Organisations that deal with sensitive data, for example PPS, Social Sec Numbers or Credit Card numbers, have strict regulations and standards with which they must comply to. The Data Protection Act (now replaced with GDPR) regulates how personal data can be handled are examples of such regulations. There are as well Industry standards such as PCI DSS which dictates how credit card information should be managed.
Complying with data protection regulations and standards can be a difficult prospect for an organisation. Often it isn’t even technology which is the major binding issue so much as the human factor. An employee may accidentally send an email containing sensitive information to an unauthorised user. Or confidential documents could be accidentally stored on a SharePoint site or OneDrive share where they may be accessed by members of staff who don’t have appropriate authorisation to view them.
Examples such as these, though simple mistakes, could place an organisation in direct violation of standards and regulations which carries the potential of serious punishment and damage.
Microsoft recognised these challenges and it was one of the reasons for why Secure Islands was acquired, an Israeli based company focused on security technology. Thanks to the newly acquired technology Microsoft now offers enhanced data protection features which improves how organisations can protect sensitive information. One of the features which I find very useful is the Data Loss Prevention features (DLP) that since can be configured in Office 365.
DLP in Office 365 is designed to allow organisations explicit control over the kinds of information which can be stored or sent. This is achieved through policy tips which display to alert the user that the document contains sensitive information or the email recipient does not have authorisation to access the contents of that email.
DLP easily includes a wide range of common definitions of sensitive information types across a variety of regions. For example; credit card numbers, bank account numbers, national ID information, passport numbers and so on.
Users are not necessarily restricted from performing their work given a business justification can be provided (That is if a recipient is justified to receive the information), this justification can later be tracked and reviewed by the Organisation.
This is great news for companies who are looking to enhance their data protection efforts in order to comply with various types of regulations and standards. Do not miss our introduction to Office 365 – DLP to learn more on how the technology prevents data loss from an end-user perspective.
Please don’t forget to ‘Like’ if you enjoyed the video and subscribe to our Youtube channel to make sure you never miss an update.