Securing Social Business in Office 365

Microsoft continues to weave the web around Office 365 tighter and tighter.

Over the past few months it has added more and more functionality to Office 365 and expanded its reach across and even beyond the enterprise. It is now adding additional security to keep enterprise data safe.

Microsoft introduced new compliance features last week. This week it is extending Data Loss Prevention functionality across the entire Office 365 product.

Office 365 and DLP

DLP policies are simple packages that contain sets of conditions, which are made up of transport rules, actions and exceptions that you create in the Exchange Administration Center (EAC) and then activate to filter email messages and attachments.

Originally introduced in Exchange and Outlook, they were developed to enable enterprise message systems to protect sensitive data that was being sent by email and which need to be protected for compliance or security reasons.

If you think email is secure, think again. Remember the row that erupted after it emerged that the US National Security Agency was systematically prying on people’s emails? Also keep in mind that Google scans email to create personalized advertisements.

Whatever way you look at it, no one really wants anyone that shouldn’t be peeking to be peeking at their email.

Now place that in the context of Office 365 and the amount of data that is contained in all the different business apps that come with it.

While there are already security protocols protecting Office 365 data, there is little that can protect users from themselves and their often cavalier attitude to the data they shoot from one person to another through collaboration tools.

Shobhit Sahay, a technical product manager, and Jack Kabat, a principal program manager on the Office 365 team, explained in a blog post:

People collaborate and share sensitive information in many ways beyond email. For example, they might have sensitive content in Word documents or Excel spreadsheets created in client applications and then share those documents with others in SharePoint or OneDrive for Business. As we enhance the collaboration capabilities within Office 365, we also want to make it easier for you to control your data and act on it in real time."

Safety the Priority

The bottom line is protecting data, no matter what you are doing with it in real time. Microsoft sees DLP as its way of ensuring that data, no matter where it resides is safe — and safe to collaborate with, too. It also includes policy actions to restrict and block access to different types of content, according to the different permissions that have been applied.

These capabilities will be rolled out over the coming months to eligible tenants worldwide, with additional policy controls and actions like Information Rights Management, coming in the first quarter of 2015. There are three principal areas where DLP will be applied:

1. DLP for Windows classified content

Starting from the first quarter of 2015, Microsoft is enabling the detection of Windows file classification infrastructure (FCI) content classifications for Office documents in Exchange Online, SharePoint Online and OneDrive for Business.

2014-10-27 office 365 DLP policy creation.png

Office 365 DLP policy creation

File Classification Infrastructure (FCI) allows the management and tagging of files on the file system with custom metadata. Tagging files on the file system and making the tags available for browsing and for search provides an alternative to full scale content management systems like SharePoint.

The new capacities being offered next year will include content classifications and automatic to manual content, enabling users to apply appropriate actions to prevent disclosure.

2. DLP in Office applications

Starting next year, Microsoft will enable DLP natively in Office 365 applications, which will allow sharing rights to be established at the time the content is created. It will also provide users with tips on policy creation similar to the tips they already receive in Outlook and Outlook Web Application when they try to share sensitive content. Excel will be the first application to benefit from this, but it will be extended to Word and PowerPoint later in 2015.

3. LP in SharePoint Online and OneDrive for Business

Over the past few months DLP has been introduced to SharePoint Online and OneDrive for Business, enabling users search for sensitive information through eDiscovery. Microsoft has now also released active policy evaluation and enforcement on your sensitive data, including policy actions to restrict and block access as well as user education and email notifications. It will add additional policy controls and actions like Information Rights Management in the first quarter of2015.

2014-10-27 office 365 DLP document creation.jpg

Office 365 DLP policy creation for documents

The new capabilities give users complete conform over sensitive information anywhere in the organization, be that information in emails, or a document library, or in the actual Office file itself. They also tie in nicely with Delve and Graph, which were introduced recently and enabled data eDiscovery across Office 365 for better content management.

It’s a small but significant step for Office 365 users given the amount of information that enterprises are currently placing in their Office 365 suites.