Microsoft is expanding its Data Loss Prevention (DLP) tools. DLP is a way of tagging content to mark it as sensitive data and subject to policy, such as a rule that states “data must be encrypted” or “may not be shared outside the organisation”.
DLP is already available for email in Exchange, Outlook and Office 365, and is now being added to SharePoint Online and OneDrive for Business. DLP is also being added to Excel, Word and PowerPoint from early 2015.
Admins will be able to set policy in an Office 365 Compliance Center and have this automatically applied through all these products.
DLP supports manual tagging but goes beyond it.
“We’re providing deep content analysis through our classification engine,” explains Principal Program Manager in Information Protection Jack Kabat in a video. The engine will use RegEx patterns and more to find data such as credit card number or social security identifiers, and automatically tag documents accordingly.
If the system detects a violation it will generate a report, with items such as “Rule Matched: PCI DSS: content shared externally”, "Rule Actions: Notify User”.
The add-ins for Office applications will inform users at the time of content creation if they are creating data that is detected as sensitive, and provide users with “policy tips.”
“With these new DLP capabilities, you can have complete control to protect sensitive information anywhere in your organization,” says a post penned by Kabat along with product manager Shobhit Sahay.
DLP will be attractive to organizations worried about spilling secrets or breaching regulatory compliance and being slapped with fines, but is it effective? Automatic content recognition is imperfect, as those who remember Office 97 and Clippy’s incessant interjection, “it looks like you’re writing a letter” will know.
Another snag is that if users are determined to share data, they probably will, if only by crude techniques like photographing the screen, or turning to alternative applications (a new opportunity for OpenOffice?) which are less intrusive.
The justification for approaches like this is that it helps users to do the right thing by giving then a nudge at the right moment.
You can “refine your DLP activity so you don’t affect the productivity of your end users,” promises Microsoft - but we foresee new opportunities for annoyance. ®