from a list of DLP templates that correspond to common regulatory requirements. Each DLP template identifies specific types of sensitive information – for example, the template named U.S. Personally Identifiable Information (PII) Data identifies content that contains U.S. and U.K. passport numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), or U.S. Social Security Numbers (SSN).
  3. A DLP query works the same as an eDiscovery query. Based on which DLP template you choose, the DLP query is configured to search for specific types of sensitive information. First choose the locations you want to search, and then you can fine tune the query because it supports Keyword Query Language (KQL). In addition, you can narrow down the query by selecting a date range, specific authors, SharePoint property values, or locations. And just like an eDiscovery query, you can preview, export, and download the query results.
  4. A DLP query works the same as an eDiscovery query. Based on which DLP template you choose, the DLP query is configured to search for specific types of sensitive information. First choose the locations you want to search, and then you can fine tune the query because it supports Keyword Query Language (KQL). In addition, you can narrow down the query by selecting a date range, specific authors, SharePoint property values, or locations. And just like an eDiscovery query, you can preview, export, and download the query results.
  5. A DLP policy helps you identify, monitor, and automatically protect sensitive information that’s subject to common industry regulations. You choose what types of sensitive information to protect, and what actions to take when content containing such sensitive information is detected. A DLP policy can notify the compliance officer by sending an incident report, notify the user with a policy tip on the site, and optionally block access to the document for everyone but the site owner, content owner, and whoever last modified the document. Finally, the policy tip has an option to override the blocking action, so that people can continue to work with documents if they have a business justification or need to report a false positive.
  6. When a DLP policy finds content that includes the minimum number of instances of a specific type of sensitive information that you choose – for example, five credit card numbers, or a single social security number – then the DLP policy can automatically protect the sensitive information by taking the following actions: Sending an incident report to the people you choose (such as your compliance officer) with details of the event. This report includes details about the detected content such as the title, document owner, and what sensitive information was detected. To send incident reports, you need to configure outgoing e-mail settings in Central Administration. Notifying the user with a policy tip when documents that contain sensitive information are saved or edited. The policy tip explains why that document conflicts with a DLP policy, so that people can take remedial action, such as removing the sensitive information from the document. When the document is in compliance, the policy tip disappears. Blocking access to the content for everyone except the site owner, document owner, and person who last modified the document. These people can remove the sensitive information from the document or take other remedial action. When the document is in compliance, the original permissions will be automatically restored. It’s important to understand that the policy tip gives people the option to override the blocking action. Policy tips can thus help educate users about your DLP policies and enforce them without preventing people from doing their work.
  7. You want people in your organization who work with sensitive information to stay compliant with your DLP policies, but you don’t want to block them unnecessarily from getting their work done. This is where policy tips can help. A policy tip is a notification or warning that appears when someone is working with content that conflicts with a DLP policy — for example, content like an Excel workbook that contains personally identifiable information (PII) and that’s saved to a site. You can use policy tips to increase awareness and help educate people about your organization’s policies. Policy tips also give people the option to override the policy, so that they’re not blocked if they have a valid business need or if the policy is detecting a false positive.
  8. Details about how policy tips work Note that it’s possible for content to match more than one DLP policy, but only the policy tip from the most restrictive, highest-priority policy will be shown. For example, a policy tip from a DLP policy that blocks access to content will be shown over a policy tip from a rule that simply notifies the user. This prevents people from seeing a cascade of policy tips. Also, if the policy tips in the most restrictive policy allow people to override the policy, then overriding this policy also overrides any other policies that the content matched. DLP policies are synced to sites and contented is evaluated against them periodically and asynchronously (see the next section), so there may be a short delay between the time you create the DLP policy and the time you begin to see policy tips.
  9. DLP detects sensitive information by using deep content analysis (not just a simple text scan).
  10. Across all of your site collections, documents are constantly changing — they’re continually being created, edited, shared, and so on. This means documents can conflict or become compliant with a DLP policy at any time. For example, a person can upload a document that contains no sensitive information to their team site, but later, a different person can edit the same document and add sensitive information to it. For this reason, DLP policies check documents for policy matches frequently in the background. You can think of this as asynchronous policy evaluation. Here’s how it works. As people add or change documents in their sites, the search engine scans the content, so that you can search for it later. While this is happening, the content’s also scanned for sensitive information. Any sensitive information that’s found is stored securely in the search index, so that only the compliance team can access it, but not typical users. Each DLP policy that you’ve turned on runs in the background (asynchronously), checking search frequently for any content that matches a policy, and applying actions to protect it from inadvertent leaks. Finally, documents can conflict with a DLP policy, but they can also become compliant with a DLP policy. For example, if a person adds credit card numbers to a document, it might cause a DLP policy to block access to the document automatically. But if the person later removes the sensitive information, the action (in this case, blocking) is automatically undone the next time the document is evaluated against the policy. DLP evaluates any content that can be indexed. For more information on what file types are crawled by default, see Default crawled file name extensions and parsed file types.
  11. You can view DLP policy activity in the usage logs on the server running SharePoint Server 2016. For example, you can view the text entered by users when they override a policy tip or report a false positive. First you need to turn on the option in Central Administration (Monitoring > Configure usage and health data collection > Simple Log Event Usage Data_SPUnifiedAuditEntry). For more information about usage logging, see Configure usage and health data collection.
  12. Working on this… Not for this presentation…