Skip to main content
search
Articles

[Office 365] First Step for Data Leak Prevention

By March 6, 2018#!28Thu, 28 Feb 2019 10:42:42 -0300p4228#28Thu, 28 Feb 2019 10:42:42 -0300p-10America/Sao_Paulo2828America/Sao_Paulox28 28am28am-28Thu, 28 Feb 2019 10:42:42 -0300p10America/Sao_Paulo2828America/Sao_Paulox282019Thu, 28 Feb 2019 10:42:42 -03004210422amThursday=904#!28Thu, 28 Feb 2019 10:42:42 -0300pAmerica/Sao_Paulo2#February 28th, 2019#!28Thu, 28 Feb 2019 10:42:42 -0300p4228#/28Thu, 28 Feb 2019 10:42:42 -0300p-10America/Sao_Paulo2828America/Sao_Paulox28#!28Thu, 28 Feb 2019 10:42:42 -0300pAmerica/Sao_Paulo2#No Comments

By Raphael Rosa *

Recently worldwide media reports with unrivaled speed every incident of data leakage. Such incidents entail direct and indirect costs, which reach millions of dollars, as well as damage to the brand / image and, consequently, reputation.

Besides data leakage On a large scale, with the increasing use of social networks, there are more and more cases of sensitive information being exposed through involuntary acts of people who have contact with sensitive content.

goal

Microsoft makes available on its Office365 the functionality of DLP (Data Loss Prevention) through Office 365 Security & Compliance Center, available in Office 365 Enterprise E3 and E5 versions. Such functionality assists security teams in the operationalization of their Information Security Policies, by monitoring personal data of employees or customers, as well as financial information, to enable:

  • Compliance with Information Security Policy;
  • Definition of the locations (applications) and media to be monitored, as well as the types of data to be analyzed.

Benefits 

  • Identify sensitive information in various applications, for example: OneDrive for Business, SharePoint Online, and Exchange Online;
  • Prevent accidental sharing of sensitive information;
  • Assist users in maintaining compliance without disrupting their workflow;
  • Create reports on actions taken and events identified.

Implementation 

The implementation of DLP policies in Office 365 must be done in 2 steps: Content Definition and Action Definition. 

  • Content Definition

The definition of content is nothing more than the definition and configuration of “label” than the policy of Office365 DLP use in identifying classified information. Additionally, it is possible to define the owners of the information.

By default a number of labels are available, for example, ID, CPF and their equivalents in other countries. Additionally, the organization can create its own labels based on internal data formats or data masks that are of interest.

DLP functionality uses a number of combination factors to identify information:

  • Key words;
  • Analysis through regular expressions;
  • Built-in validation functions hashes and composition;
  • Analysis of other contents.

Additionally, you can select which applications and users or groups DLP policies to apply to.

  • Definition of Actions

The configuration of actions will operationalize the events to be generated when identifying content, as defined in the previous stage. For example, block the sending of certain information (document or email only) and send an email to the organization's compliance officer and the user. Among the possible action settings available:

  • Restrict Access: The document in question becomes inaccessible or has its submission blocked;
  • Warnings: Before allowing the access or sending of documents or data the platform warns the user in real time, presenting which rules and policies are in effect, as well as advising on the methods for the regularization of access;
  • Notification Issue: You can select who will receive the notifications generated for each incident, and you can choose to send a notification to the user, their manager, the information owner, and the compliance officer.

Finally, incident reporting can be customized by assigning a risk level to incidents.

Conclusion 

Accidents, carelessness, malicious actions, etc. They are constant threats to organizations. A structured action plan, backed by efficient solutions, minimizes the likelihood of incidents of data leakage.

It is noteworthy that the implementation of this functionality should be part of the information security program aimed at data loss prevention, since its capillarity is restricted to the applications available in Office365.

However, its implementation allows organizations greater visibility and control of their information, as well as assisting in the operationalization of their information security policy, being a first step for the organization's compliance.

*Raphael Rosa is an Information Security Consultant at [SAFEWAY]

 

Would you like to schedule a conversation about an Information Security Program aimed at Data Leak Prevention?

Schedule a conversation with our team. Choose here the best date here 

About [SAFEWAY]

THE [SAFEWAY] is a widely recognized company as a provider of premium information security and cybersecurity solutions. From its extensive portfolio, we highlight several solutions, including those based on platforms:

● Archer da RSA Security, considered by the institutes Gartner and Forrester and by the market itself, the most complete process integration solution for Governance, Risk Management, Compliance and Business Continuity Management;

● [SAFEWAY] Security Tower, supported by IBM Qradar (Watson Technology), IBM Resilient, and other solutions tailored to each organization for their security and cyber defense management needs.

● And others, involving technologies ImpervaThalesTripwire and WatchGuard Technologies.

We await your contact: [email protected]

Leave a Reply

Close Menu