The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

What is Office 365 Data Loss Prevention? A Definition of Office 365 DLP, Benefits, and More

by Chris Brook on Monday April 22, 2019

Contact Us
Free Demo
Chat

Learn about Office 365 Data Loss Prevention (DLP) in Data Protection 101, our series on the fundamentals of information security.

What is Data Loss Prevention?

Every business has their own confidential and sensitive data that they need to keep secure, since the release of this information could do serious damage. What can companies do to prevent this?

With data loss prevention tools, an end user cannot send sensitive information to an email address outside of the company domain or to a public cloud storage service, such as Dropbox or Google Drive. Any malicious or accidental attempt to send sensitive information out of the network will be blocked and logged.

Data loss prevention uses rules and policies to determine which files and data are considered confidential, critical, or sensitive and then protects those files from being shared or transmitted. The goal of applying these rules, policies, and protective measures to Office 365 is to prevent data loss from the Office 365 environment.

The threat of a rogue employee or negligent insider mishandling sensitive information is not the only factor driving companies to adopt data loss prevention. Stricter state and global regulations that call for rigorous data and access protection are forcing companies to consider adding DLP to their existing security programs.

What Are the Benefits of Data Loss Prevention?

Data breaches are happening at an increasing rate. Data from Bitdefender showed that more than 34% of companies in the U.S. suffered from a data breach within the past year, and 74% of those companies were unaware that the breach occurred. Nearly half of data breaches (48%) result from malicious or criminal attacks, while 27% are a result of human error and 25% arise from system glitches.

Utilizing a data loss prevention solution helps to prevent the unauthorized sharing of company information by malicious insiders and outsiders. DLP solutions also help in meeting compliance regulations. When companies begin to use cloud services like Office 365, it is important to have a strong DLP solution in place.

How Does Office 365 Data Loss Prevention Work?

Early in 2017, Microsoft created the Security and Compliance Center for Office 365, which enabled users to manage several features including data loss prevention.

The Office 365 data loss prevention feature works similarly to other DLP tools in that it follows a set of specific rules. Policies that are defined within Office 365 will govern data and send notifications when someone violates a rule.

The DLP feature in Office 365 will automatically classify data and use the set policies to stop an email from being sent and block unauthorized access to classified content.

whitepaper

The Definitive Guide to Data Loss Prevention

How to Set Up Office 365 Data Loss Prevention

Setting up data loss prevention in Office 365 is relatively simple, thanks to the application’s built-in features and functionality.

1. Create and store data loss prevention policies. Come up with a policy that identifies sensitive data while allowing users to work with it. Specify different actions that might occur depending on how the data is being handled. To set up a data loss prevention policy, log into Office 365, choose Admin centers and click on Security & Compliance.


Screenshot via SherWeb Blog

In the Security & Compliance menu, choose Data loss prevention and then click on Policy. Upon clicking the “Create a policy” button, you will be presented with several wizards on how to go through the process of creating different policies, including specific policies for financial, medical, privacy, and customized situations. For instance, you can easily set up policies for financial data through one of the wizards. Choose the specific standard or country that is relevant to your business.


Screenshot via SherWeb Blog

2. Once you have created the policy, click Next and then specify where you want that policy to be enforced. You can choose to apply them in Exchange, SharePoint sites, and/or OneDrive accounts. You can even indicate specific OneDrive accounts and SharePoint sites.


Screenshot via SherWeb Blog

3. You can customize your own set of rules as well. There are two settings options for each policy in Office 365. “Simple settings” allows you to apply default rules that already exist in Office 365. If you are looking to fine tune what actions and conditions the policy should have, the “Advanced settings” option will open the rule editor.


Screenshot via SherWeb Blog

4. After that, you can tweak the policy tips that are shown to users, as well as the number of times a particular piece of sensitive information can be shared before being alerted. In “Advanced Settings,” you can tweak the policy tips that are shown to users and adjust the number of times a particular piece of sensitive information can be shared before triggering an alert. You may also restrict or block people from being able to share access to sensitive content.


Screenshot via SherWeb Blog

5. A newly created policy can be deployed right away, or kept turned off. You also have the option to test out the policy before you turn it on.


Screenshot via SherWeb Blog

Office 365's DLP is a good first step for organizations looking to implement stronger data security, but it has its limitations compared to enterprise class DLP. Some licenses include basic DLP detection capabilities but lack customizable policies, device type access, and document fingerprinting. Other licenses can monitor and secure data, but they lack blocking and encryption capabilities.

For organizations accustomed to enterprise DLP features, the reporting and capabilities built into the Office 365 DLP may not be strong enough. Companies in this situation should invest in an enterprise DLP solution that can cover Office 365, SharePoint, and OneDrive for a secure Office 365 environment.

Best Practices for Implementing Office 365 DLP

There are a number of positive reasons to use Office 365’s Data Loss Prevention capabilities. However, your organization may want to accomplish other goals before, or very soon after, you implement any prevention measures.

Here are a few best practices to consider:

  • Understand Existing Policies: It is likely that you have existing security policies, written or not. If you require password changes, limit permissions, or have other security measures in place, you should be detailed and documented.
  • Inventory Data Being Stored: The type, format, and location of your data is important for DLP. These should also be documented and limited in quantity to the bare minimum necessary for conducting business.
  • Understand and Limit Access: This is another step to document all associates, employees and those outside of your organization (e.g. contractors) who have access to sensitive data. Be sure to limit access for those who do not need certain data to perform their job function.
  • Remain Consistent: Perhaps the hardest step is to remain vigilant about data security and preventing loss. Consistency has to stem from leadership and spread throughout an entire organization to thwart off threats, potential mishaps, and breaches.
  • Employing best practices for Office 365 DLP and remaining vigilant about the possibility of insider threats will help your organization develop a strong security posture.

    Tags: Data Protection 101

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.